VIDEO
HIGHLIGHT
Log InSign up
I Built My Own Clawdbot (It’s ACTUALLY Safe)
SummaryTranscriptChat

I Built My Own Clawdbot (It’s ACTUALLY Safe)

Cloudbot Security and Custom Bot Development

Introduction to Cloudbot Issues

  • The speaker highlights the security vulnerabilities of Cloudbot, which has resulted in numerous data leaks.
  • In response, a new secure bot is developed and offered for free, capable of running tasks autonomously 24/7.
  • The bot can analyze and enhance its own codebase based on past experiences.

Setting Up the Secure Bot

  • The video promises a step-by-step guide on setting up the bot without compromising sensitive information like API keys.
  • Viewers are encouraged to stay until the end for a complete understanding of the setup process.

Practical Example: Financial Adviser Bot

  • A practical demonstration begins with creating a financial adviser that conducts daily market research before trading hours.
  • The speaker outlines organizing files related to the adviser’s tasks and report templates.

Job Creation Process

  • After inputting commands into Telegram, the bot generates a detailed plan based on user prompts.
  • The system logs all actions taken by the bot using GitHub for transparency and tracking purposes.

Monitoring and Improvement Mechanism

  • Completed jobs are logged in GitHub, allowing users to review changes made by the bot over time.
  • Understanding pull requests and GitHub actions is essential for leveraging this system effectively.

Scheduling Tasks with Cron Jobs

  • A cron job is set up for daily financial research tasks, demonstrating how scheduled automation works within this framework.
  • Users can inquire about job scheduling formats through AI tools like ChatGPT or Claude for further assistance.

Output Analysis and Reporting

  • The generated reports include insights from the agent's processing steps, enhancing understanding of its operations.
  • Logs stored in GitHub enable future agents to learn from past performance, improving their functionality over time.

Conclusion: Integration with User Interface

  • Once jobs are completed, users receive reports via Telegram that link back to their original queries.

Creating and Managing Pull Requests

Overview of Pull Requests

  • A pull request allows for code review before merging changes into the main branch, ensuring quality control.
  • Configuration options exist to allow bots to check in code without approval, though default settings prioritize security.

Merging Changes

  • Approving a pull request involves merging new code back into the main branch, enabling the bot to utilize these features.
  • After merging, changes become visible in the repository, allowing for manual edits directly on GitHub.

Triggering Jobs with API Calls

Job Execution Process

  • Jobs can be triggered manually using external API requests rather than waiting for scheduled times.
  • The system includes various cron jobs that automate tasks; most are disabled except for a few essential ones.

Using Postman for API Calls

  • Postman is utilized to send API calls to trigger jobs within the bot's framework.
  • An API key is required for authorization when sending job requests; this enhances security by protecting access.

Job Completion and Reporting

Monitoring Job Status

  • Upon job completion, a new pull request appears detailing changes made during execution, including logs and reports generated.
  • The bot provides feedback through Telegram about job status and any issues encountered during execution.

Installing the Pope Bot

Installation Steps

  • To install the Pope Bot, users must follow specific instructions available on GitHub, including prerequisites needed beforehand.
  • Users should fork the repository into their own private account before proceeding with installation commands in their terminal.

How to Set Up a Telegram Bot for Repository Management

Creating a Token and Setting Permissions

  • The process begins with creating a token named "delete me" for temporary use, ensuring that the bot has access only to one specific repository.
  • Required permissions include actions content metadata and pull requests. Actions need read-only access while both read and write permissions are necessary for pull requests.

Generating API Keys

  • An anthropic key is needed, which can be created easily. OpenAI and Grock keys are optional; adding OpenAI allows the bot to listen to voice messages.
  • A Brave Search API key is also required for web searches, which can be obtained through a free account.

Setting Up Telegram Bot

  • To set up the bot on Telegram, search for "bot father" and follow prompts to create a new bot by providing a name (e.g., "popebot demo") and username ending with "_bot".
  • After creation, an access token is generated which needs to be copied into the setup process.

Running Event Handlers

  • Two processes must be started: an event handler that facilitates communication between Telegram and the bot via webhooks.
  • A tool called Enro helps connect local development environments with cloud services, allowing Telegram messages to reach your local machine during testing.

Verifying Setup and Security Features

  • Once everything is set up, verification involves sending a message from Telegram that confirms successful connection; responses will indicate if the setup works correctly.
  • The security of credentials is emphasized; they are stored in GitHub secrets rather than within repositories or jobs themselves. This ensures sensitive information remains secure during operations.

Understanding Repository Secrets and Bot Functionality

Overview of Repository Secrets

  • The repository secrets are not directly accessible; GitHub sends credentials to the container in real-time for bot usage.
  • Key secrets include the GitHub token for automated checks and a webhook secret for secure communication between GitHub and the event handler.

Security Measures in Event Handling

  • The chatbot requires knowledge of specific secrets to accept messages from GitHub, ensuring secure event handling.
  • Credentials are inserted at runtime into the job, preventing access to sensitive information within the bot's definition.

Bot Architecture and Credential Management

  • The bot operates with two sets of credentials: those visible to the LLM (Large Language Model) and those kept secure.
  • While some credentials are necessary for LLM operations (e.g., web scraping), others like the GitHub token remain hidden from it.

Distinction Between Required Secrets

  • Only essential secrets are provided to the LLM, such as API keys needed for its functions, while keeping other sensitive data secured.
  • Currently, only the anthropic API key is stored in LLM secrets alongside additional keys like Brave Search API key required during operation.

Future Improvements and Community Engagement

  • Plans include enhancing memory systems for better conversation tracking across various chat platforms beyond Telegram.
  • A roadmap aims to introduce common skills through plugins or repositories, allowing users to enhance their bots easily.
  • Encouragement for community involvement through issue filing on Popebot and joining discussions in no-code architect communities.
Video description

▸▸ Build AI Products → https://no-code-architects.dev ▸▸ The Pope Bot → https://github.com/stephengpope/thepopebot ----- Most AI agent platforms put your data at risk—so I built my own secure bot and I'm giving it to you for free. In this video, I'll walk you through the Pope Bot: a self-hosted AI agent that runs 24/7 using GitHub Actions and Docker containers. You'll see how to set it up from scratch, connect it to Telegram, and trigger jobs via API. I'll show a real example—building a financial advisor that does daily market research automatically. You'll also learn how the security architecture keeps your API keys and credentials safe using GitHub Secrets, how the bot logs everything to Git for full transparency, and how it can even analyze its own performance to improve over time. Step-by-step install included. ----- ▸▸ FREE AI Automation / Coding Community → https://bit.ly/44A3Vdn 00:00 - Why I Built a Secure AI Bot 00:30 - Demo: Financial Advisor Bot 01:56 - How Jobs & GitHub Logs Work 02:51 - Pull Requests & Transparency 03:33 - Cron Jobs & Scheduled Tasks 04:27 - Self-Improving Agent Logs 06:09 - Triggering Jobs via API 07:57 - Reviewing the Financial Report 08:47 - Installation Walkthrough 09:49 - GitHub Token Setup 11:01 - API Keys Configuration 11:53 - Telegram Bot Setup 13:01 - Ngrok Tunnel for Local Dev 14:52 - Testing Your Bot 15:07 - Security Architecture Explained 16:57 - Secrets vs LLM Secrets 18:48 - Local vs Production Setup 19:09 - Roadmap & Community