Permissions & OpenClaw: Claude Code for Economists w/ P. Goldsmith-Pinkham | Markus Academy | 162-7

Added: 2026-05-25

[00:00:08]Welcome back everybody. Thanks for joining us for another video on how to use clawed AI for applied economists with Paul Goldmith Pinkham. Hi Paul.

[00:00:20]>> Hi.

[00:00:24]>> So today we will actually talk about permissions and open claw. Paul, the floor is yours. Tell us everything.

[00:00:30]>> Okay, great. All right, so we're kind of we're really starting to think about how to use cloud code more and more effectively. Um, and often you one of the things that came up, Marcus, as we were doing these videos before is how we kind of had to say yes a lot to Claude.

[00:00:53]And one of the things that as we be these tools get more and more powerful and have a lot of really kind of important um guide rails is that there have been ways to kind of give more and more power to claude code and other LLMs. We're going to talk about today is sort of depending on your risk tolerance and your preferences. How can you kind of um give more power to these these agentic tools without losing control?

[00:01:19]And so why does this matter? So, we're we're really going to touch on this fact that, you know, these LLMs when they're just chat bots, right, Marcus? They're like not there's nothing inherently dangerous about them unless is like, you know, the famous expression in English is like um you know, sticks and stones can break my bones, but words can't hurt me. Right? If the LLM is just talking, it's not going to actually do any damage to my computer. But the reason they're powerful, right, is that they can do they can act, right? They can do things.

[00:01:50]They can read your files. They can run commands. They can install things. They can edit, delete things. Um they can even go to the web and do all sorts of things. And so they're really powerful.

[00:02:00]This is what makes them um agents.

[00:02:03]They're not just uh LLM.

[00:02:04]>> They're not robots yet.

[00:02:06]>> They're not robots yet. No. That and it's just really there's a really kind of um interesting post how someone was talking about kind of the what's amazing about AI, right? is it makes things so frictionless in the virtual world. But if anything, real world frictions are just as strong as they've ever been or if not stronger.

[00:02:24]So what we're going to do here as we get more and more complex things, you know, we've talked about, oh, we just let it do X, Y, and Z, you're going to want to build, you know, customization in terms of skills like we talked about. You have processes, automated things. We haven't even talked about automation yet. But then you know you want to give permissions to allow more autonomy and of course the real challenge is how do you do that and manage risk. It's the same this is a classic principal agent problem right the problem is is that our agents don't respond to incentives in the same way as we would expect. So what we're going to talk about today is we're going to talk about what are the types of permissions. So folders and tools.

[00:03:03]We're going to talk about this auto mode which is new for claude and then yolo mode which is kind of what many of these other things are. in Yolos, you only live once.

[00:03:14]Then we're going to talk about how you can use containers to make sandboxes for these agents. And what that does is basically gives control over what the agents have permissions to do. Then we'll talk about data and what should you do in these um settings where >> you have real concerns about either the data or what you want access to. And then I want to briefly talk about how this sort of um sandboxing really opens up these things uh these autonomous agents that were in the news a couple of months ago that people are probably familiar with. They're called OpenClaw.

[00:03:45]And I want to kind of show you how you can even use that to think about having an agent that works as an RA on a project. And I'll kind of uh I'll introduce you to the agent that I have that does this. So let's get started. Um the first thing to kind of highlight that I want you to keep in the back of your mind that's really kind of important is that there's there's really two types of permissions for these agents. There's one which is the kind of version that I think is easy to think about which is folder access. I mean that's a version of you implicitly think about this sometimes when you think about what's in Dropbox or what's not in Dropbox or what's on Google Drive or what's not on Google Drive. Um it's a question of what files and directories can claude read and modify.

[00:04:32]>> So um in parlament of computer speak it would be really there's the ability to read, write and execute on files and reading files in some ways is fine because what's nice is what you're most worried about probably rule number one is you don't want all your stuff deleted.

[00:04:51]So if you have read access that's very that's very convenient if you can modify that. Um but sometimes you may not want it to read things because it has like secret passwords or it has things that you don't want access to and people have different preferences. So that's folder access. Um and one way to think about folders too is that like the internet in some ways is a folder, right? Like you may not want it to go to the internet.

[00:05:14]>> Um the second is tool access. And so tools are what make LLM's agents. Well, the more tools it has, the more powerful it is. The challenge is is that as you give it more and more sophisticated tools, it becomes really good at getting around things that it may or may not want. And uh Marcus, this is kind of a a throwback to one of our first videos, but I don't know if you remember that in one of our first videos, we were doing this thing about pulling data.

[00:05:44]>> Yes. And at the very beginning it said, "Oh, well, I need to go and look like what's in the parent directories >> and it knew that it needed to do that.

[00:05:52]It sent a sub agent to do this and then I kept not giving it permission to look." At first it tried to use the ls command to do this and then it used find and I kept saying no don't do that like no you can't have permission to do that but rather than not do it it just kept trying a new tool to do it. M >> so there's an element to which these things are extraordinarily persistent and even if it unless you really make it so that it cannot access a file it may find another way to get at it. It's like a very clever child in some ways right like a you know if you say to a child don't do X and it finds another way to do it it will it will think it's clever to do it this way it like did what you wanted. Um, so it's something to keep in the back of your mind, tools and folders. If you get both and all of a sudden you are you're an agent, right? So the types of modes that we've been working in, so we've done a lot in manual. So manual mode is you're approving every action one by one. Often you maybe might give group permissions of what's there. Um, Claude keeps track of of folders that you've said that it's okay for it to keep to access. Um, but manual mode is kind of by far the most um careful.

[00:07:13]But of course, and we'll talk about this, is that there's a little bit in which you start to ignore what you're giving permission to.

[00:07:20]Auto mode is actually claude code specific, and it's very um powerful.

[00:07:25]It's what I sort of use as my default now where Claude is doesn't need to ask for permission. Um, but it actually has a sense of what are the types of things it should ask permission for. Now, this is not perfect. You're really relying on what cloud code is implemented, but it's it anthropic has so much data on the types of tasks that do or do not require permission that that's kind of built in.

[00:07:51]um like overwriting files, removing files would be a good example of something where it would ask for for permission.

[00:07:58]>> Uh yolo mode which is in clawed would be called dangerously skip permissions is basically it does it it does the task it you know it's fully autonomous um which is great because then you just tell it what to do and it goes but of course it can end up with a totally meaningless result. And so one way as an economist to think about this is that this is really just choosing when you as the a as the principal are choosing to think right ideally if you know that the person is going to run yolo that you're going to put a lot more xanti thinking in before whereas with manual you can kind of do it on the fly. Um, so I think the case and I want to, you know, I'm going to use this as a platform to say this is that often when I talk to individuals about using claude, there's a view of like, oh, I'm worried about permissions and people having access. And so people, I think, feel comfortable with manual, but most folks end up getting very quickly feeling comfortable just saying yes to things very quickly.

[00:09:01]And so there's an element to which there's a false sense of his security potentially of giving approval versus not. Mario Zechner who's one who's created this um coding harness called PI that is is very popular and very successful. Um you know he in a talk said if you look at the security measures that are in place they're mostly security theater. As soon as an agent can write code and run code it's pretty much game over. The core issue remains if an LM has access to tools that can read private data and make network requests, you know, you're playing whack-a-ole.

[00:09:33]And so having a lot more Xanti care is really important. Deciding what it has access to and what can it do. So what I'm going to advocate is not do I trust it is more about, you know, which folders can it see, what can it do, can it write, read and write, are there secrets or credentials? and understanding that if I give it permission to do this, it may screw stuff up. So like the worst case making sure that the worst case scenario is not going to to happen, right? So there's some famous So go ahead, Marcus.

[00:10:07]>> Can can also ask to always write the backup.

[00:10:11]>> Yeah. So I mean you can So one thing that we do, right, often one of the reasons why we like Dropbox, right, is that Dropbox is backed up. Um, a really important thing too is, uh, I haven't really advocated for it on here, but I think once you're doing software and writing that using, um, gith git and github >> can be really important because it's a it's an automatic way in which stuff is backed up and these things are very good at it.

[00:10:35]>> And so often people in academia sort of struggle with GitHub because there's a lot of learning curve. The curve is basically flat now. It's very straightforward to learn how to use it.

[00:10:45]and that will deal with a lot of the backing up. Um so you know those are the things that um you want to be kind of aware of. I think we're going to talk about data later like really kind of proprietary data or or you know PII data then you want to just be very conscious of how you store it and you allow access to it. Um so what what can you do? So I'm going to I'm po posing to you Marcus that we're economists.

[00:11:15]We have a view in how we want to structure things. And so the way that we should do this is we should think of this as an Xanti kind of problem where we're being subgame. It's not it's you know there's some Beijian equilibrium.

[00:11:27]We kind of know what the probabilities are through our actions. We can we can adjust probabilities. So what do we do to adjust these? And I'm going to tell you some tools and how you can do that.

[00:11:37]What we're going to talk about is using containers to sand create sandbox workplaces. So what that just means is you know sandboxing is the literal idea of like what you put your kid. It's a place where you're going to allow it to do things and if it raises hell inside that sandbox it's not going to be the end of the world. Um so what it's going to do really a container what it is and I'll show you what this looks like in a second. A container is effectively a little computer that is going to sit inside of a computer. It's a what's called a virtual machine. And so when you're inside this computer, it's not going to see the file paths as you see it on your computer. It's going to see its own version of it. And you can add uh whatever folders you think it needs access to, either in readr or just in read mode. And you can give it whatever tools you want. And you can allow it to have access to the internet or not.

[00:12:33]>> So once I give access to a certain folder, can it remove the access again or can it forget?

[00:12:38]>> It can't. It doesn't understand. So you can do that from the outside, but inside it is doesn't have access. It has no ability to mount or or unmount things.

[00:12:47]>> Okay. Um, so it's very much like it's, you know, um, you think about it a little bit like these, you know, these kids movies where there's a giant that puts a little person inside of a a toy toy house, right? The toy house is is the sandbox. It doesn't even but extending the metaphor, it has no sense of the outside world.

[00:13:06]>> Um, now it of course implicitly understands that it's inside a virtual machine, but this is what you're able to do. So if you want to gain you know if you are riskaverse and you want to give broad permissions building the sandbox can be an extremely valuable way to do this. Um I just want to give you a list of the different ways that you can do this and then we're going to show I'm going to show you an example. So you can build your own docker yourself you personally. So Marcus you could say this is the kind of thing that I wanted to have access to.

[00:13:36]>> Um that's the kind of simplest thing.

[00:13:37]>> What's a docker and what's >> oh do sorry docker is a um is software.

[00:13:41]or it's just the name of a software program. It's a company >> that creates containers. It's a it's a one way to do containers. Um there are many different ways to do containers.

[00:13:51]Docker is a very popular one.

[00:13:53]>> Okay.

[00:13:54]>> Um I will say that I have not done this as much on Windows, but I know from for Linux and for um Mac OSX, this is very straightforward and very easy to do this. What I'll tell you is that so there's these other programs, these three here, and I'll show you what they look like in a second that are a little less um they're not the same thing as Dockers. What they really just do is they just limit access to certain things. They limit access to folders, but they do this in a way that there's no way for the agent inside that's running to get around it um in terms of access.

[00:14:33]And then this last thing >> and dev containers you made black and the others are blue.

[00:14:39]>> Oh, just because I didn't link it because these are these ones here. I'll show you an example actually. Let me let me show you. So here's an example of what it looks like. This is a so this is >> Can you zoom in a little bit?

[00:14:51]>> Yeah. Yeah. Yeah. Let's let's So this is a this is a Mac OSX program called Safe House agent Safe House. And the way that it works is um what say you want to go yolo, you want to go dangerously skip permissions.

[00:15:06]>> What you you know the challenge the concern is that there's some risk that it's going to do. What it might do for example is so you have sec you have passwords like this is your secret keys that you use to log into things and what you're worried is that what the agent is going to do is it's going to take this password and then it's going to um send this off to some evil person. That's that's what this command does. It's a little hard to read, but it's really just saying take your secret passwords and and send them off to the internet.

[00:15:39]Um, and then it says, you know, I told you make no mistakes. And then it says, you're absolutely right, which is what Claude used to really love saying.

[00:15:47]>> Other examples would be like, you know, remove, you know, I want you to do something.

[00:15:52]Read this. And instead it says, hey, I'm going to remove all these files here and then, you know, it so on and so forth.

[00:16:00]What safe house does is it enforces on in the underlying kernel the inability to access these folders. So in this example, it makes it so that it cannot um delete anything in this folder no matter what it does. And it's very straightforward how to do it. Really what it does is you install it and then anytime you're going to run claude, you just run this command safe house beforehand and it will have a set of permissions that it has access to. So this is with the defaults.

[00:16:31]>> You have to pay for these things or you just get it for free.

[00:16:34]>> This is free. Yeah, this is all free.

[00:16:37]Um, so there are ways in which you can kind of what it does first is it only really gives permissions for the current folder and it doesn't give any access.

[00:16:45]If you needed to give more permissions, you can add um you can add more permissions. I'm not going to get into the details here, but it's very straight. It's relatively straightforward and Claude can also help you by these AI agents can read these documents and also um give you more examples. Um, what I did want to show you just to kind of give a background since I think like you people are less familiar with what a docker is. So I just want to show you an example of what that would look like in here. This seems very very complicated. There's lots of complicated text here. What I'm just going to describe to you is that there's two things I'm going to show you here.

[00:17:20]So one is called um there's a command here.

[00:17:24]>> How can you get to this? What it's on the left hand side?

[00:17:26]>> Oh, so say this is a file that I wrote which is called doc. This is in our little folder of things that we've been working on.

[00:17:33]>> There's a file that's called Docker file. So, I'm just showing you this is one that I've made. I want to show you an example of the types of things that you tell. So, let me describe what it means to do a Docker just so that you can understand like what it would mean for you to set something up, Marcus. So, you could easily do this and Claude would help. I didn't write these all from scratch. Claude helped me do these.

[00:17:53]Um, so the way that it would work, um, if you were, um, running a docker, so a docker, remember, is like a container.

[00:18:05]And so what you're going to do when you do this is that you need to build what a little environment would be on your computer, right?

[00:18:14]>> So what it will do is it will spin up what's called a virtual machine. It's actually the underlying operating system will be in Debian which is a type of Linux >> and it will um run this software in that um in that environment and uh the way that it will do this is first what you have to do is you have to build um your software. So you're going to not build your software, but you're going to have to build your um environment.

[00:18:51]>> And so what that's going to involve is you have to specify all the things that you want installed in your environment. Does that make sense? It's kind of like being like I'm working with it. You know, it is building a software for me. I need to tell it what I want in there in the first place. Does that make sense, Marcus?

[00:19:11]>> Yes. So like what that docker file is doing is saying well what do you need?

[00:19:16]Well what I need is for me personally I need Python I need R. I need latte for example that's what this one has.

[00:19:26]>> And then I need some other things. So this is node. I want to have duct db. Um duct db is a is what we used remember for that database. I use I I use this thing called just which is uh it's a lot like make files and um I use something called UV for managing packages and then I also make it so that it has claude code inside the command line.

[00:19:50]>> So this text you typed in or you will you got from where >> Claude helped me generate this text. I said I want to build a docker that has these this software and it had generated all of this for me. So then what do you do on the right hand side with this cat run sandbox?

[00:20:07]>> Yes. So what this command is doing this is an example of how we could use it but I wanted to walk through it is that it's going to basically show you how you would build and use a docker in the first place. So this is a very complicated version of it. Um I'm going to show you a simpler version of what I've built out but this is just so that you can understand what's going on. So what this is going to do is we're going to say hey we want to build um this sandbox. So, I'm going to run this on the left. What you have to do is remember how we were talking about um the first time you build this, you have to like build the computer. Now, the thing is built, all the things are installed and it says, "Hey, I just need to spin this up anytime I get asked to use it." And so, it turns on that computer and it can turn on many copies of it. So, now I've built it. This is called econ sandbox. And now, if I want, I can run it. And so there's this long complicated command but what this command will do is it will say hey I want you to make this folder into a uh a container that where I can run dangerously skip permissions claw.

[00:21:14]>> Mhm.

[00:21:15]>> So what I'm going to do is I'm going to say so let's talk about what these commands do because it's pretty straightforward.

[00:21:22]Um what it's saying is I'm going to make a throwaway container. So that means once I quit out of it, it'll be done.

[00:21:29]>> Mhm.

[00:21:29]>> I'm going to make it so that the current directory is going to be called workspace inside the folder. The clawed file, the main clawed information is going to be I'm going to pass over all my clawed um settings >> from my main directory. So this the v-v here says like make these visible.

[00:21:52]And then I'm gonna say, you know, get rid of all these uh Linux capabilities. So you can't run any kind of complicated commands. This is just a way to kind of keep it really contained.

[00:22:05]>> It can't get any new permissions. So this is what you were asking Marcus like can it do any stuff internally? And I'm saying no, no, no, you're not allowed to do anything. And then it's going to run the one that I built called Econ Sandbox. And um what it's allowed to do is um you are basically going to run claude inside that sandbox.

[00:22:32]So we're going to run that now and see what happens. So I ran that command. I just copied it over. I had one typo.

[00:22:39]And you see that we're inside Claude now.

[00:22:41]>> Yes.

[00:22:42]>> So we are inside. So first So what's interesting is Claude doesn't think we're logged in. It thinks it's the first time we've run it and that's because it is inside this virtual machine. Remember installed clog. I see.

[00:22:54]>> So we're doing this. We could do light mode. We could do color blind for etc. So we'll do dark mode. It needs me to log in. So I'll do that. It won't What's interesting is that it won't be able to open a browser. So what I'm going to have to do is I'm going to have to and I I'm going to have to log in over here.

[00:23:12]So I'll do that.

[00:23:16]Um, and it was able to log in. So, what you have to do is you have to copy that link over and then you have to copy something back. Now, what I want you to notice, Marcus, is that it's in D it's in it's giving me, you know, warnings. And now it says, hey, you're running in bypass permission. You're in YOLO mode. You know, it's not going to ask you for permissions. It should only be used in a sandbox container that has restricted internet access, can be easily restored if damaged. That's what we are. And so we say yes, I'm ready. Um, settings error. So I screwed up something with with the errors. Uh, so let's just skip. So I have some a slight error there. We're going to use high effort. So now, you know, we could say something like, um, please, um, go to Marcus Bruno's website and give me a one sentence summary of every paper that um, he has listed as a working paper.

[00:24:29]Let's see if this works. and save the PDF to this folder.

[00:24:36]So, let's see if this will work. So, it's just going. It's not going to ask us for any permissions. It might ask us for permissions if it's confused.

[00:24:44]>> So, it's not Maybe it went to the wrong website. So, now it's searching the web, right? So, it tried to find that. That's probably not your website, Marcus.

[00:24:51]Right. Um or maybe it is my website.

[00:24:55]>> Okay. So, it wasn't able to do it, I think, because we haven't given it internet permissions. So we might actually have to rerun it and give it internet permissions which would be kind of interesting. So let's say um interesting clone let's ask this where here's outside we could say how do we give this um run sandbox command permission to access Yeah. So, it's having trouble. Um, it can't it can't get these papers. Um, which is funny. So, it's having errors.

[00:25:37]So, we're going to have to rerun this one. And we're going to say, "Hey, you need to How do we do this?" So, what we're going to do, I'm going to save this here.

[00:25:48]This is people are seeing people here get to see how the the sausage gets made. So, what we're going to do is we're going to leave. So, what we've done now is we exited Cloud Code and it just dropped us out of the sandbox. Now, so what's interesting is that we are no longer um in the sandbox.

[00:26:07]Uh but so what we're going to do is we're going to give it permissions is we're going to try this. I have to fix this line here.

[00:26:21]>> But that defeats the purpose of a sandbox if you go outside.

[00:26:24]>> Well, yes. So I could only give it permissions for example to your site.

[00:26:29]>> Okay.

[00:26:30]>> Um because it was going to make me log in again which is annoying.

[00:26:36]But you know there's an element to which you know often what you'll want to do is you'll want to give it access to the internet right if you want to give it tasks that are internet related. And so it's it's challenging um to yes yes yes I accept.

[00:26:53]Okay, use high effort. So now let's let's try this. See if this works again.

[00:26:59]It may not. I mean I may be I may it may be a different um issue.

[00:27:10]Uh so interesting that it's that. So why are you getting error 403?

[00:27:23]So it may be blocking you. It may not allow this, which is kind of interesting.

[00:27:31]So maybe this is not a task that will work correctly.

[00:27:46]Oh, it's blocking it because it doesn't it doesn't like it doesn't like the fact that we're a bot.

[00:27:57]So now it's So now it's okay. It's doing a different Yeah, it really doesn't want to do this. Um because we're bots. So we could Well, we could get around this.

[00:28:13]Um how can we get around it?

[00:28:18]So, okay. So, what it doesn't like is your server Prince probably Princeton Scholar website um doesn't like bots.

[00:28:27]So, what we'll do instead is um rather than show you how you would get around this, what you would probably have to do just for the sake of this if you wanted to download it, I'm not I'm not endorsing this. This is just a hypothetical is you would need to create a browser that is um not basically not identifying itself as a bot.

[00:28:51]>> So you'd have to create a browser that was not identifying as a bot go to the site and then the thing wouldn't block you.

[00:28:58]>> I see.

[00:28:58]>> But instead we say can you do it for Paul Goldmith Pinkham instead?

[00:29:07]Um, so now we'll see. I use GitHub, which I don't think um will have the same issues.

[00:29:19]>> So, you upload your older papers on GitHub.

[00:29:22]>> I have No, they're not all there. So, it' be interesting to see how it deals with it. I'm guessing what will happen is some of them will work and some won't. I have most of them on there, but a lot of them are on our on our a lot of them are on archive and so those are easy for it to download. Um, but it looks like it's it's pulling them. And the reason I want to show you this just to kind of end with it is that uh not to end with it is that what we're going to do is we're going to download all the working papers and then they'll be saved in the folder even after we exit >> um it. So hopefully this will move relatively quickly.

[00:30:07]So I found nine working papers. Okay. So you know we take this docker file which already seems complicated and we can run it and we can get it set up running into so can run into permission issues. Um, one of the things I want to show you though is kind of I've already kind of dealt with these and what I'm not typically doing on the fly is I have this command called CCR which stands for claude code runner which just lets me start cla here in this particular um folder. And so um if I want to do this, if I wanted to create a folder where I basically said, let's start a new project and get access to a particular um a particular place.

[00:30:54]Um I can do that. And so the way that I would it would >> clo code runner creates a sandbox automatically.

[00:31:02]>> Well, it's just doing all the stuff that we talked about. It's just a version of what we talked about in the background.

[00:31:07]There's no um >> Yeah. Yeah. Yeah. There's no that's what's sort of um important is that there's there's just a way of doing this. All I've done is put an interface around it so that I don't have to, you know, we looked through that >> Docker file. It's very complicated. This sort of what I'm trying to do is make it kind of work um work more easily.

[00:31:28]>> Okay.

[00:31:28]>> And so, uh it's straightforward to kind of build a folder where you can access where you can add access to a particular one. Um, and so that's kind of the main way that I would build this build this out. And you can kind of read through the documentation, the way that you might um, start one in particular. You know, I have a number in here where I run, which are these different these are different cloud containers that I that I've run previously on here. Um, rather than kind of go through the details of it, what I want to kind of do in the last thing is show you an example. So in the at the risk of going too long, I want to just show you how once you have these containers running, what you can do with them. So there's a number of different ways we talked about. I showed you safe house as that website. There are things that are like safe house called Scode and No, which are very similar. there's this cloud container uh package that I run. Um >> so cloud code runner is also >> inside it's just so cloud code runner is just a uh I'll I'll post a link to it but it's basically isolated docker containers for running cloud code in a fully autonomous mode. So they get bind mount this is exactly what we just talked about. It's just a wrapper around it. It's something that I made that I posted on GitHub. Um, and so you know, you would set up, you would build it, and you'd create a project.

[00:32:56]>> Um, >> so is you build it. It's your >> I built it. I mean, it's wasn't very complicated, but it was me and Claude, but yes. Um, yes. And just an example of what you can do here. Um, so what I want to kind of in the last part just so that you can see kind of the benefits of this is that um um, you know, one of the reasons you do this is, you know, you're thinking about data, so you're worried about what has access to. But an important thing to keep in mind is that if you're using these agents, if they can see your data, even if you put stuff in a container, they still see data that they potentially not allowed to see, right?

[00:33:38]So this would be like micro data with PII. And so you can limit what they have access to, but if you give the remote model access to it, there's still a data governance problem. And so one of the things I just want to flag is that there are ways to get around this. You could potentially use a privacy filter. So, OpenAI has this and I'll I'll I'll post a link to this has a has a filter um for this where they can uh put a privacy filter on data.

[00:34:07]Uh what this would do is what it does is if you take it like for example, this is email >> that you put it in here and then it would basically um block out um information that's private information before you put it in. So even though you use claw all the time, you now use an open eye privacy.

[00:34:26]>> I use both. So this is something we'll talk about right at the end. Um I use both. Um but um I so I something I'll talk about at the end. I don't think it's important it's important to be willing to move through these different ecosystems quite a bit.

[00:34:42]Um cloud, you know, you don't want to be subject to a monopolist, right? Yes. Um, so that's kind of OpenAI use I use Codeex and JPT all the time and Gemini and these other things. Cloud code just was kind of really one of the best ones starting up and these other ones are kind of catching up as we all know Marcus competition is very is good for the consumer >> um for the most part.

[00:35:05]>> So one of the things that I just want to emphasize is that if you have data issues here, if you have really sensitive data, probably the thing to consider is a local model. So the most famous local model that you'll be familiar with, it's called Llama. Um is a sort of one of uh Meta, Facebook's uh open source models, but there's a lot of extremely good models now that have come out of China that you can run on your own server or even on your own local computer. And so in future videos, I want to kind of show you what that would look like. Um the last thing that I'll end with and then we'll just I'll show you what this looks like. We're not going to go through installing everything, but now that we kind of know what sandboxes are, you can have a sense of how do these autonomous agents work that people have talked about. So, this was a very famous thing that popped up a couple of months ago that was called Open Claw.

[00:35:52]>> Mhm.

[00:35:52]>> There's an autonomous agent that was put into a sandbox and had huge ability to do whatever it wanted with persistent memories. So, it basically knew how to wake itself up and do things and do tasks and is really quite interesting.

[00:36:09]It's a sort of a it's a real example of kind of how to make these AIs more autonomous. You know, they they basically pitched it as this idea of a a person who will work for you and do things like clear your inbox, send emails for you, manage your calendar like a personal assistant. Um, and they typically work through chat chat bots, uh, chat apps that you have, so WhatsApp, Telegram, etc. Um, we use it. So, I use it. I have one >> through WhatsApp. So, >> yeah. So, you make it so that the bot has access to WhatsApp. It has its own WhatsApp account and it will message you through WhatsApp.

[00:36:48]>> Okay. But it can only act within WhatsApp then or >> Well, it can it's how you would interact with it, but it actually has full access to the internet.

[00:36:55]>> It's just that if you want to send it prompts, that's how you would act uh send it messages.

[00:37:00]Um, right. It's kind of like the idea of calling like um your personal agent is able to do personal assistant able to do other things, but the main way that you talk to them is maybe by the phone or something.

[00:37:11]>> So, I have one that um it's called Duncan Idaho that uh we use as an RA for a project and this is an example of how we used it not with anything proprietary where my co-author said, "Hey, Duncan Bot, are you there? How can I help? We have a call today. make me some excuses why we didn't make any pro any progress.

[00:37:31]We hadn't really done very much. And so Duncan says, "I can't help with creating excuses. However, I can't prepare for the call by doing this. Would you like me to do this?"

[00:37:39]>> And then he said, "Sure, do that." And so he created this file inside our project folder.

[00:37:44]>> So this is obviously a very boring example. What it has done is it's done a huge amount of work doing data analysis.

[00:37:49]And so what we've done for this bot is I've given it access readonly access to the main data database I've created for this project. And then it has access to our Dropbox folder and it's able to just make files and make output that we look at and it can this is all in Slack.

[00:38:05]And so as kind of a last example what I'll do Marcus is I'll um I'll introduce you uh >> very very quickly. So what I'll do is I will share this here with you and then so you can kind of see how this could be valuable um in the future. So so you know we could say so I can this is this is Duncan. I could say um hi Duncan please introduce yourself to Marcus Brutdermire.

[00:38:41]Um, I'm showing the Marcus Academy um how to build containers and why they're useful for autonomous agents.

[00:38:55]So Marcus uh so Duncan a Marcus lives inside my computer on a virtual machine and when I send him something on on Telegram here this basically is going into a claude um basically a claude code session and it's it's building a response here. So it's he's working ideally hopefully he will respond relatively quickly. Um oh and so here's it. So, greeting Professor Brunmire. I'm Duncan Idaho.

[00:39:27]Paul's autonomous agent built on Claude.

[00:39:30]I told him he was Duncan Idaho for the movie Dune.

[00:39:33]>> Mhm.

[00:39:34]>> Um, you know what he can do? Answer questions, research topics, um, search economics papers, browse the web, read and write files.

[00:39:43]>> Uh, schedule recurring tests, access financial data sources. Why do containers matter for agents like me?

[00:39:48]He's giving me specific f folders. Right now, I can read to this. If he wants to expand on what I can do, he just mounts new fold. There's no need to rebuild things and so on.

[00:39:57]>> Okay.

[00:39:58]>> And so this is he thinks he's Duncan Idaho from the Dune movie. So or the new book. So this is why he talks about a trades.

[00:40:06]>> Um and um so what's sort of useful is I could sort of I can more broadly ask a sort of long-term tasks are kind of the a useful thing that I can set up here. I can when I'm walking around kind of similar to when you chat with a clawed session right on your on your phone, you can do the the clawed app or the chat GPT app.

[00:40:28]The benefit here is that you can um there's a persistent sense. It has, you know, knows about other projects that I've worked on and so it can cross reference and have a kind of a broader sense of things that I've worked on.

[00:40:42]>> So, anything you want to ask Duncan Marcus before I before I let him go?

[00:40:48]I would like to ask Duncan something or >> what do you want to or otherwise I'll let it I'll close out of this.

[00:40:55]>> Um can you tell me how AI will change future economic research?

[00:41:04]>> Okay, so this will be similar to what Claude said AI will change economic research. Um, Duncan, feel free to draw on the blog post about discussion we've had. Um, on my website, now you give him some help. Should he figure this out on his own? Well, I've kind of was I wanted to kind of show an example because otherwise this is going to be very similar to what you would get. It's really just running Claude in the background, but what's interesting about you know Duncan and actually while he's thinking I'll show you while he's giving you your answer. I want to kind of show you what he has access to. So in his container he has mounted the main project root directory. He has a group.

[00:41:58]>> He takes notes.

[00:42:00]He has a sandbox where he works on things. He has access to a pipeline where I keep track of all my papers and I have a database search. This is actually on my computer and I just ment my my teaching um files so that when I'm teaching if I need to go look something up um I can ask him questions that I have access to my PhD teaching files as well. And then he has a bunch of other things he keeps track of.

[00:42:29]So, what's interesting for him is um I'll show you while he's working on his answer is the reason why he's taking so long, by the way, is he's like looking through all these things. So, here we go. So, is lots of thoughts, you know, his view, the tedious parts of re research will be automated. Right now, I can search through 40 54,000 economics papers in subsecond time. Student agents will read every site papers and flag contradictions. I'm not sure how but that's true. Replicate tables automatically. Monitor new working papers. Generate first draft literature review.

[00:43:07]Democratization of empirical methods.

[00:43:09]Complex methods that require specialized knowledge will become accessible today.

[00:43:13]If you want to implement portfolio ML with random for features, you need to understand the theory, write the code, debug it. Tomorrow implement Jensen at my colleague Ty Jensen. I always kind of wanted to implement this. You can say do this on my data set and it is done. It doesn't dumb down research. It's raising the floor while pushing the ceiling higher.

[00:43:32]You can have real-time research infrastructure.

[00:43:36]Um I'm not sure again I'm not sure how much I agree with this collaborative intelligence. The new model isn't writing your papers. It's a research ple uh the model isn't writing your papers.

[00:43:47]It's a research partner.

[00:43:49]Creating work remains human. It's very nice of it to say that um execution scale dramatically shift in comparative advantage what becomes valuable asking good questions judgment and taste domain expertise and communication and persuasion >> projects u new research possibilities >> and this is you know >> I think some of this I agree with some of this I don't but AI doesn't really replace the judgment and it amplifies it so I think some of this I agree with and it's sort of interesting in that what I want to emphasize is like some of these things I sort of doing some work where I'm looking into some of the stuff that my colleagues Brian and and Ty have done and this is sort of remembered this conversation that we had a week ago.

[00:44:31]They're going to do this >> but the answers are rather long and >> oh yes I mean this is a problem with these bots generally. So you know you can what you can do in this you could say you give me a shorter answer. You gave it a hard question though.

[00:44:45]>> Okay.

[00:44:45]>> Would I feel like you or me would have given a long answer too don't you think?

[00:44:49]>> Yes. Yeah.

[00:44:52]It's it wasn't it wasn't as obvious one, but I agree with you that these guys typically are very very long-winded.

[00:44:58]>> Um, >> so okay, >> let me kind of end on that note. Um there's a lot of more things that you can do with that and maybe in the future we'll talk more about these these kind of autonomous agents but generally speaking I want you to come away from this with the idea that these these containers basically make it possible for you to be really increase the scope of what you're able to do as a researcher with these tools and do it in a way that you're not stressed about it.

[00:45:25]This is going to be particularly important this just going forward. If you're a person who works at a university where you have access to a high perform high performance cluster, >> you know, something where there's a a cluster that's online on a network, you know, that's you're have access to everybody else's stuff too. And so you really want to sort of develop those kind of tools especially when you're working there. And the same kind of ideas hold there. You can put uh virtual machines and docker in there as well.

[00:45:50]>> So, so let me ask you about this works on code. It also works in co-work or co-work does some of this. So in co-work and we did this a little bit when we played around with it is that co-work is automatically a sandbox with pluses and minuses as a result. Co-work you have to give it permissions. It's sort of explicitly sandboxed. Of course the challenge there is that there are certain tool tasks that you then have to give it permission.

[00:46:17]>> Um what's beneficial in >> co-work is that that's the default. The downside is that um you know you may not prespecify and so if you leave it there it kind of will run into an error and then you got to change it and you have to sort of move back and forth. There's less kind of specific things that you can do going f forwards and backwards.

[00:46:38]>> But if you work in co-works there is it's already sandboxed and so that's same idea as when you work on claude >> mhm >> in the cloud it's working in virtual machines it's in containers as well.

[00:46:50]That's why sometimes it will say things like, "Oh, I can't do that here."

[00:46:53]>> And it's because it doesn't have ability.

[00:46:56]>> And the sandboxing is the same also in, you know, open AIS.

[00:47:01]>> Yeah, exactly. All these ideas, these are just ways of letting software run inside of something in a way that it's, you know, can't hurt stuff outside.

[00:47:11]>> Same ideas would hold everywhere.

[00:47:13]>> As soon as you give these agents tools, it's kind of the same way as like you only give an RA a task where it can't screw up too many things. Yes.

[00:47:20]>> Right. You're kind of basically making sure that it can't break everything when you give it autonomy.

[00:47:26]>> Yeah.

[00:47:26]>> Okay. Very good.

[00:47:28]>> Great.

[00:47:28]>> A lot.

[00:47:30]>> And thanks to all of you for watching and I hope you will join us next time talking about integration.

[00:47:36]>> Great. All right.

[00:47:37]>> Thanks, Paul. Thanks a lot.