Security & Privacy

PicoClaw runs in a sandbox by default. See Configuration and Workspace. Official security notice: picoclaw.net / GitHub.

Security sandbox

By default the agent can only access files and run commands inside the configured workspace. Set restrict_to_workspace: true in config (default).

Protected tools

When restrict_to_workspace: true, these are sandboxed: read_file, write_file, list_dir, edit_file, append_file (workspace only); exec (paths must be inside workspace).

Exec protection

Even with restrictions off, exec blocks: bulk delete (rm -rf, etc.), disk format, dd, writing to /dev/sd*, shutdown/reboot, fork bombs. See GitHub for full list.

Disabling restrictions

Only in controlled environments: set restrict_to_workspace: false in config or PICOCLAW_AGENTS_DEFAULTS_RESTRICT_TO_WORKSPACE=false. This allows access to any path—use with caution.

Data privacy

Data stays local in your workspace. LLM calls go to your configured providers (OpenRouter, etc.). See Privacy.

Configuration
Workspace
Privacy
Docs
FAQ
picoclaw.net
GitHub