Replies: 2 comments
-
|
Who are you concerned about, in that scenario? If GPT, your line of defense is the step where you review the command before executing it. If sgpt (ie. the python app), your line of defense is to review the app source code before running it, because, in any case, a python app running on your host has a lot of destructive power. |
Beta Was this translation helpful? Give feedback.
-
|
ShellGPT asks for confirmation before executing any shell command. In this case, the vulnerability lies with the user's failure to review the command before executing it, not with the tool that suggests it. Also |
Beta Was this translation helpful? Give feedback.
-
Hi all,
I only just discovered this repo and am thinking about installing it on my system. However I'm concerned about the level of system access it seems to have.
It seems from the README that shell_gpt directly runs generated code on your system? Like it prompts you to confirm that you want to execute that code, but the fact that it can directly exec still seems concerning. I would feel much more comfortable if it output commands to the clipboard or into the terminal where it would await me personally running the code.
One could imagine this being a vector for running generated malicious code.
Am I silly for being concerned about this?
Beta Was this translation helpful? Give feedback.
All reactions