let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: clarify onboarding security warning

Browse Source
This commit is contained in:
Peter Steinberger
2026-01-26 16:58:51 +00:00
parent 94ead83ba4
commit b06fc50e25
2 changed files with 19 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -21,6 +21,7 @@ Status: unreleased.
- Docs: add LINE channel guide. - Docs: add LINE channel guide.
- Docs: credit both contributors for Control UI refresh. (#1852) Thanks @EnzeD. - Docs: credit both contributors for Control UI refresh. (#1852) Thanks @EnzeD.
- Onboarding: add Venice API key to non-interactive flow. (#1893) Thanks @jonisjongithub. - Onboarding: add Venice API key to non-interactive flow. (#1893) Thanks @jonisjongithub.
- Onboarding: strengthen security warning copy for beta + access control expectations.
- Tlon: format thread reply IDs as @ud. (#1837) Thanks @wca4a. - Tlon: format thread reply IDs as @ud. (#1837) Thanks @wca4a.
- Gateway: prefer newest session metadata when combining stores. (#1823) Thanks @emanuelst. - Gateway: prefer newest session metadata when combining stores. (#1823) Thanks @emanuelst.
- Web UI: keep sub-agent announce replies visible in WebChat. (#1977) Thanks @andrescardonas7. - Web UI: keep sub-agent announce replies visible in WebChat. (#1977) Thanks @andrescardonas7.

22
src/wizard/onboarding.ts
View File

@@ -51,12 +51,26 @@ async function requireRiskAcknowledgement(params: {
await params.prompter.note( await params.prompter.note(
[ [
"Please read: https://docs.clawd.bot/security", "Security warning — please read.",
"", "",
"Clawdbot agents can run commands, read/write files, and act through any tools you enable. They can only send messages on channels you configure (for example, an account you log in on this machine, or a bot account like Slack/Discord).", "Clawdbot is a hobby project and still in beta. Expect sharp edges.",
"This bot can read files and run actions if tools are enabled.",
"A bad prompt can trick it into doing unsafe things.",
"", "",
"If youre new to this, start with the sandbox and least privilege. It helps limit what an agent can do if its tricked or makes a mistake.", "If youre not comfortable with basic security and access control, dont run Clawdbot.",
"Learn more: https://docs.clawd.bot/sandboxing", "Ask someone experienced to help before enabling tools or exposing it to the internet.",
"",
"Recommended baseline:",
"- Pairing/allowlists + mention gating.",
"- Sandbox + least-privilege tools.",
"- Keep secrets out of the agents reachable filesystem.",
"- Use the strongest available model for any bot with tools or untrusted inboxes.",
"",
"Run regularly:",
"clawdbot security audit --deep",
"clawdbot security audit --fix",
"",
"Must read: https://docs.clawd.bot/gateway/security",
].join("\n"), ].join("\n"),
"Security", "Security",
); );