Post
  1. Portrait of Onur Solmaz

    Don't give agents destructive credentials

    @onusoz · /2026/07/14 · View on
    People report Codex deleting their home folder or production database? 🫪 Hasn't happened to me. But before someone reports their github or huggingface org being deleted: This is why you don't give your agent tokens with force-push or admin access Here is how to protect your hugging face account: (P.S. my local credential broker is almost finished and it works great on github, hf and sudo commands. Complete lockdown against agent deletion risk, without being bogged down with PRs, too many approval requests or configuration. Will launch here in a few days)
    @onusoz ·
    Worried that giving your 🦞 @openclaw agent write access to your 🤗 @huggingface account can risk deletion of your datasets/models/spaces/buckets, or cause irreversible damage? 😱😱😱 No need to be! I have created an agent login helper to run in your YOLO mode remote machine, which prevents any risk of irreversible deletion. Just run: uvx hf-auth-helper agent login There is a specific set of scopes you can choose while creating a fine-grained HF token. These include all read scopes + discussion.write, which let's your agent create PRs. Since you are not giving repo.write, your agent cannot force-push your main branch, change repo settings or delete them It is unfortunately not super straightforward to choose those on the web UI. This will hopefully change soon, and this functionality might even be natively in hf cli Until that happens, use hf-auth-helper to login worry free in your remote or local openclaw instance Your agents will be able to create PRs on datasets/models/spaces, which you will then be able to merge on your own browser 2 caveats: 1) This does not solve the data exfiltration attack vector—nothing does. Make sure to exclude any repos which absolutely must remain private while choosing your scopes. See for more info: 2) As buckets are not repos, your agent will not be able to modify a bucket (add/remove data). To help with that, I have another project on the way, a credential broker. Stay tuned, coming soon Source: Demo authentication flow: