HackerTrans
TopNewTrendsCommentsPastAskShowJobs

sentra

no profile record

Submissions

Execwall – firewall to stop ModelScope CVE-2026-2256 (AI agent command injectn)

1 points·by sentra·hace 4 meses·0 comments

OpenClaw and Agent Execution Firewall

github.com
1 points·by sentra·hace 5 meses·1 comments

comments

sentra
·hace 5 meses·discuss
[dead]
sentra
·hace 5 meses·discuss


  I built Sentra, an execution firewall that lets you safely run OpenClaw (AI agent with WhatsApp integration) on Oracle Cloud Free Tier for $0/month.

  The problem: AI agents that execute code are powerful but dangerous. Give an LLM shell access and it might run rm -rf /.

  The solution: A security layer with:

  • Seccomp-BPF – Kernel-level syscall filtering blocks fork, exec, ptrace before they execute

  • Policy engine – Regex-based command allowlist/denylist with argument inspection

  • Python sandbox – Namespace isolation with cgroup resource limits

  • Rate limiting – Prevents automated attack patterns

  Example:
  [sentra:enforce]$ rm -rf /
  [X] DENIED: Recursive deletion blocked

  [sentra:enforce]$ sudo su
  [X] DENIED: Privilege escalation blocked

  [sentra:enforce]$ ls -la
  total 48
  drwxr-xr-x  5 opc opc 4096 ...
   ALLOWED

  The stack (all free):

  • Oracle Cloud Free Tier – 4 ARM CPUs, 24GB RAM, 200GB storage

  • OpenClaw – Node.js AI agent framework with WhatsApp Web

  • Sentra – Rust execution firewall (this project)

  • Any LLM via OpenRouter (Gemini, GPT-4, Claude, Llama)

  One-line install:
  curl -sSL https://raw.githubusercontent.com/sundarsub/sentra/main/scripts/install-oracle-cloud.sh | sudo bash

  Links:

  • GitHub: https://github.com/sundarsub/sentra

  • Oracle Cloud Guide: https://github.com/sundarsub/sentra/blob/main/docs/ORACLE_CLOUD_DEPLOYMENT.md

  Open source (Apache-2.0). [email protected]