๐ฆ๐ฎ๐ณ๐ฒ ๐๐ถ๐น๐ฒ ๐๐ฐ๐ฐ๐ฒ๐๐ ๐ณ๐ผ๐ฟ ๐๐ผ๐ฐ๐ฎ๐น ๐๐๐ ๐
Local LLMs reading your files are useful. Without guardrails, they are a security risk.
The model plans. Your code executes. Your code is the only wall between a bot and your home folder.
Risks you face:
- Path traversal to sensitive files.
- Leaking API keys from .env files.
- Crashing RAM with giant files.
- Prompt injection from read files.
Use these rules to stay safe:
- Use absolute paths. Block any path outside your root folder.
- Check symlinks. Use real paths to stop back doors.
- Block secrets. Stop files like .env or .git.
- Limit read size. Cap data at 256KB.
- Require human approval for writes. No autonomous writing.
- Validate arguments. Use Zod to stop hallucinations.
- Cap the loop. Stop the bot from running forever.
Sandbox first. Features second. This order is the point.
Source: https://dev.to/pavelespitia/giving-your-local-llm-safe-filesystem-access-with-ollama-tool-use-4o79 Optional learning community: https://t.me/GyaanSetuAi