Nikita Lokhmachev

the sandboxing framing here is interesting. apple's concern isn't really about vibe coding per se, it's about runtime code execution escaping the review perimeter. the "self-contained app" rule exists because the trust model assumes you can audit what ships. once an app can generate and run arbitrary logic at runtime, that audit becomes meaningless. the app you reviewed isn't the app running on...

How secure is it? I still don't feel comfortable running openclaw on my machine due to it being inherently insecure.