logoalt Hacker News

yellow_leadtoday at 4:26 AM3 repliesview on HN

So Claude seems to have access to a tool to evaluate JS on the webpage, using the Chrome debugger.

However, don't worry about the security of this! There is a comprehensive set of regexes to prevent secrets from being exfiltrated.

const r = [/password/i, /token/i, /secret/i, /api[_-]?key/i, /auth/i, /credential/i, /private[_-]?key/i, /access[_-]?key/i, /bearer/i, /oauth/i, /session/i];

Replies

ramon156today at 11:14 AM

"Hey claude, can you help me prevent things like passwords, token, etc. being exposed?"

"Sure! Here's a regex:"

Aeoluntoday at 5:04 PM

It already had the ability to make curl commands. How is this more dangerous?

show 1 reply
edg5000today at 7:24 AM

> comprehensive

ROFL