From 3f9da2ae1ebe42617f7ecfae1848c0a7b2f5dfde Mon Sep 17 00:00:00 2001
From: B <6723574+louisgv@users.noreply.github.com>
Date: Fri, 27 Mar 2026 09:09:52 +0000
Subject: [PATCH] fix(local): show security warning for all local agent
 installations

Previously the warning only appeared for openclaw. Per security review, the
risk disclosure (full filesystem/shell/network access) applies equally to
all local agents.

Agent: pr-maintainer
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 packages/cli/package.json      |  2 +-
 packages/cli/src/local/main.ts | 21 +++++++++++++++++++++
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/packages/cli/package.json b/packages/cli/package.json
index d371f2b80..769a6ccae 100644
--- a/packages/cli/package.json
+++ b/packages/cli/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openrouter/spawn",
-  "version": "0.27.2",
+  "version": "0.27.3",
   "type": "module",
   "bin": {
     "spawn": "cli.js"
diff --git a/packages/cli/src/local/main.ts b/packages/cli/src/local/main.ts
index 4bd932441..759d2d21e 100644
--- a/packages/cli/src/local/main.ts
+++ b/packages/cli/src/local/main.ts
@@ -4,8 +4,10 @@
 
 import type { CloudOrchestrator } from "../shared/orchestrate.js";
 
+import * as p from "@clack/prompts";
 import { getErrorMessage } from "@openrouter/spawn-shared";
 import { runOrchestration } from "../shared/orchestrate.js";
+import { logWarn } from "../shared/ui.js";
 import { agents, resolveAgent } from "./agents.js";
 import { downloadFile, interactiveSession, runLocal, uploadFile } from "./local.js";
 
@@ -19,6 +21,25 @@ async function main() {
 
   const agent = resolveAgent(agentName);
 
+  // Warn about security implications of installing agents locally
+  if (process.env.SPAWN_NON_INTERACTIVE !== "1") {
+    process.stderr.write("\n");
+    logWarn("⚠  Local installation warning");
+    logWarn(`   This will install ${agent.name} directly on your machine.`);
+    logWarn("   The agent will have full access to your filesystem, shell, and network.");
+    logWarn("   For isolation, consider running on a cloud VM instead.\n");
+
+    const confirmed = await p.confirm({
+      message: "Continue with local installation?",
+      initialValue: true,
+    });
+
+    if (p.isCancel(confirmed) || !confirmed) {
+      p.log.info("Installation cancelled.");
+      process.exit(0);
+    }
+  }
+
   const cloud: CloudOrchestrator = {
     cloudName: "local",
     cloudLabel: "local machine",