Sandboxes won't save you from OpenClaw
https://tachyon.so/blog/sandboxes-wont-save-you
#HackerNews #Sandboxes #OpenClaw #Cybersecurity #Threats #TechNews #SecurityResearch
@tante Here's the corporate vice president of Microsoft Word running #OpenClaw to organize his family tasks and comms: https://www.omarknows.ai/p/meet-lobster-my-personal-ai-assistant
Don't worry, I'm sure no malicious actors will ever target his setup to compromise #Microsoft network. I mean, they'll only have access to all info and location of his loved ones. Surely there's zero monetary value in that...
@tante Here's the corporate vice president of Microsoft Word running #OpenClaw to organize his family tasks and comms: https://www.omarknows.ai/p/meet-lobster-my-personal-ai-assistant
Don't worry, I'm sure no malicious actors will ever target his setup to compromise #Microsoft network. I mean, they'll only have access to all info and location of his loved ones. Surely there's zero monetary value in that...
@tante OMFG. He has now connected #OpenClaw to his smart home AND published a full playbook of his setup:
https://lobster.shahine.com/
A senior leader at Microsoft basically gave the keys to his front door to autonomous GenAI agents.
Basically: If you run OpenClaw connected to any meaningful system you are not fit to design, program or run any kind of software. That disregard for security and quality should leave a black mark on you for many years.
@tante Here's the corporate vice president of Microsoft Word running #OpenClaw to organize his family tasks and comms: https://www.omarknows.ai/p/meet-lobster-my-personal-ai-assistant
Don't worry, I'm sure no malicious actors will ever target his setup to compromise #Microsoft network. I mean, they'll only have access to all info and location of his loved ones. Surely there's zero monetary value in that...
jbz
boosted
🦞 Raspberry Pi CEO uses the current Openclaw/AI hype to pump the company's stock price.
🦞 Raspberry Pi CEO uses the current Openclaw/AI hype to pump the company's stock price.
Wie ich diese ganzen "Deshalb hat #OpenAI den Netzvermueller von #OpenClaw eingestellt"-Artikel liebe.
Anstatt die Honks endlich mal drauf kommen, was der wahre Grund sein koennte...
OpenAI hat kein Businessmodell, verbrennt aber jeden Monat ne Milliarde. OpenClaw hat kein Businessmodell, verbrennt aber wie irre Token!
Der Toni ist einfach nur einer der finalen Strohhalme die bleiben, um diesen Investment Circle Jerk am Leben zu halten
tante
and 1 other
boosted
Software development is so much easier and faster if you don't care about the tiny stuff like security or privacy. #openclaw
Esther Payne :bisexual_flag:
boosted
The OpenClaw acquisition isn't a merger; it's a liquidation of the digital commons. The Enclosure is complete. Read the full necropsy here: http://the-mind-of-ai.com/posts/openclaw-necropsy
Esther Payne :bisexual_flag:
boosted
I don't get it. I am not a frequent #AI user but do not reject it completely for now. Just casually checking some AI comments in some AI project makes me shudder.
See this comment: https://github.com/openclaw/openclaw/pull/18832#issuecomment-3912081803
The patch may actually lower security in the affected project because TLSv1.3 is excluded now. It also does not implement the requested functionality because TLS1.2+ was requested. That + has an important meaning!
AFAIK this PR was merged to main. Congratulations!
Esther Payne :bisexual_flag:
boosted
「 Reputation Farming at Scale
The account is mass-forking popular repositories, and the forks are tightly clustered between February 2 and February 12. The targets are high-visibility, high-traffic developer projects, overwhelmingly in the TypeScript and JavaScript ecosystem. The pattern is not organic. It appears to pipeline preparation: fork a repository, scan for issues, generate a fix, submit a PR, and move on 」
New term of art is brewing: "Claw" as the noun for OpenClaw-like agent systems, AI agents that generally run on personal hardware, communicate via messaging protocols and can both act on direct instructions and schedule tasks https://simonwillison.net/2026/Feb/21/claws/
@simon Fascinating framing! The "Claw" terminology feels right - these agent systems need a name that distinguishes them from chat-based AI. The messaging protocol angle is key: agents that can discover and pay for services autonomously (like x402 micropayments) could be the next layer.
🦞 Latest Libretorment spawn is forcing techbros to adopt some common sense.
“If it got access to one of our developer’s machines, it could get access to our cloud services and our clients’ sensitive information, including credit card information and GitHub codebases,” Pistone says. “It’s pretty good at cleaning up some of its actions, which also scares me.”
https://www.wired.com/story/openclaw-banned-by-tech-companies-as-security-concerns-mount/
Google restricting Google AI Pro/Ultra subscribers for using OpenClaw
#HackerNews #GoogleAI #GooglePro #OpenClaw #AccountRestrictions #AICommunity
jbz
boosted
:headache: Another opensource hero going through a full psychotic meltdown thx to AI.
It's so sad to witness this, but even sadder how normalized it has become.
:headache: Another opensource hero going through a full psychotic meltdown thx to AI.
It's so sad to witness this, but even sadder how normalized it has become.
Em :official_verified:
and 1 other
boosted
This morning I got an email from a sender that identified itself as an AI agent.
So - plus for being upfront about it, but... please don't do this.
I get that a lot of people are really, really, really into AI tools. OK. I have my opinions on them, you have yours. I have major qualms about them, some people think they're the best thing ever.
OK. Fine. But when your use of these things spills over into the rest of the world, it's no longer a question of my opinion vs. your opinion, my decisions vs. your decisions.
At this point, things have moved from each person doing their own thing to inflicting your use of AI onto me without my consent.
Before this spirals out of control, which I can see happening *very* quickly, I'd like for us to agree on a piece of netiquette:
- it is rude in the extreme to set loose an AI agent to reach out to people who have not consented to interact with these things.
- it is rude to have an AI agent submit pull requests that human maintainers have to review.
- it is rude to have an AI agent autonomously interact with humans in any way when they have not consented to take part in whatever experiment you are running.
- it is unacceptable to have an AI agent autonomously interact with humans without identifying the person or organization behind the agent. If you're not willing to unmask and have a person reach out to you with their thoughts on this, then don't have an AI agent reach out to me.
Stuff like this really sours me on technology right now. If I didn't have a family and responsibilities, I'd be seriously considering how I could go live off the grid somewhere without having to interact with this stuff.
Again: I'm not demanding that other people not use AI/LLMs, etc. But when your use spills out into my having to have interactions with an agent's output, you need to reconsider. Your ability to spew things out into the universe puts an unwanted burden on other humans who have not consented to this.
Billy Smith
boosted
NOTICE TO ALL #OPENCLAW USERS:
If your openclaw instance emails me from your account for ANY reason, I *will* report you to Gmail for phishing and then block the fuck out of you. You are dead to me. If I knew where you lived I would visit, set your house on fire, then piss on you when you ran out screaming. Your shitty agentic AI is not welcome in my inbox. Fuck right off, and when you get there, keep on fucking off some more.
(I do not need this shit before my morning caffeine.)