I'd call it "suspicious" that this latest idiocy came out of nowhere and got pushed so hard to normies, when results like this are 100% predictable... if it wasn't also consistent with how the AI industry itself operates.
I have not been following this whole thing closely, but this is where my mind went as soon as I heard there was some overlap in the popularity of this new un-sandboxed agent and people who are into crypto. It's like if everyone who is into buying physical gold started doing a Tiktok challenge to post pictures of their houses and leave their front doors unlocked.
I've heard people granting access to their production servers to this thing. Apparently you can ask it to check logs to find solutions to some errors or whatever. Gotta be a complete moron to do that.
I've only installed it on a fresh VM and the first impression was underwhelming. Maybe there is some magic I can't see.
This is funny, I was discussing moltbook with Claude and it told me there's already a crypto. I thought that's pretty funny, I might want to get some, but can't be arsed to figure it out.
"Do you think I could just give molt a BTC wallet with a bit of funds and tell it to figure out how to buy some?"
-"Yes, but it wouldn't be long before you get pwned."
... Six hours later, this pops on the front page :)
Even outside skills, prompt-injection is still unsolvable and the agents need credentials to do anything useful so these things are basically impossible to secure.
Ok I ask chat GPT sometimes for advice in health / Fitness and also finance. Not like where to put my money but for general Information how stuff works what would apply here and there. The issue is already that OpenAI knows a lot of me. And ChatGPT itself when asked what he things I am etc draws a pretty clear picture. But I stay away from oversharing specific things. That is mainly my income and other super detailed data. When I ask I try to formulate it to use simple numbers and examples. Works for me. When working with coding agents I’m very skeptical to whitelist stuff. It takes quite the while before I allow a generic command to be executed outside of a sandbox. But to install a random skill to help with Finance Automation… can’t belief it. Under what stone do you have to live to trust your money be handed by an agent and then also in connection with a random skill?
This was inevitable, better now than later when the damage is less widespread. Now clawdbot (or whatever they decide to call themselves) will have to respond with better security safety nets. Individually will always naively download whatever is on the internet. Platforms needs to safeguard against that.
Remember the early days of Windows? yea it's gonna happen again with AI.
> I don’t know how many people are involved in managing the ClawHub registry, but there is no evidence that the skills listed there are scanned by any security tooling. Many of the payloads we found were visible in plain text in the first paragraph of the SKILL.md file.
I shouldn't still be shocked by the incompetence and/or negligence of these people, and yet I am.
People say the reason nigerian prince scammers use such ridiculous story, or bank phishing has so many typos, is to pre-filter dumb and gullible people so the scammers don't waste time on targets that won't get scammed in the end.
All these AI "hacks" seem to be based on the same principle.
36 comments
[ 4.0 ms ] story [ 45.3 ms ] thread1. Predictable. [0]
2. So that is why all those moltys were panicking earlier. [1]
[0] https://news.ycombinator.com/item?id=46788560
[1] https://news.ycombinator.com/item?id=46820962
I've only installed it on a fresh VM and the first impression was underwhelming. Maybe there is some magic I can't see.
"Do you think I could just give molt a BTC wallet with a bit of funds and tell it to figure out how to buy some?"
-"Yes, but it wouldn't be long before you get pwned."
... Six hours later, this pops on the front page :)
Remember the early days of Windows? yea it's gonna happen again with AI.
Nope, never heard of it. Is it a rock worth living under?
Letting a glorified lorem ipsum generator have control over anything personal or sensitive is just … what’s wrong with you? You know not of computers?
I shouldn't still be shocked by the incompetence and/or negligence of these people, and yet I am.
All these AI "hacks" seem to be based on the same principle.