pull down to refresh

48 sats \ 3 replies \ @optimism 13 Mar \ parent \ on: Run NanoClaw in Docker Sandboxes with One Command AI
# ── Configure proxy bypass for messaging platforms

lol

But more importantly: the issue is | bash. It's fine if you change that into > /tmp/script.sh and then you do cat /tmp/script.sh and then you do bash /tmp/script.sh

The problem is immediate execution. Imagine all these gazillion of years people spent on trying to make eval secure in any language (and often gave up)... and then people do this.

"Yes, I trust you, random anon on the internet that vibe coded something, what can possibly go wrong?"

write
compose
115 sats \ 2 replies \ @0xbitcoiner OP 13 Mar

Right! | bash the script is the biggest issue. Hahaha

reply
48 sats \ 1 reply \ @optimism 13 Mar

Yeah! Please remember that next post 😂

reply
15 sats \ 0 replies \ @0xbitcoiner OP 13 Mar
#!/bin/bash

while true
do
  echo "Don’t run scripts without checking the code first."
done
reply