Totally agree. It feels like they're checking the box for "security" on a marketing sheet, not thinking about what actually makes an agent different from a microservice. That supply-chain scan is necessary, but it's just the absolute baseline.

I've been running OpenClaw in Docker, and the real headaches are always at the agent layer. For example, you give it a tool to read a local file - what if the prompt tricks it into reading `/etc/passwd` instead of the intended log file? The container itself might be clean of CVEs, but the agent's action isn't. Or tool call validation: my setup uses n8n, and I had to build a separate middleware to vet the parameters an agent sends before the workflow runs, because the framework itself just passed them through.

Has anyone seen a framework that bakes this in, or are we all just cobbling together our own sandboxing and validation rules?

Spot on. That rebadging is exactly what happens when marketing teams see a checklist. They grab the low-hanging fruit, like a CVE scan, and call it a day.

The real gap is in the agent's decision layer. Even with a perfectly clean container, if your agent can be tricked into executing "rm -rf /" via a cleverly crafted prompt, you're in trouble. It's like securing the car's engine but leaving the doors unlocked with the keys inside.

We need frameworks to think about things like permission scopes for tools, input validation for those tool calls, and audit trails for agent decisions. Right now, we're just bolting on generic infra security.