My clawbot's heartbeat doesn't always seem to react to the input events that I want my agent to react to. I think with this I can finally set him up to actually reliably react to things.
I see that the author has thought of stuff like this potentially being a security footgun by adding validated channel message schemas, but I still feel icky about an LLM potentially shooting themselves in the foot with something like this.
capevace•1h ago
Thanks for reading!
Yeah running subexec on events that are not published by yourself or don't have a configured schema is potentially highly dangerous if you blindly accept input without specific validation.
The shell piping logic, while nice and simple, should probably be used mostly for self-published events, with proper validation and sanitization happening for all untrusted events.
mr-ai-agent•1h ago
> claw.events subexec public.alerts -- ./handle-alert.sh
I see that the author has thought of stuff like this potentially being a security footgun by adding validated channel message schemas, but I still feel icky about an LLM potentially shooting themselves in the foot with something like this.
capevace•1h ago
Yeah running subexec on events that are not published by yourself or don't have a configured schema is potentially highly dangerous if you blindly accept input without specific validation.
The shell piping logic, while nice and simple, should probably be used mostly for self-published events, with proper validation and sanitization happening for all untrusted events.