Am I missing something? Why is everyone talking about sandboxes when it comes to OpenClaw?

To me it's like giving your dog a stack of important documents, then being worried he might eat them, so you put the dog in a crate, together with the documents.

I thought the whole problem with that idea was that in order for the agent to be useful, you have to connect it to your calendar, your e-mail provider and other services so it can do stuff on your behalf, but also creating chaos and destruction.

And now, what, having inference done by Nvidia directly makes it better? Does their hardware prevent an AI from deleting all my emails?

The fully autonomous agentic ecosystem makes me feel a little crazy — like all common sense has escaped. It feels like there is a lot of engineering effort being exhausted to harden the engine room on the Titanic against flooding. It's going to look really secure... buried in debris at the bottom of the ocean.

When a state sponsored threat actor discovers a zero day prompt injection attack, it will not matter how isolated your *Claw is, because like any other assistant, they are only useful when they have access to your life. The access is the glaring threat surface that cannot be remediated — not the software or the server it's running on.

This is the computing equivalent of practicing free love in the late 80's without a condom. It looks really fun from a distance and it's probably really fun in the moment, but y'all are out of your minds.

I found this part interesting: "Inference requests from the agent never leave the sandbox directly. OpenShell intercepts every call and routes it to the NVIDIA cloud provider."

Seems like they are doing this to become the default compute provider for the easiest way to set up OpenClaw. If it works out, it could drive a decent amount of consumer inference revenue their way

If you look at the commit history, they started work on this the Saturday before announcement, so about 2 days. There are references to design docs so it was in the works for some amount of time, but the implementation was from scratch (unless they falsified the timestamps for some reason).

I'm still extremely skeptical on Claws as a genre, and especially more skeptical of a claw that's always reporting home. What's the use case for a closed claw?

I think nanoclaw is architecturaly much better suited to solve this problem.

Gotta say, that I feel kind of sad for the people that feel the need for these claw things.

Are they so busy with their lives that they need an assistant, or do they waste their lives speaking to it like it is a human, and then doomscrolling on some addictive site instead of attending to their lives in the real world?

It’s impressive someone early in their career shipped this. There seems to be a stark increase in high-quality AI/data projects from early-career engineers lately and I'm super curious what’s driving that (and honestly speaking: a little jealous).

I think the whole thing is batshit, honestly.

Much as I love using Claude or whatever to help me write some code, it's under some level of oversight, with me as human checking stuff hasn't been changed in some weirdly strange way. As we all know by now, this can be 1. Just weird because the AI slept funny and suddenly decided to do Thing It Has Been Doing Consistently A Totally Different Way Today or 2. Weird because it's plain wrong and a terrible implementation of whatever it was you asked for

It seems blindingly, blindingly obvious to me that EVEN IF I had the MOST TRUSTED secretary that had been with me for 10 years, I'd STILL want to have some input into the content they were interacting with and pushing out into the world with my name on.

The entire "claw" thing seems to be some bizarre "finger in ears, pretend it's all fine" thing where people just haven't thought in the slightest about what is actually going on here. It's incredibly obvious to me that giving unfettered access to your email or calendar or mobile or whatever is a security disaster, no matter what "security context" you pretend it's wrapped up in. A proxy email account is still sending email on your behalf, a proxy calendar is still organising things on your calendar. The irony is that for this thing to be useful, it's got to be ...useful - which means it has at some level to have pretty full access to your stuff.

And... that's a hard no from me, at least right now given what we all know about the state of current agents.

Plus... I'm just not sure of the upside. Am I seriously that busy that I need something to "organise my day" for me? Not really.

I kind of hope nemoclaw uptake and spark usage pushes ARM into the spotlight for LLM development, making it the primary release target rather than x86.

This could be the opening we need to wrangle a truly opensource-first ecosystem away from Microsoft and apple.

Related...

https://news.ycombinator.com/item?id=47430510

It’s amusing that ‘claw’ is sticking around as a term for these kind of things, when it was originally a pretty transparent attempt to avoid infringing on ‘Claude’…

We are in the wild wild west.

I’m looking for feedback, testing and possible security engineering contracts for the approach we are taking at Housecat.com.

The agent accesses everything through a centralized connections proxy. No direct API tokens or access.

This means we can apply additional policies and approval workflows and audit all access.

https://housecat.com/docs/v2/features/connection-hub

Some obvious ones are only grant read and draft permissions at all, and review and send drafts manually.

Some more clever ones are to only allow sending 5 messages a day, or enforcing soft delete patterns. This prevents accidentally spamming everyone or deleting things.

Next up is giving the agent “wrapped” and down scoped tokens you do want to equip it with the ability to do direct API calls. But these still go through the proxy that enforces the policies too.

counterpoint: this assumes everyone has the same constraints. not always true

what about just using an unprivileged container and mounting a host folder to run open claw?

[dead]

[dead]

Check out https://zo.computer - we've been doing OpenClaw for nearly a year, it works out of the box, and has hosting built-in. Zo arguably was the inspiration for Peter to create OpenClaw.

I refuse to install Israeli spyware, even if it comes from NVIDIA.

Jensen saying board rooms all across America are having discussions regarding what their OpenClaw strategy is complete b.s. and comparing it to more important than Linux. What tf is he smoking.

It is a complete security nightmare no matter which way you look at it, especially with side chain attacks like Glassworm in the mix.

Why is this OpenClaw stuff being pushed so hard when it is essentially nothing more than an agentic loop around an LLM call plus a bunch of common tools. Something that Claude Code, or pick your favorite coding agent can knock together for you in an afternoon.

The only purpose to this is garbage to sell tokens to prop up the hype bubble and install a Trojan horse that can collect all your personal data. Everything else is a smokescreen.

Just say no.