# That was the case in December. 4 months and thousands of work hours later， we have a great security …

- 来源：Peter Steinberger 🦞 (@steipete)
- 发布时间：2026-04-16 02:27
- AIHOT 链接：https://aihot.virxact.com/items/cmo0gkg4b014xsli2qx2nya1x
- 原文链接：https://x.com/steipete/status/2044482797449150520

## AI 摘要

那是12月的情况。4个月和数千个工作小时后，我们有了一个出色的安全概念；你可以完全yolo，使用沙盒（Docker或OpenShell），有白名单和每次访问的执行允许/拒绝提示。

有数百名安全研究人员对它进行了渗透测试。

[引用 @maxintechnology]：@steipete @openclaw 我不认为OpenClaw是一个参考。它实际上没有适当的安全模型。OpenClaw上的任何东西都不是安全设计的。

## 正文

That was the case in December. 4 months and thousands of work hours later， we have a great security concept； you can go all yolo， use a sandbox （Docker or OpenShell）， there are allow-lists and per-access exec allow/deny prompts.

There's hundreds of security researchers that pen-tested it.

### 引用推文

> Max Wolter：@steipete @openclaw I don't think OpenClaw is a reference. It literally doesn't have a proper security model. Nothing on OpenClaw is secure by design.
