zlacker

[return to "Clawdbot - open source personal AI assistant"]
1. xtagon+Sl[view] [source] 2026-01-26 03:37:47
>>KuzeyA+(OP)
Wild. There are 300 open Github issues. One of them is this (also AI generated) security report: https://github.com/clawdbot/clawdbot/issues/1796 claiming findings of hundreds of high-risk issues, including examples of hard coded, unencrypted OAuth credentials.

I am...disinclined to install this software.

◧◩
2. strang+Cn[view] [source] 2026-01-26 03:54:17
>>xtagon+Sl
If you read the PR, the bad issues are in a few extensions, not the bot itself. The unencrypted oAuth token isn't really a big deal. It should be fixed but its a "if this box is compromised" type thing. Given the nature of clawdbot, you are probably throwing it on a random computer/vps you don't really care about (I hope) without access to anything critical.
◧◩◪
3. xtagon+Qp[view] [source] 2026-01-26 04:21:19
>>strang+Cn
You're talking about if a box is compromised, but to clarify, this is hard coded into the source in the repo, not an end-user's credentials (and it's a `client_id` and `client_secret`, not a token): https://github.com/clawdbot/clawdbot/blob/7187c3d06765c9d3a7...
[go to top]