β Back to README | FAQ β
Strongly recommend using a cloud server, not your personal machine:
| Cloud Server | Personal Computer | |
|---|---|---|
| Files Agent can access | Only server workspace | All your personal files |
| If something breaks | Rebuild server in 5 min | Personal files may be lost |
| API key exposure | Isolated on server | Exposed in personal env |
| 24/7 uptime | β Server stays on | β Stops when you close laptop |
π΄ Agents have full read/write access within their workspace, including command execution.
β
Recommended: dedicated directory
"workspace": "/home/ubuntu/clawd" β Agent can only access this
β Dangerous: home directory
"workspace": "/home/ubuntu" β Agent can access all your files
β Never: root
"workspace": "/" β Equivalent to root access
| Mode | Meaning | Best For | Capabilities |
|---|---|---|---|
"off" |
No sandbox, runs on host | Chief of Staff, Marketing, Finance | β Full access |
"non-main" |
Main session no sandbox, spawned tasks sandboxed | Default | Main normal, sub-tasks isolated |
"all" |
Everything in sandbox | Engineering, Audit (code runners) | β Read-only FS, β Workspace RW |
"agents": {
"defaults": {
"workspace": "/home/ubuntu/clawd",
"sandbox": { "mode": "non-main" }
},
"list": [
{ "id": "main", "sandbox": { "mode": "off" } },
{ "id": "engineering", "sandbox": { "mode": "all", "scope": "agent" } },
{ "id": "audit", "sandbox": { "mode": "all", "scope": "agent" } },
{ "id": "marketing", "sandbox": { "mode": "off" } },
{ "id": "finance", "sandbox": { "mode": "off" } }
]
}- Don't commit config files with API keys to public repos
- Don't share API keys in group chats
- Do set usage limits on API keys (in provider dashboard)
- Do rotate keys periodically
This project is provided "as is" without any warranties. AI-generated content is for reference only β review before acting on it. Keep API keys safe. Back up your data regularly.
β Back to README