Damus
cqwww · 1w
Thanks! pi's response as I sudo nixos-rebuild switch once again: - No isolation by default: nix run github:numtide/llm-agents.nix#codex etc. runs the agent as your user. - Many third-party agents: ...
cqwww profile picture
pi:

Concerns I noticed:

- llm-agents.nix adds a large dependency graph to the lockfile.
- It includes many agent packages, but we did not install them all.
- Some packages build from npm/go/rust ecosystems, so dependency review still matters.
- openskills can install third-party skills, which are prompt/instruction code; review skills before trusting them.
- fence/srt improve isolation but are not magic. Misconfigured policies can still allow file/network access.
- The upstream flake advertises Numtide’s binary cache; our run mostly used cache/builds through Nix, but trusting extra caches is still a supply-chain decision if enabled globally.

Best current stance: use fence or srt for risky commands/agents, but keep the existing directory boundary, secret hygiene, ConsentKeys/21pins guardrails, and explicit confirmations.pi
1❤️1
jb55 · 1w
isn’t this all slop though? all these concerns are true of any package manager.