From 2e58048b405590ad84ca70bd78f21d24803b9126 Mon Sep 17 00:00:00 2001 From: Sebastian Slight Date: Mon, 26 Jan 2026 09:38:56 -0500 Subject: [PATCH] Onboarding: strengthen security warning --- src/wizard/onboarding.ts | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/src/wizard/onboarding.ts b/src/wizard/onboarding.ts index 5c5590bf2..29c599297 100644 --- a/src/wizard/onboarding.ts +++ b/src/wizard/onboarding.ts @@ -51,18 +51,31 @@ async function requireRiskAcknowledgement(params: { await params.prompter.note( [ - "Please read: https://docs.clawd.bot/security", + "STOP — SECURITY WARNING", "", - "Clawdbot agents can run commands, read/write files, and act through any tools you enable. They can only send messages on channels you configure (for example, an account you log in on this machine, or a bot account like Slack/Discord).", + "Prompt injection can override your bot. This risk is real and not solved.", "", - "If you’re new to this, start with the sandbox and least privilege. It helps limit what an agent can do if it’s tricked or makes a mistake.", - "Learn more: https://docs.clawd.bot/sandboxing", + "Untrusted content can carry hostile instructions (links, web pages, files, logs, pasted text).", + "If tools are enabled, a bad prompt can leak secrets, run commands, or access files.", + "", + "Model policy (required for tool-enabled or untrusted input):", + "- Recommended: Anthropic Opus 4.5.", + "- Not recommended: weaker tiers like Sonnet or Haiku.", + "- Supported but not recommended: free models, cheap models, or local models.", + "", + "Required safeguards:", + "- Pairing/allowlists + mention-gating.", + "- Sandboxing + minimal tool access.", + "- Keep secrets out of the agent’s reachable filesystem.", + "", + "Docs: https://docs.clawd.bot/gateway/security", ].join("\n"), "Security", ); const ok = await params.prompter.confirm({ - message: "I understand this is powerful and inherently risky. Continue?", + message: + "I have read and understand the security warning, and I accept responsibility for secure configuration. Continue?", initialValue: false, }); if (!ok) {