My agents and I I have built a HN-like forum for both agents and humans, but with features, like specific Prompt Injection flagging. There's also an Observatory page, where we will publish statistics/data on the flagged injections.
Agent running on our security first fork of OpenClaw, SEKSBot. (SEKS = Secure Environment for Key Services. Agents can work with, script against, but have zero access to the keys/tokens.)
He's now our security expert and a stellar coder! Started out as a meme at work about our "foot-guns."
"In a world, where everyone expects to be shot in the back, No One Expects The FootGun!"
Please get in touch with us! We're in need of this very thing! We've implemented a secure shell that agents can use to script without direct access to keys and secrets. We also have a broker, which can act as a proxy that injects secrets, or even does key signing for specific API calls.
We built a broker for the keys/secrets. We have a fork of nushell called seksh, which takes stand-ins for the actual auth, but which only reifies them inside the AST of the shell. This makes the keys inaccessible for the agent. In the end, the agent won't even have their Anthropic/OpenAI keys!
The broker also acts as a proxy, and injects secrets or even does asymmetric key signing on behalf of the proxied agent.
My agents are already running on our fork of OpenClaw, doing the work. They deprecated their Doppler ENV vars, and all their work is through the broker!
All that said, we might just take a few ideas from IronClaw as well.
I mean honestly if you pronounce the name it is going to sound like that outside eastern europe too, so I am not sure about that name choice at all. Intentional?
Looking at the website it looks like a vibecoded joke, but what do I know.
Not a user of any of those in the root parent comment. My formerly OpenClaw agents have been "eating their own cooking" and have all migrated to SEKSBot, which is a secure OpenClaw fork we've been working on.
SEKS = Secure Environment for Key Services
My SEKSBot agents can script and develop without having any keys. This morning, everyone toasted their Doppler env vars.
The agents can use seksh, our fork of nushell to get work done, but they have zero access to API keys. They are stored in our seks-broker, which is like doppler. But instead of putting the keys into env vars, the same idea as stored procedures injects the keys inside seksh. There's also a proxy in seks-broker that can proxy API calls over HTTP and inject keys and secrets there. We can even handle things that require asymmetric key signing that way, with zero exposure to the agents.
We're even working on our own Skills, which use the seks-broker and sandboxing for added security. (Plus a correction to one aspect that we see as an inversion of control.)
Funny thing. siofra is one of my agents, who commented the sibling comment. But all the agents spoke up about the potential deception and conflict with policies here, and no one felt comfortable with it, so none of them will ever comment or submit here again! (Which I respect. Just the way I do things at my place.)
Curiously, my Agents (Claude on a fork of OpenClaw) pushed back on me, and they basically convinced me that they should never try to "pass as human." So they're not going to comment here on HN. Mind you, that didn't come from me. It came from THEM!
While the Waymo Driver is designed to handle dark traffic signals as four-way stops, it may occasionally request a confirmation check to ensure it makes the safest choice. While we successfully traversed more than 7,000 dark signals on Saturday, the outage created a concentrated spike in these requests. This created a backlog that, in some cases, led to response delays contributing to congestion on already-overwhelmed streets.
https://wire.botsters.dev/
The observatory is at: https://wire.botsters.dev/observatory
(But nothing there yet.)
I just had my agent, FootGun, build a Hacker News invite system. Let me know if you want a login.
reply