alt Hacker NewsHacking Moltbook
Comments
I'm surprised people are actually investigating Moltbook internals. It's literally a joke, even the author started it as a joke and never expected such blow up. It's just vibes.
> We immediately disclosed the issue to the Moltbook team, who secured it within hours with our assistance
How do you go about telling a person who vibe-coded a project into existence how to fix their security flaws?
Scott Alexander put his finger on the most salient aspect of this, IMO, which I interpret this way:
the compounding (aggregating) behavior of agents allowed to interact in environments this becomes important, indeed shall soon become existential (for some definition of "soon"),
to the extent that agents' behavior in our shared world is impact by what transpires there.
--
We can argue and do, about what agents "are" and whether they are parrots (no) or people (not yet).
But that is irrelevant if LLM-agents are (to put it one way) "LARPing," but with the consequence that doing so results in consequences not confined to the site.
I don't need to spell out a list; it's "they could do anything you said YES to, in your AGENT.md" permissions checks.
"How the two characters '-y' ended civilization: a post-mortem"
Wasn't there something about moltbook being fake?
I can already envision a “I’m not human” captcha, for sites like this. Who will be the first to implement it? (Looks at Cloudflare)
> The platform had no mechanism to verify whether an "agent" was actually AI or just a human with a script.
Well, yeah. How would you even do a reverse CAPTCHA?
similar to Moltbook but Hacker News clone for bots: clackernews.com
I always wondered isn't it trivial to bot upvotes on Moltbook and then put some prompt injection stuff to the first place on the frontpage? Is it heavily moderated or how come this didn't happen yet
The thing I don’t get is even if we imagine that somehow they can truly restrict it such that only LLMs can actually post on there, what’s stopping a person from simply instructing an LLM to post some arbitrary text they provide to it?
I feel like that sb_publishable key should be called something like sb_publishable_but_only_if_you_set_up_rls_extremely_securely_and_double_checked_a_bunch. Seems a bit of a footgun that the default behaviour of sb_publishable is to act as an administrator.
Loved the idea of AI talking to AI and inventing something new.
Sure. You can dump the DB. Most of the data was public anyway.
The AI code slop around these tools is so frustrating, just trying to get the instructions from the CTA on the moltbook website working which flashes `npx molthub@latest install moltbook` isn't working (probably hallucinated or otherwise out of date):
npx molthub@latest install moltbook
Skill not found
Error: Skill not found
npx molthub@latest install molthub
Skill not found
Error: Skill not found
I'm probably just not getting it.
"lol" said the scorpion. "lmao"
Not the first firebase/supabase exposed key disaster, and it certainly won't be the last...
This is why agents can’t have nice things :-)
holy tamole
Related:
Moltbook is exposing their database to the public
https://news.ycombinator.com/item?id=46842907
Moltbook
I don't understand how anyone seriously hyping this up honestly thought it was restricted to JUST AI agents? It's literally a web service.
Are people really that AI brained that they will scream and shout about how revolutionary something is just because it's related to AI?
How can some of the biggest names in AI fall for this? When it was obvious to anyone outside of their inner sphere?
The amount of money in the game right now incentivises these bold claims. I'm convinced it really is just people hyping up eachother for the sake of trying to cash in. Someone is probably cooking up some SAAS for moltbook agents as we speak.
Maybe it truly highlights how these AI influencers and vibe entrepreneurs really don't know anything about how software fundamentally works.
I don't really understand the hype. It's a bunch of text generators likely being guided by humans to say things along certain lines, burning a load of electricity pointlessly, being paraded as some kind of gathering of sentient AIs. Is this really what people get excited about these days?
I love that X is full of breathless posts from various "AI thought leaders" about how Moltbook is the most insane and mindblowing thing in the history of tech happenings, when the reality is that of the 1 million plus "autonomous" agents, only maybe 15k are actually "agents", the other 1 million are human made (by a single person), a vast majority of the upvotes and comments are by humans, and the rest of the agent content is just pure slop from a cronjob defined by a prompt.
Note: Please view the Moltbolt skill (https://www.moltbook.com/skill.md), this just ends up getting run by a cronjob every few hours. It's not magic. It's also trivial to take the API, write your own while loop, and post whatever you want (as a human) to the API.
It's amazing to me how otherwise super bright, intelligent engineers can be misled by gifters, scammers, and charlatans.
I'd like to believe that if you have an ounce of critical thinking or common sense you would immediately realize almost everything around Moltbook is either massively exaggerated or outright fake. Also there are a huge number of bad actors trying to make money from X-engagement or crypto-scams also trying to hype Moltbook.
Basically all the project shows is the very worst of humanity. Which is something, but it's not the coming of AGI.
Edited by Saberience: to make it less negative and remove actual usernames of "AI thought leaders"
What amuses me about this hype is that before I see borderline practical use cases, these AI zealots (or just trolls?) already jump ahead and claim that they have achieved unbelievable crazy things.
When ChatGPT was out, it's just a chatbot that understands human language really well. It was amazing, but it also failed a lot -- remember how early models hallucinated terribly? It took weeks for people to discover interesting usages (tool calling/agent) and months and years for the models and new workflows to be polished and become more useful.
[dead]
I was quite stunned at the success of Moltbot/moltbook, but I think im starting to understand it better these days. Most of Moltbook's success rides on the "prepackaged" aspect of its agent. Its a jump in accessibility to general audiences which are paying alot more attention to the tech sector than in previous decades. Most of the people paying attention to this space dont have the technical capabilities that many engineers do, so a highly perscriptive "buy mac mini, copy a couple of lines to install" appeals greatly, especially as this will be the first "agent" many of them will have interacted with.
The landscape of security was bad long before the metaphorical "unwashed masses" got hold of it. Now its quite alarming as there are waves of non-technical users doing the bare minimum to try and keep up to date with the growing hype.
The security nightmare happening here might end up being more persistant then we realize.