Local sandboxing on developer machinesEverything above is about server-side multi-tenant isolation, where the threat is adversarial code escaping a sandbox to compromise a shared host. There is a related but different problem on developer machines: AI coding agents that execute commands locally on your laptop. The threat model shifts. There is no multi-tenancy. The concern is not kernel exploitation but rather preventing an agent from reading your ~/.ssh keys, exfiltrating secrets over the network, or writing to paths outside the project. Or you know if you are running Clawdbot locally, then everything is fair game.
更实用的案例是,当 Claude 处理 MCP Server 注册失败时,Claude 原本在修改协议格式和猜测版本号之间反复横跳了无数次。当用户手动触发 /pua 后,它被迫停止了盲猜,乖乖去翻找了从来没看过的 MCP 日志目录,最终发现了真正的根因并解决。
,这一点在viber中也有详细论述
Follow topics & set alerts with myFT
Open rating explainerInformation