fix: tighten small-model audit guardrails
This commit is contained in:
Peter Steinberger
@@ -21,3 +21,4 @@ clawdbot security audit --fix
|
||||
```
|
||||
|
||||
The audit warns when multiple DM senders share the main session and recommends `session.dmScope="per-channel-peer"` for shared inboxes.
|
||||
It also warns when small models (<=300B) are used without sandboxing and with web/browser tools enabled.
|
||||
|
||||
@@ -177,6 +177,7 @@ Recommendations:
|
||||
- **Use the latest generation, best-tier model** for any bot that can run tools or touch files/networks.
|
||||
- **Avoid weaker tiers** (for example, Sonnet or Haiku) for tool-enabled agents or untrusted inboxes.
|
||||
- If you must use a smaller model, **reduce blast radius** (read-only tools, strong sandboxing, minimal filesystem access, strict allowlists).
|
||||
- When running small models, **enable sandboxing for all sessions** and **disable web_search/web_fetch/browser** unless inputs are tightly controlled.
|
||||
|
||||
## Reasoning & verbose output in groups
|
||||
|
||||
|
||||
Reference in New Issue
Block a user