28 comments

[ 0.23 ms ] story [ 78.8 ms ] thread
On one hand, with the top comments of the rebrand post showing how many insecure deployments there are, something like this alongside cloudflare zero trust is probably a much more secure solution.

On the other hand, I just wanna point out

> Firstly, Cloudflare Workers has never been so compatible with Node.js. Where in the past we had to mock APIs to get some packages running, now those APIs are supported natively by the Workers Runtime.

Deployed a project a couple of days ago, and compared to past attempts where I had to wrangle (pun intended) with certain configs for deployment styles for node based applications, the normal build tooling just worked out of the box. Planning to move a couple of my free-from-me high DAU user projects that are on the vercel premium tier over to CF workers.

Clawdbot/Moltbot looks to be a supply-chain attack waiting to happen, and I pity the poor soul who finds out when this ticking time bomb eventually detonates.
There is so much branding and "look at our success" marketing that this project comes off as heavily astro-turfed. Im sure in a month or two we will hear about the new startup the developers are making around this tool.

Ultimately its a convenience wrapper that makes it easy to wire up Claude or Chatgpt to a chat platform like discord, but its claiming to be far more revolutionary for reasons I dont yet know.

Agent phishing is going to boom. It is wildly reckless and insecure to you hook these things up to anything you actually care about until prompt injection is no longer a thing.
I have a bespoke local agent that I built over the last year, similar in facilities to Moltbot, but more deterministic code.

Running it this kind of agent in the cloud certainly has upsides, but also:

- All home/local integrations are gone.

- Data needs to be stored in the cloud.

No thanks.

There's a hidden trade-off here: Latency vs Privacy

A local agent has zero ping to your smart home and files, but high latency to the outside world (especially with bad upload speeds). A cloud agent (Cloudflare) has a fat pipe to APIs (OpenAI/Anthropic) and the web, but can't see your local printer.

The ideal future architecture is hybrid. A dumb local executor running commands from a smart cloud brain via a secure tunnel (like Cloudflare Tunnel). Running the agent's brain locally is a bottleneck unless you're running Llama 3 locally

This is exactly the issue. Even if you ignore the privacy concerns, the reason ClawdBot/Moltbot/OpenClaude got so popular is that everything was actually run locally. The early adopters where people on locked down corporate networks where almost everything they need to interact with is in the category of "a local printer" (possibly a networked one).

Cloudflare simply cannot access anything most users will want to access. If it's not run locally, it simply won't work for most users.

Piled on top is the obvious data privacy issue. Most notably the credential privacy, but also the non-credential privacy and data collection. Hard pass from me until there's a solution that covers all of these, including personal data privacy (and a "privacy policy" is no privacy at all).

I've been thinking of a similar thing, I just need a local model with consistent tool calling performance.

Most of my crap could just be tools and a mid-level language model interpreting the results and deciding whether to act on them.

I understand the downsides of Moltbot better than the upsides. What does it have that running a coding agent in a VM doesn't give you?
Easy install, discord/whatsapp/tg out of the box. And some agent orchestration out of the box where the main LLM can farm out tasks to different models/agents - yes Claude code has some of this too but I think this has more
Can someone explain how this thing skyrocketed Cloudflare stock from $183 to $210 in a day? There were a bunch of articles yesterday about that but it’s so weird…
Oh man, so many big players are JUMPING on this bandwagon! I got an email for Digital Ocean's Moltbot app this morning. All of them are touting their increased security over rolling your own.
I wish they would give a real-world cost estimate of what this would look like. They have a section of it "in action" [1] and I wish they would be like, "with this setup, the invoice is going to look like this, include these products, and with similar daily usage be about $XXX.00 per month."

[1] https://blog.cloudflare.com/moltworker-self-hosted-ai-agent/...

Main problem to solve is Prompt Injection protection from Websites, emails. If cloudflare could proxy all the URLs outgoing from an agent, scrub away or block Prompt injection sites/pages/emails/chats , that's a product i might find valuable.
I think that's very difficult. To detect prompts you need to have natural language understand and therefore probably another detection LLM which is itself probably vunerable to prompt injection.
It's certainly easier than setting up and maintaining a VPS and probably less expensive for most users, but your data is not private. Cloudflare can always read everything that goes through Moltworker and its attached storage.

Hosting Moltbot on your own hardware reigns supreme.

The prompt injection concerns are valid, but I think there's a more fundamental issue: agents are non-deterministic systems that fail in ways that are hard to predict or debug.

Security is one failure mode. But "agent did something subtly wrong that didn't trigger any errors" is another. And unlike a hacked system where you notice something's off, a flaky agent just... occasionally does the wrong thing. Sometimes it works. Sometimes it doesn't. Figuring out which case you're in requires building the same observability infrastructure you'd use for any unreliable distributed system.

The people running these connected to their email or filesystem aren't just accepting prompt injection risk. They're accepting that their system will randomly succeed or fail at tasks depending on model performance that day, and they may not notice the failures until later.

How are these agents stress tested today? Are there tools that are typically being used for QA and/or security?
Missed opportunity: Clawdflare. Too bad they had to change the name.
"The Internet woke up and started buying Mac Minis"

Cloudflare: Hold my beer, we'll run it in the cloud.

The irony is that the whole point of the "self-hosted" movement was leaving the cloud to own your data and compute. Cloudflare suggests moving it back to the cloud but labeling it Serverless. Technically elegant, but ideologically funny

Though honestly administering Kubernetes at home gets old faster than paying $5 a month

Is it just me or the meaning of the word "self-host" changed?
On some levels its insane that billion dollar companies are pouring resources into something and the name was only relevant for like a couple hours before things moved. Fast paced world.
Can‘t help but think that this is slop like the Matrix project.

“Hey Claude, port the latest trendy thing to Cloudflare Workers”