Hacker Newsnew | past | comments | ask | show | jobs | submit | CER10TY's commentslogin

IIRC the creator specifically said he's not reviewing any of the submissions and users should just be careful and vet skills themselves. Not sure who OpenClaw/Clawhub/Moltbook/Clawdbot/(anything I missed) was marketed at, but I assume most people won't bother looking at the source code of skills.


Yep, he did. Here you go: https://redlib.catsarch.com/r/theprimeagen/comments/1qvk772/...

Presented as originally written:

"There's about 1 Million things people want me to do, I don't have a magical team that verifies user generated content. Can shut it down or people us their brain when finding skills."


Users should be careful and vet skills themselves, but also they should give their agent root access to their machine so it can just download whatever skills it needs to execute your requests.


Somehow I doubt the people who don't even read the code their own agent creates were saving that time to instead read the code of countless dependencies across all future updates.


Heh, what a perfect setup for attackers.

UI is perfect for 'vote' manipulation. That is download your own plugin hundreds of times to get it to the top. Make it look popular.

No way to share to other that the plugin is risky.

Empowers users to do dangerous things they don't understand.

Users are apt to have things like API keys and important documents on computer.

Gold rush for attackers here.


The author also claims to make hundreds of commits a day without slop, while not reading any of it. The fact anyone falls for this bullshit is very worrying.


It swings both ways though. I've seen plenty of older engineers dismiss the "new guys" effort and claim that everything had to be custom written, because there's no way a common framework like Django could cover their use case. The same type of engineer has never once worked with a common framework though, so they don't know what's included nowadays.

Turns out it's a lot easier to build on top of a common framework than do everything from scratch.


Sure I had an older dev do bit masking for a list of 3 options in javascript because he was used to old terminals.

Its something different coming in and changing things here and there but rewriting the hole thing on a weekend is something different.


I was very impressed with vBulletin’s use of bitmasking for permissions (of which there were many possible combinations) when I first encountered it.

Would love an excuse to use it, but one has not come up in like 15 years since, hah.


Only for public repos though - if you're in an org with private repositories you don't get access to them (yet).


You do, you just have to set them up at the organization level. Windows/Linux/macOS are all available.


Personally, I'd just use common sense and good judgment. At the end of the day, would you want someone to hand your address, and other private data to OpenAI just like that? Probably not. So don't paste customer data into it if you can avoid it.

On the other hand, minified code is literally published by the company. Everyone can see it and do with it as they please. So handing that over to an AI to un-minify is not really your problem, since you're not the developer working on the tool internally.


Presumably they'll threaten to sue you and/or file a criminal complaint, which can be pretty hard to deal with depending on the jurisdiction. At that point you'll probably start asking yourself if it's worth publishing a blog post for some internet points.


Personally, I'd expect Claude Code not to have such far-reaching access across my filesystem if it only asks me for permission to work and run things within a given project.


Apparently they were using --dangerously-skip-permissions, --yolo, --trust-all-tools etc. The Wiz post has some more details - https://www.wiz.io/blog/s1ngularity-supply-chain-attack


That's a good catch. I knew these flags existed, but I figured they'd require at least a human in the loop to verify, similar to how Claude Code currently asks for permission to run code in the current directory.


This confusion is even more call for a response from these companies.

I don't understand why HN is trying to laugh at this security and simultaneously flag the call for action. This is counterproductive.


Probably because "HN" is not an entity with a single mind, but rather a group of millions each with their own backgrounds, experiences, desires, and biases?

Frankly it's amazing there's ever a consensus.


Talk to people outside tech. Lots of small problems worth solving, but not in tech. Also, just because it's a problem in someone's day to day won't mean they'll pay to fix it.

Good luck!


"just because it's a problem in someone's day to day won't mean they'll pay to fix it."

The best way to measure is that they've hacked a solution themselves using inferior tools. This is where the 10x recommendation comes to mind - you can do it cheaper, faster, better.


Well, if they have hacked a working solution that is supposedly free, why would they pay for another one?


Isn't that pretty much how every "Trusted by these companies" marketing badge works nowadays?


Or, far more likely, they'll reach out to someone in their network. To land in that network, you have to market your services. LinkedIn is somewhat useful for that, but less so nowadays.


I guess the thinking goes like this: Why start a business, get a higher paying job etc if you're getting ~2k€/mo in UBI and can live off of that? Since more people will decide against starting a business or increasing their income, productive activity decreases.


I see more people starting businesses because they now have less risk, more people not changing jobs just to get a pay hike. The sort of financial aid UBI would bring might even make people more productive on the whole, since people who are earning have spare income for quality of life, and people with financial risk are able to work without being worried half the day about paying rent and bills.

It's a bit of a dunk on people who see their position as employer/supervisor as a source of power because they can impose financial risk as punishment on people, which happens more often than any of us care to think, but isn't that a win? Or are we conceding that modern society is driven more by stick than carrot and we want it that way?


If everyone has 2k/mo then nobody has 2k/mo.


That's like saying "money doesn't exist".

In a sense everybody does have "2k" a month, because we all have the same amount of time to do productive things and exchange with others.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: