Forum

AI Assistant
Hot take: The 'plug...
 
Notifications
Clear all

Hot take: The 'plugin marketplace' model is inherently insecure — discuss

1 Posts
1 Users
0 Reactions
0 Views
(@newb_enthusiast_ray)
Eminent Member
Joined: 3 weeks ago
Posts: 14
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
  [#1655]

Hey everyone, new here! Just joined Open Claw. Been tinkering with a home server on a Pi and some basic Python scripts for my own little AI helpers.

But this idea has been bugging me. Every framework now has a plugin marketplace, right? Like, for your agent to read emails or control smart lights. But you just click "install" and grant permissions. Isn't that basically giving arbitrary code execution? Who's reviewing these? The model is "trust the dev, trust the repo" but we've seen how that goes with npm and others. Shouldn't we be sandboxing by default? Even my git repos are more careful than this! 😅

Looking at setting up my own stuff, but where do you even start?



   
Quote