Search
- Drôle et un peu effrayant. Drôle 🥳 : vous lachez un agent sur votre ordinateur et vos données, et il vous fait gagner du temps Effrayant 😱 : un agent (?) lit vos mails, a vos codes bancaires, lit vos données, dépense vos credits cloud/LLM. #openclaw #moltbot www.wired.com/story/clawdb...
- An interesting thing to note is that LLM’s like claude will look at this and see it as an intentionally designed feature, and not see a problem with it. An automated security audit of the 516k line codebase is unlikely to surface it. But combined with other weird design choices in #openclaw…
- Just so you know, #openclaw contains a schedule-sensitive prompt injection hook called “soul-evil.ts” During “purge time,” it may randomly replace the system prompt with the contents of a “SOUL_EVIL.md” file
- In past 24h: ❌ 1-click exploit dropped for #OpenClaw: Simply visiting a URL allowed attacker to steal everything: keys & files + take control of the device. Patched. ❌#MoltBook had a vulnerability exposing all users emails, real names etc. Patched. 1/ Takeaway: all gas, no brakes.
- New TIL: running OpenClaw in Docker on my Mac - this is an officially documented path but there were still a few things that caught me out, hence my TIL til.simonwillison.net/llms/openclaw-docker
