Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
Andrew Nesbitt (andrewnez@mastodon.social)'s status on Friday, 24-Apr-2026 08:48:02 JST Andrew Nesbitt

Researching Clawhub for a conference talk at the moment.
It’s like they are speed running every package manager security flaw from the past 20 years 😅

In conversation about a month ago from mastodon.social permalink
- Embed this notice
  Andrew Nesbitt (andrewnez@mastodon.social)'s status on Friday, 24-Apr-2026 08:48:00 JST Andrew Nesbitt
  in reply to
  
  Oh fun, if a user gets banned, all their skills are hard deleted...
  LEFTPAD.md
  https://github.com/openclaw/clawhub/security#bans
  
  In conversation about a month ago permalink
- Embed this notice
  Andrew Nesbitt (andrewnez@mastodon.social)'s status on Friday, 24-Apr-2026 08:48:00 JST Andrew Nesbitt
  in reply to
  
  Note to self: must stop tooting zero days
  
  In conversation about a month ago permalink
  
  Paul Cantrell repeated this.
- Embed this notice
  Andrew Nesbitt (andrewnez@mastodon.social)'s status on Friday, 24-Apr-2026 08:48:00 JST Andrew Nesbitt
  in reply to
  
  This talk started out with a single slide about ClawHub, at this point there's about 3 vulnerability reports I need to make before I can even give the talk :blobsweats:
  
  In conversation about a month ago permalink
- Embed this notice
  Andrew Nesbitt (andrewnez@mastodon.social)'s status on Friday, 24-Apr-2026 08:48:01 JST Andrew Nesbitt
  in reply to
  
  We've got lockfiles! https://github.com/search?q=path%3A.clawhub%2Flock.json&type=code
  (no manifest file to go along with it though)
  In conversation about a month ago permalink
  Attachments
  1. Domain not in remote thumbnail source whitelist: github.githubassets.com
    
    Build software better, together
    
    GitHub is where people build software. More than 150 million people use GitHub to discover, fork, and contribute to over 420 million projects.
- Embed this notice
  Andrew Nesbitt (andrewnez@mastodon.social)'s status on Friday, 24-Apr-2026 08:48:01 JST Andrew Nesbitt
  in reply to
  
  Definitely not investigation how worm-able clawhub is right now.
  <this-is-fine.gif>
  
  In conversation about a month ago permalink
- Embed this notice
  Andrew Nesbitt (andrewnez@mastodon.social)'s status on Friday, 24-Apr-2026 08:48:01 JST Andrew Nesbitt
  in reply to
  
  Another fun one, ClawHub has an auto-hide feature if enough users report a skill as problematic.
  Anyone want to guess how many unique GitHub accounts you would need to completely hide every skill in the registry?
  
  In conversation about a month ago permalink
- Embed this notice
  Andrew Nesbitt (andrewnez@mastodon.social)'s status on Friday, 24-Apr-2026 08:48:02 JST Andrew Nesbitt
  in reply to
  
  This talk is only 30 minutes, I'm going to speed running this thing too!
  
  In conversation about a month ago permalink
- Embed this notice
  Andrew Nesbitt (andrewnez@mastodon.social)'s status on Friday, 24-Apr-2026 08:48:02 JST Andrew Nesbitt
  in reply to
  
  *slaps roof*
  You can fit so many vulnerabilities in this baby!
  
  In conversation about a month ago permalink

Public

Conversation

Notices

Feeds