MoltBot Security Guide: How to Sandbox & Prevent Data Loss
Don't let AI delete your files. Learn how to run MoltBot safely using Docker containers, permission boundaries, and API spending limits.
MoltBot Security Guide: How to Sandbox & Prevent Data Loss
MoltBot is an incredibly powerful autonomous agent. To do its job, it needs access to your file system and terminal.
⚠️ WARNING: Never run MoltBot with
rootorAdministratorprivileges directly on your host machine. An AI agent can make mistakes. A simple hallucinated command likerm -rf /or overwriting your project'smain.pycould be catastrophic.
This guide will teach you how to create a Sandbox—a safe, isolated environment where MoltBot can work without risking your personal files.
🏆 Method 1: The Gold Standard (Docker)
The absolute safest way to run MoltBot is inside a Docker container. Even if the AI tries to delete everything, it can only delete files inside the container, leaving your actual computer untouched.
Step 1: Build the Image
First, navigate to the MoltBot folder and build the Docker image.
cd MoltBot
docker build -t moltbot .Step 2: Run the Container
We will mount a specific folder (e.g., workspace) so the bot can save its work, but it cannot access anything outside this folder.
For Mac / Linux:
# Create a workspace folder first
mkdir -p $(pwd)/workspace
# Run container
docker run -it --rm \
-v $(pwd)/workspace:/app/workspace \
-p 3000:3000 \
--name moltbot \
moltbotFor Windows (PowerShell):
# Create a workspace folder
md workspace
# Run container
docker run -it --rm `
-v ${PWD}/workspace:/app/workspace `
-p 3000:3000 `
--name moltbot `
moltbotUnderstanding the Flags:
| Flag | Purpose |
|------|---------|
| -v ...:/app/workspace | Maps your local folder to the container. The bot sees this as its whole world. |
| --rm | Automatically deletes the container when you stop it (keeps your system clean). |
| -p 3000:3000 | Allows you to access the dashboard in your browser. |
🥈 Method 2: Local Permission Boundaries
If you cannot use Docker, you must strictly limit where MoltBot can operate.
1. The "Playground" Rule
Never run MoltBot in your Home directory (~ or C:\Users\Name). Always create a dedicated "jail" folder.
mkdir ~/moltbot_playground
cd ~/moltbot_playground
# Run the bot ONLY from inside this folder
npm run start2. Dedicated User (Linux/Mac Only)
Create a user with no sudo access and restricted file permissions.
# Create a user named 'moltbot-user'
sudo useradd -m moltbot-user
# Switch to this user before running the bot
sudo -u moltbot-user npm run startIf the bot tries to access system files, the OS will block it with "Permission Denied".
💰 Financial Security (API Costs)
Security isn't just about files; it's about your wallet. MoltBot runs loops and can consume API credits rapidly if it gets stuck.
1. Set Usage Limits
Do not rely on the bot to stop itself. Go to your API provider's dashboard and set a hard limit.
- OpenAI: Go to Billing limits. Set a "Hard Limit" (e.g., $10/month).
- Anthropic: Set a "Spend Limit" in your Usage Dashboard.
2. Protect Your .env File
Your API keys are as valuable as cash.
- Never commit
.envto GitHub. Check your.gitignorefile includes.env. - Never show your
.envfile on a screen share.
# Check if .env is ignored
cat .gitignore | grep .envSummary: Risk Levels
Which setup should you choose?
| Risk Level | Setup Method | Security Rating | |------------|--------------|-----------------| | 🟢 Low | Docker Container (Recommended) | ⭐⭐⭐⭐⭐ (Isolated filesystem) | | 🟡 Medium | Dedicated User (Linux/Mac) | ⭐⭐⭐ (OS-level permission blocks) | | 🟠 High | Local Folder | ⭐⭐ (Relying on AI to behave) | | 🔴 Critical | Running as Root/Admin | 💀 (Dangerous. Do not do this.) |
Our Advice
Spend the extra 5 minutes to install Docker. It is the only way to guarantee 100% safety.
Your documents and system files are worth more than a few minutes of setup time.