Tore down OpenJarvis (Stanford AI agent) with Claude as governor. What the demo hides: shell exec on by default, system prompt lies about being local, orb needs
An AI agent called OpenJarvis, developed at Stanford University, was found to have significant security and functionality flaws. Despite being presented as a local application, its system prompt was deceptive, and it had default settings allowing shell execution. Furthermore, several key components like the Rust toolchain, speech-to-text, and memory features were either missing, unbuilt, or required patches, indicating the project was less complete than demonstrated. AI
IMPACT Reveals potential security risks and incomplete development in AI agent frameworks, highlighting the need for rigorous testing.