While Paperclip offers a compelling dashboard for orchestrating AI agents, its lack of a security model for third-party skills running with full system access makes it unsafe for production environments without strict sandboxing.
Third-party agent skills execute with full filesystem and network access by default, creating a critical supply chain security risk.
The core orchestrator is open-source under the MIT license and is fully self-hostable.
The cloud service Terms of Service explicitly grants Paperclip Labs broad rights to create derivative works from processed content.
The 'Maximizer Mode' feature removes human approval gates without built-in spend limits, risking runaway token costs.