Documentation doesn't explain sandboxing differences between Docker and npm installation methods
#877 opened on May 28, 2026
Repository metrics
- Stars
- (43 stars)
- PR merge metrics
- (PR metrics pending)
Description
Summary
The README offers both Docker and npm installation paths but doesn't explain that Docker provides sandboxing while npm does not. Users choosing npm may not understand they're accepting security risks (e.g., potential for the agent to access all system files).
Priority
🟡 High - Users need to make informed security decisions during installation.
Current Documentation
The README.md shows both installation options:
Option 1: Docker
docker pull ghcr.io/openhands/agent-canvas:1.0.0-alpha.6
docker run -it --rm \
-p 8000:8000 \
-v ~/.openhands:/home/openhands/.openhands \
-v ${PROJECTS_PATH}:/projects \
ghcr.io/openhands/agent-canvas:1.0.0-alpha.6
Option 2: NPM
npm install -g @openhands/agent-canvas
agent-canvas
While there is a general warning at line 42:
⚠️ This runs the agent-server directly on the machine you're installing on — the agent will have full access to your filesystem!
This warning doesn't clearly distinguish the security posture of each installation method.
Issue
Users seeing both options may not realize:
- Docker provides sandboxing that limits what the agent can access
- npm installation has no sandboxing - the agent runs with full access to the host system
- The security implications of choosing one method over the other
Impact
From the user transcript:
Owen Sweeney: "The reason why it's better to run it in Docker is um it like sandboxes it. So it like you can run it with confidence without it, you know, accidentally uploading all the files on your system to the internet or something like that."
User: "And that is does that uh still um like run it in a sandbox or it does."
Owen Sweeney: "Oh wow. Okay. So that's actually not explained here in the docs."
Users are making installation decisions without understanding the security tradeoffs.
Proposed Solution
Add clear security disclaimers to each installation method:
For Docker section:
### Option 1: Docker (Recommended for Security)
✅ **Security**: Docker provides sandboxing that isolates the agent from your host system.
The agent can only access files within the mounted volumes you explicitly specify.
For npm section:
### Option 2: NPM
⚠️ **Security Warning**: This installation method does NOT provide sandboxing.
The agent will run with full access to your filesystem and can read/write any files
your user account can access. Only use this method if:
- You're running on a dedicated/isolated machine
- You trust the agent with full system access
- You understand and accept the security risks
For production use or untrusted environments, use Docker instead.
Acceptance Criteria
- Add security disclaimer to Docker installation section explaining sandboxing benefits
- Add prominent security warning to npm installation section
- Clearly explain Docker provides sandboxing while npm does not
- Recommend Docker for untrusted/experimental usage
- Consider adding a "Security Considerations" section to the README
Related Files
README.md(lines 44-79)- Possibly
SELF_HOSTING.mdshould also cover these security considerations
Source: This issue was identified during a user onboarding session where the security implications of npm vs Docker installation were not clear from the documentation.