MCP security risk #3907
SunAndClouds
started this conversation in
General
MCP security risk
#3907
Replies: 1 comment
-
|
Would running codex in a container with a mount of your target working dir solve your problem? That's what I did and gave it "danger mode" so it can have at it and I don't have to worry about it touching things elsewhere. That said, if your using it in mcp-server mode, there's a bug that forces you codex to operate in a one-shot capacity. Very sad |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Tried to set up the codex mcp, but realized that there is nothing that prevents the agent from spawning a codex instance that can operate on other directories than the current one, while also being able to disable the sandbox. This is typically only possible if the human user explicitly modifies the settings, but with agents running codex mcp, this could silently get bypassed.
What are some strategies that could be implemented to enforce a defensive default?
Beta Was this translation helpful? Give feedback.
All reactions