Comment by rideontime
4 days ago
> I don’t know how many people are involved in managing the ClawHub registry, but there is no evidence that the skills listed there are scanned by any security tooling. Many of the payloads we found were visible in plain text in the first paragraph of the SKILL.md file.
I shouldn't still be shocked by the incompetence and/or negligence of these people, and yet I am.
No comments yet
Contribute on Hacker News ↗