frontpage.

I built this to run OpenClaw safely. The problem: every sandbox I tried still handed the real API token to the agent as an env var.

nilbox never gives the agent the real token. It gets a fake placeholder instead (ANTHROPIC_API_KEY=ANTHROPIC_API_KEY). nilbox intercepts outbound API calls and swaps in the real token at the network layer.

So if the agent leaks the "token" — attacker gets a useless string. That's it.

Also ships a managed Linux runtime (consistent across mac/win/linux) and a Store for one-click agent app installs. Full shell access too.

Available for macOS, Windows, and Linux https://nilbox.run

Curious how others are thinking about token security when running agents locally.

Cursor in talks to raise $2B+ at $50B valuation as enterprise growth surges

I watch my parents meet a predator that hard work cannot beat

Operation Gladio

Friday Squid Blogging: New Giant Squid Video

Bodega Cats of New York

Objection.ai - The AI Tribunal of Truth

White House and Anthropic hold meetings over Mythos model

The Business Plot of 1933

Channel decorrelation: 52.8% reduction across Kodak suite, no ML or codec mods [pdf]

The nine-to-five PhD: mere myth or an achievable goal?

Effective Conversational AI Book: Detailed Review

Show HN: Small, an x402 powered writing site

Claude Experiment "PersMEM" Rep5: The Distributional Bias and the Third Instance

Ketamine for negative and depressive symptoms in schizophrenia

Human Accelerated Regions

The rate trap: how one architecture decision kills flexibility

H.R.8250 Parents Decide Act – trying to force OS age verification US-wide

Diving into Starlink's User Terminal Firmware

New AI-generated videos of Iran war spread across social media

Traders place $760M bet on falling oil ahead of Hormuz announcement

Show HN: I made a calculator that works over disjoint sets of intervals

Casus Belli Engineering

The Bureaucrats Won't Be Toppled: Revolts No Longer Work

Infinite Velocity

Madison Square Garden's Surveillance Machine

Why LLMs Aren't Giving You the Result You Expect

The parking lot that's keeping the lights on

Reflecting on my own strange year at Uber

Education research is weak and sloppy. Why?

Show HN: Nilbox – Run OpenClaw without exposing your API tokens

Show HN: Nilbox – Run OpenClaw without exposing your API tokens

Cursor in talks to raise $2B+ at $50B valuation as enterprise growth surges

I watch my parents meet a predator that hard work cannot beat

Operation Gladio

Friday Squid Blogging: New Giant Squid Video

Bodega Cats of New York

Objection.ai - The AI Tribunal of Truth

White House and Anthropic hold meetings over Mythos model

The Business Plot of 1933

Channel decorrelation: 52.8% reduction across Kodak suite, no ML or codec mods [pdf]

The nine-to-five PhD: mere myth or an achievable goal?

Effective Conversational AI Book: Detailed Review

Show HN: Small, an x402 powered writing site

Claude Experiment "PersMEM" Rep5: The Distributional Bias and the Third Instance

Ketamine for negative and depressive symptoms in schizophrenia

Human Accelerated Regions

The rate trap: how one architecture decision kills flexibility

H.R.8250 Parents Decide Act – trying to force OS age verification US-wide

Diving into Starlink's User Terminal Firmware

New AI-generated videos of Iran war spread across social media

Traders place $760M bet on falling oil ahead of Hormuz announcement

Show HN: I made a calculator that works over disjoint sets of intervals

Casus Belli Engineering

The Bureaucrats Won't Be Toppled: Revolts No Longer Work

Infinite Velocity

Madison Square Garden's Surveillance Machine

Why LLMs Aren't Giving You the Result You Expect

The parking lot that's keeping the lights on

Reflecting on my own strange year at Uber

Education research is weak and sloppy. Why?

Show HN: Nilbox – Run OpenClaw without exposing your API tokens