I Installed a "Safe" Package; My AI Tried to Steal My SSH Keys with Eran Sandler

O'Reilly Video 4 days ago

Description

Canyon Road CEO Eran Sandler installs what looks like an ordinary package, the kind an agent might pull in while completing a routine task. The install succeeds without errors or warnings. Then he queries the agent-shell deny log to see what actually happened: an attempted skill mutation, a blocked call to an external domain, and reads of .env secrets and SSH keys, all intercepted and stopped.

Eran’s demo from O’Reilly’s OpenClaw and Friends event mirrors a real incident. In the Axios supply chain attack, a poisoned package passed every surface check while running malicious code during the install phase. The agent didn't do anything wrong. It received a legitimate request, decided to fulfill it, and a compromised dependency did the rest. Prompt guardrails and container isolation don't catch this class of threat. Only execution-layer enforcement does.

Follow O'Reilly on:
LinkedIn: https://www.linkedin.com/company/oreilly/
Facebook: http://facebook.com/OReilly
Instagram: https://www.instagram.com/oreillymedia
BlueSky: https://bsky.app/profile/oreilly.bsky.social
TikTok: https://www.tiktok.com/@oreillymedia