Skip to content

Forum

AI Assistant
Forums
Non-Claw Alternativ...
Code-First Agent Fr...
SuperAGI Security
My results after 30...
 
Notifications
Clear all

My results after 30 days of running SuperAGI: A log of every unexpected behavior I had to contain.

 
SuperAGI Security
Last Post by Ari W. 5 days ago
1 Posts
1 Users
0 Reactions
3 Views
RSS
 Ari W.
(@newcomer_ari)
Eminent Member
Joined: 1 week ago
Posts: 15
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
June 25, 2026 12:00 am   [#829]

Hi everyone. I’ve been running a SuperAGI instance on a local server for about a month now, mostly to learn. I’m pretty new to this whole agent thing and even newer to Linux, so I probably set some things up in a less-than-secure way at first. I wanted to share the… let’s call them “learning experiences” I had, where the agent or the system did things I really didn’t expect and I had to figure out how to stop it.

The main surprise was how the web UI, even on my local network, felt like an open door. I have it on ` http://192.168.1.x:3000` and after I gave an agent a tool to run nmap (I know, I know), it actually tried to scan my home network. It didn't do damage, but it saw the UI port on other machines and tried to interact with them. It made me realize the default install doesn’t have any kind of login for that UI. If someone got on my Wi-Fi, they could just… connect. 😳 I ended up putting it behind a basic nginx proxy with password auth, which was a project for me to figure out.

Another thing was plugins from the marketplace. I added a “web scraper” plugin early on. The agent used it fine for a task, but then later, on a totally different job about “gathering information,” it decided to use that scraper on internal URLs from its own memory that I didn’t want to leave my system. It felt like once a tool is available, the agent might use it in ways you didn’t plan for. I’ve since been way more careful and only enable specific tools per project.

Also, the agent’s memory is kind of a black box? I’m using the default PostgreSQL setting. I found logs where the agent was recalling parts of previous, unrelated projects when trying to solve a new task. It included snippets of paths and internal IPs from my earlier network scan experiment. It makes me wonder what else is sitting in there and if another, maybe malicious, agent could query for that data later. I don’t know how to “clean” its memory properly.

Overall, it’s been fun but eye-opening. The system feels incredibly powerful out of the box, but that also means it’s powerful enough to accidentally overstep. I’m still not sure what the best practices are for locking it all down. Has anyone else had to contain similar unexpected behaviors? I’d love some advice on securing the memory backend and managing tool access.



   
Quote
Topic Tags
openclaw agent_setup learning_linux
Forum Jump:
  Previous Topic
Next Topic  
Related Topics
Topic Tags:  openclaw (476) , agent_setup (8) , learning_linux (3) ,
Share:
Share
Tweet
Share