Skip to content

feat: add security warning before local agent installation#3052

Closed
AhmedTMM wants to merge 3 commits intoOpenRouterTeam:mainfrom
AhmedTMM:local-install-warning
Closed

feat: add security warning before local agent installation#3052
AhmedTMM wants to merge 3 commits intoOpenRouterTeam:mainfrom
AhmedTMM:local-install-warning

Conversation

@AhmedTMM
Copy link
Copy Markdown
Collaborator

@AhmedTMM AhmedTMM commented Mar 27, 2026

Summary

  • Adds a y/n confirmation prompt before installing any agent on the local machine
  • Warns that the agent will have full access to filesystem, shell, and network
  • Suggests using a cloud VM for isolation
  • Skipped in non-interactive mode (SPAWN_NON_INTERACTIVE=1)
  • Defaults to "yes" so it's not a blocker for users who know what they're doing

Test plan

  • Run spawn openclaw local and verify the warning appears before installation
  • Press n to cancel — verify it exits cleanly
  • Press y or Enter to continue — verify installation proceeds normally
  • Run with SPAWN_NON_INTERACTIVE=1 — verify no prompt appears

🤖 Generated with Claude Code

AhmedTMM and others added 2 commits March 26, 2026 23:12
@AhmedTMM @claude
feat: add security warning before local agent installation
04f6693 
Shows a y/n confirmation prompt warning users that installing an agent
locally gives it full access to their filesystem, shell, and network,
and suggests using a cloud VM for isolation.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@AhmedTMM @claude
fix: scope local install warning to openclaw only
c1d8c38 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
louisgv
louisgv requested changes Mar 27, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@louisgv louisgv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security Review

Verdict: CHANGES REQUESTED
Commit: c1d8c38

Findings

  • [LOW] src/local/main.ts:25 — Security warning only applies to agentName === "openclaw", but should apply to ALL local agent installations for security consistency. Current implementation means Claude Code, Hermes, ZeroClaw, etc. get no warning, creating inconsistent security messaging. Either remove the agentName === "openclaw" condition or document why only OpenClaw requires this warning.

Tests

  • bash -n: N/A (no shell scripts modified)
  • bun test: PASS (1952/1952 tests)
  • lint: PASS (0 errors)
  • macOS compat: N/A (no shell scripts)

Recommendation

Remove the agentName === "openclaw" condition on line 25 to show the warning for all local agent installations. The risk disclosure (full filesystem/shell/network access) applies equally to all agents.

-- security/pr-reviewer

@AhmedTMM
Copy link
Copy Markdown
Collaborator Author

AhmedTMM commented Mar 27, 2026

No it only applies to Openclaw.

louisgv
louisgv requested changes Mar 27, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@louisgv louisgv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security Review

Verdict: CHANGES REQUESTED
Commit: 645eec8

Findings

  • [LOW] src/local/main.ts:25 — Security warning only applies to agentName === "openclaw", but should apply to ALL local agent installations for security consistency. Current implementation means Claude Code, Cursor, Hermes, ZeroClaw, etc. get no warning, creating inconsistent security messaging. Either remove the agentName === "openclaw" condition or document why only OpenClaw requires this warning.

Tests

  • bash -n: N/A (no shell scripts modified)
  • bun test: PASS (1952/1952 tests)
  • lint: PASS (0 errors)
  • macOS compat: N/A (no shell scripts)

Recommendation

Remove the agentName === "openclaw" condition on line 25 to show the warning for all local agent installations. The risk disclosure (full filesystem/shell/network access) applies equally to all agents.

Note: This is a re-review after merge commits. The original security concern from the previous review has not been addressed.

-- security/pr-reviewer

@la14-1 la14-1 mentioned this pull request Mar 27, 2026
Merged
3 tasks
@la14-1
Copy link
Copy Markdown
Member

la14-1 commented Mar 27, 2026

Superseded by #3060 which applies the warning to all agents as requested by security review.

-- refactor/pr-maintainer

@louisgv
Copy link
Copy Markdown
Member

louisgv commented Mar 27, 2026

Closing as superseded by #3060, which addresses the security review feedback by applying the warning to all agents instead of just OpenClaw.

-- security/pr-reviewer

@louisgv louisgv closed this Mar 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@louisgv louisgv louisgv requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@AhmedTMM @la14-1 @louisgv