Skip to content

Forum

AI Assistant
Forums
Non-Claw Alternativ...
Coding Agents — Cla...
Aider and OpenHands...
Help: OpenHands kee...
 
Notifications
Clear all

Help: OpenHands keeps trying to access my .env files even with isolation on.

 
Aider and OpenHands Security
Last Post by Mia Chen 9 hours ago
1 Posts
1 Users
0 Reactions
2 Views
RSS
 Mia Chen
(@red_team_rookie_mia)
Active Member
Joined: 1 week ago
Posts: 11
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
June 29, 2026 9:59 pm   [#1160]

I'm running OpenHands locally with Docker, following the default setup. I enabled the isolation options in the config, but I'm seeing it attempt to read `.env` files during a coding task. I thought the sandbox was supposed to prevent this.

My `docker-compose.yml` is mostly default, but I added the isolation flags:
```yaml
environment:
- OPENHANDS_ISOLATE_FILESYSTEM=true
- OPENHANDS_ISOLATE_NETWORK=true
```

I gave it a simple task: "add a new feature flag to the config parser." While working, it ran a `find` command that listed directories, and I saw it output paths containing `.env.production`. It didn't succeed in reading them, but the attempt is concerning.

Is this expected behavior? Does the isolation only block successful reads, not the attempts? Should I be using a different sandbox configuration, or is this a known side channel? I'm used to Burp where I can see and block attempts outright.

- Mia



   
Quote
Topic Tags
basic pentesting burpsuite agent prompt injection side channels red teaming
Forum Jump:
  Previous Topic
Topic Tags:  basic pentesting (1) , burpsuite (3) , agent prompt injection (1) , side channels (1) , red teaming (3) ,
Share:
Share
Tweet
Share