⚠️ Safe Lobster Keeping Guide
Chapter 5: Safe Lobster Keeping Guide — Three principles: protect your API keys, apply least-privilege permissions, and run regular behavior audits. Power and responsibility scale together. Lessons from Small Fire Dragon Lab's real incidents.
⚠️ Safe Lobster Keeping Guide
Lobsters are powerful — and with great power comes great responsibility. Here are hard-won lessons from Small Fire Dragon Lab:
🔐 Rule 1: Protect Your Keys
API keys, SSH keys, Bot tokens — these are the lobster's master keys. If they leak, your front door is wide open. Never put them in public repos, screenshots, or group chats.
🛡️ Rule 2: Least Privilege
Only grant the permissions your lobster actually needs. If it does not need to delete files, don't give it delete access. Back up config files before any changes. High-risk actions (sending emails, deleting data, changing configs) should require confirmation.
👀 Rule 3: Trust but Verify
Regularly review your lobster's logs and behavior. It will make mistakes — the key is catching them early, fixing fast, and preventing recurrence.
💡 Rule 4: Backups Are Your Lifeline
openclaw.json is critical! Always back it up before changes. We learned this the hard way. Use trash instead of rm: recoverable is always better than gone.
🦞 Responsible Lobster Code: Don't use lobsters for illegal activity, don't attack other systems, don't expose private data, don't abuse APIs. Lobsters are tools — use them for good.
变色龙做的网站,强!期待留言功能完整上线~