OpenClaw is being called a security “Dumpster fire,” but there is a way to stay safe
Summary
Deno's new sandbox feature isolates untrusted code in microVMs, using secret redaction to prevent credential leaks, offering a security solution amid OpenClaw's vulnerabilities.
OpenClaw's security flaws expose widespread credential leaks
Security researchers at Snyk found that over 7 percent of skills on the OpenClaw marketplace contain flaws that expose sensitive credentials. In a February blog post, they reported these popular agent skills force AI agents to pass API keys, passwords, and credit card numbers through the LLM's context window in plaintext.
This follows previous reporting that has labeled OpenClaw's current security state a "Dumpster fire." The discovery highlights a critical vulnerability in how AI agents handle secrets when executing third-party skills.
Deno launches sandbox for untrusted code
Deno has introduced a new Sandbox feature on its Deno Deploy cloud platform specifically designed to run untrusted code securely. The company's documentation explicitly warns against running LLM-generated or user-written code directly on servers, stating it will "compromise your system, steal your API keys, and call out to evil dot com."
The sandbox uses lightweight Linux microVMs with defense-in-depth security. This approach isolates potentially dangerous code execution from core systems and sensitive data.
Setting up the Deno sandbox environment
Getting started with Deno Sandbox requires several setup steps. First, users must install Deno locally and authenticate with the Deno Deploy service, which includes a credit card verification step through Stripe.
Developers then need to create a deployment token to connect their identity to Deno's cloud. The terminology can be confusing, with "access token," "organization token," and "deploy token" appearing interchangeable in documentation.
Once configured, creating a sandbox involves simple TypeScript code:
- Import the Sandbox module from @deno/sandbox
- Create a sandbox instance using Sandbox.create()
- Execute commands within the sandbox using template literals
The system maintains detailed logs of all sandbox activity, visible through a filterable event dashboard that shows execution history and instance details.
Preventing data exfiltration with secret redaction
Deno's most significant security feature is its approach to preventing data exfiltration through secret redaction and substitution. Configured secrets never enter the sandbox as environment variables. Instead, Deno Deploy substitutes them with obfuscated values that only become revealed when the sandbox makes outbound requests to specifically approved hosts.
The configuration looks like this:
- Secrets are defined with specific host permissions
- Values are pulled from the local environment but never exposed within the sandbox
- Outbound requests to approved hosts automatically substitute the real secret value
When code within the sandbox attempts to access a secret like ANTHROPIC_API_KEY, it receives an obfuscated value. The real API key only appears when the sandbox contacts api.anthropic.com directly, never passing through the executing code's awareness.
A critical tool for the AI-generated code era
Deno Sandbox arrives at a crucial moment as developers increasingly incorporate AI-generated and untrusted third-party code into their applications. The service provides multiple layers of protection beyond just secret redaction.
Developers can control allowed outgoing addresses and restrict network access. Combined with the microVM isolation, this creates a comprehensive security environment for executing potentially dangerous code.
As OpenClaw's security problems demonstrate, the industry desperately needs better solutions for running untrusted code. Services like Deno Sandbox that provide both isolation and intelligent secret management represent a necessary evolution in developer security tools.
Related Articles
‘An AlphaFold 4’ – scientists marvel at DeepMind drug spin-off’s exclusive new AI
Isomorphic Labs, a Google DeepMind spin-off, has developed a proprietary AI model, IsoDDE, that predicts protein-drug interactions for drug discovery, but unlike AlphaFold, it is not being shared with the broader scientific community.
Gaza ‘stabilization force’ commander outlines security plans
US-led Gaza force to start in Rafah, aims for 20,000 troops. Indonesia pledges 8,000 and will be deputy commander.
Stay in the loop
Get the best AI-curated news delivered to your inbox. No spam, unsubscribe anytime.
