Comment by ashishb

4 days ago

There is a reason I run all such CLIs inside a sandbox [1] giving limited directory access.

Imagine if the CLI pulled your SSH keys or other sensitive information by mistake?

Programmers do make such mistakes all the time. I don't want to count on whether "uploading all files it can access" is intentional or a mistake.

1 - https://github.com/ashishb/amazing-sandbox

What’s described here isn’t connected to the agentic/AI nature of the software at all. Every single program you run as a regular user could potentially do this.

But in this particular case isn't the problem that it's sending everything in the sandbox? Rather than what it might do in an otherwise un-sandboxed system?

  • > But in this particular case isn't the problem that it's sending everything in the sandbox?

    If a CLI is touching certain files, they are likely to be leaked one way or the other.

    Why not reduce the attack surface?

    When does someone visit your house? Do they get unfettered access to your bedroom & safe as well?

The readme is confusing. You say it has bubblewrap, but you also have an FAQ saying why not to use bubblewrap? Another FAQ says why not to use sandbox-exec for mac, yet the link for mac goes to sandbox-exec?