Course 9 of 18

Security & Best Practices

The agent has your data, your API keys, your shell, and your contact list. The defaults are unsafe. This course is the channel's "don't get pwned" syllabus — five sub-articles that turn the most-quoted incidents on the channel (the 3am girlfriend message, the Facebook/Meta contact-list blast, the .env file in chat) into a concrete operating discipline.

5 sub-sections

10 videos

5 hands-on

9.1

The `.env` discipline

2 videos Hands-on
9.2

API key rotation and audit (`config get` redaction)

2 videos Hands-on
9.3

Scope, not root: chat-app permission boundaries

2 videos Hands-on
9.4

Sandboxing: VPS over Mac, NemoClaw privacy layer

2 videos Hands-on
9.5

The 3am-girlfriend lesson: blast-radius minimization

2 videos Hands-on

← Back to all courses

The `.env` discipline

API key rotation and audit (`config get` redaction)

Scope, not root: chat-app permission boundaries

Sandboxing: VPS over Mac, NemoClaw privacy layer

The 3am-girlfriend lesson: blast-radius minimization