TechnicalInsightful

Safer Agentic AI? đź§  Full Docker + Hermes Agent Tutorial (Desktop)

Wanderloots

This tutorial demonstrates how to safely run AI agents like Hermes inside Docker containers to sandbox code execution and prevent unauthorized access to sensitive files on your computer. By configuring Docker volumes and mounting specific folders, users can give agents access to only the files they choose while keeping code execution isolated from the main system.

Summary

Callum (Wanderer) explains the security risks of running AI agents with unrestricted access to your computer, including a real example where Meta's privacy head accidentally deleted emails using Claude. The core problem is that AI agents can read and execute code directly on your machine, potentially exposing sensitive information like API keys, passwords, personal notes, and company strategies.

The solution is Docker, which creates an isolated sandbox environment where agents can execute code without affecting the host system. The video demonstrates this by first showing Hermes reading all files in a test folder containing sensitive information (secrets, server details, personal therapy notes, business strategy), then reconfiguring Hermes to run inside Docker where it cannot access those same files.

The setup process involves installing Docker Desktop, modifying Hermes' configuration file to set the working directory to /workspace, and adding Docker volume mounts that link specific folders on your computer to the container. For example, mounting /Users/username/hermes-workspace to /workspace inside the container allows selective file access. The speaker demonstrates this by having Hermes create files that appear both in the Docker container and the linked desktop folder.

The video emphasizes the distinction between access and execution: agents should have access to only the files you explicitly choose (through mounted volumes), but execution of code should happen only inside the container. This prevents malicious code, accidental deletions, and data theft. However, the speaker notes this isn't 100% foolproof—custom skills may still execute on the host computer—so users must still be selective about which tools and skills they install.

An advanced option is running the entire Hermes instance inside Docker and accessing it remotely via a gateway, providing complete isolation but with some usability tradeoffs. The speaker recommends the basic Docker execution approach for everyday use while reserving full containerization for higher-risk scenarios.

Key Insights

  • By default, AI agents executing on local machines can read and access all files including API keys, passwords, and personal information, even when they have safety features like redaction—the sensitive data may still be sent to external servers like OpenAI's API
  • Docker prevents agent code execution on the host computer by creating an isolated sandbox, but agents can still attempt to access local files unless the container is explicitly restricted through volume mounting configuration
  • The goal of safe agent deployment is to give access without execution—agents should only access files explicitly mounted as Docker volumes, while all code execution happens exclusively inside the container
  • Custom skills and tools installed into Hermes may not run inside the Docker execution backend and could operate directly on the host computer, creating a potential security gap even with containerization
  • Docker volumes can be selectively mounted to create dedicated workspaces for specific applications like Obsidian vaults, allowing agents to access and modify only those folders while protecting the rest of the file system

Topics

Docker containerization for AI agent safetySandboxing and code execution isolationFile access control and volume mountingConfiguration of Hermes with Docker backendRisks of unrestricted AI agent access to computer filesSelective file sharing and workspace managementCustom skills and tool security considerationsRemote gateway access for enhanced isolation

Transcript

[0:00] Before, it listed all of this potentially sensitive information, but now when I tried it again, it says I can't even find that folder. I can't access it. You've probably heard of AI agents like Open Claw or Claude Code, but you might be a little bit nervous about having an AI run free on your computer. That fear is well-founded. Giving these tools access to your whole computer can be really dangerous. Just look at the head of privacy at Meta who accidentally deleted her emails with Open Claw. It forgot that it needed permission to delete, so it just went through and deleted things. How do you run an AI agent without putting your computer at risk?…

Full transcript available for MurmurCast members

Sign Up to Access

More from Wanderloots

Get AI summaries like this delivered to your inbox daily

Get AI summaries delivered to your inbox

MurmurCast summarizes your YouTube channels, podcasts, and newsletters into one daily email digest.