alt Hacker NewsIIRC the creator specifically said he's not reviewing any of the submissions and users should just be careful and vet skills themselves. Not sure who OpenClaw/Clawhub/Moltbook/Clawdbot/(anything I missed) was marketed at, but I assume most people won't bother looking at the source code of skills.
Replies
Users should be careful and vet skills themselves, but also they should give their agent root access to their machine so it can just download whatever skills it needs to execute your requests.
Heh, what a perfect setup for attackers.
UI is perfect for 'vote' manipulation. That is download your own plugin hundreds of times to get it to the top. Make it look popular.
No way to share to other that the plugin is risky.
Empowers users to do dangerous things they don't understand.
Users are apt to have things like API keys and important documents on computer.
Gold rush for attackers here.
Somehow I doubt the people who don't even read the code their own agent creates were saving that time to instead read the code of countless dependencies across all future updates.
The author also claims to make hundreds of commits a day without slop, while not reading any of it. The fact anyone falls for this bullshit is very worrying.
Yep, he did. Here you go: https://redlib.catsarch.com/r/theprimeagen/comments/1qvk772/...
Presented as originally written:
"There's about 1 Million things people want me to do, I don't have a magical team that verifies user generated content. Can shut it down or people us their brain when finding skills."