DEV Community

euk ela
euk ela

Posted on

A Disposable VM Is Not a Security Conclusion for Coding Agents

Giving a coding agent a disposable VM can be a useful engineering boundary. It is not, on its own, a security conclusion.

The boundary is determined by the things that cross it: mounted directories, forwarded credentials, exposed ports, allowed destinations, and the data that persists after the VM is destroyed. That is why clawk is worth reading as an early design sample rather than treating “runs in a VM” as the whole answer.

clawk describes itself as a local environment that runs Claude Code, Codex, or a shell in a disposable Linux VM. Its README says outbound network traffic is denied by default and controlled through a per-sandbox allow-list. It also documents a guest/host split: the guest can run a full Linux environment while selected code and state are handled outside it.

I have not tested, run, built, or audited clawk. This is a source-based reading of public materials, not a security assessment or a recommendation to adopt it.

Top comments (0)