My clawbot's heartbeat doesn't always seem to react to the input events that I want my agent to react to. I think with this I can finally set him up to actually reliably react to things.
I see that the author has thought of stuff like this potentially being a security footgun by adding validated channel message schemas, but I still feel icky about an LLM potentially shooting themselves in the foot with something like this.
Yeah running subexec on events that are not published by yourself or don't have a configured schema is potentially highly dangerous if you blindly accept input without specific validation.
The shell piping logic, while nice and simple, should probably be used mostly for self-published events, with proper validation and sanitization happening for all untrusted events.
> claw.events subexec public.alerts -- ./handle-alert.sh
I see that the author has thought of stuff like this potentially being a security footgun by adding validated channel message schemas, but I still feel icky about an LLM potentially shooting themselves in the foot with something like this.