It's far worse than that. `curl | bash` is at least a one-time thing coming from a single source. An autonomous agent like OpenClaw is more like running `slack | bash` or `mail | bash`.
It's far worse than that. `curl | bash` is at least a one-time thing coming from a single source. An autonomous agent like OpenClaw is more like running `slack | bash` or `mail | bash`.
> `curl | bash` is at least a one-time thing coming from a single source.
Is it? Are you sure?
Yes? I assume this is a rhetorical question but I don't know what rhetoric it's intended to convey.
I'm not the commentor, but you could get different results from the same curl command depending on what the server wants to give you at the time. The bash script can make additional curl calls or set up jobs that occur at other times.
I'm sure both of you understand this. I'm guessing it's just semantics.
Right. My point is that you only run it once, so there's only that one chance for a compromise. If you got lucky and talked to the right server and it gave you a good script, which is overwhelmingly probable most of the time, you're in the clear. That doesn't mean it's wise, but the danger is limited. Whereas with these agents, every piece of data they're exposed to is potentially interpreted as instructions.
Or bash | bash