zlacker

[return to "Clawdbot - open source personal AI assistant"]
1. xtagon+Sl[view] [source] 2026-01-26 03:37:47
>>KuzeyA+(OP)
Wild. There are 300 open Github issues. One of them is this (also AI generated) security report: https://github.com/clawdbot/clawdbot/issues/1796 claiming findings of hundreds of high-risk issues, including examples of hard coded, unencrypted OAuth credentials.

I am...disinclined to install this software.

◧◩
2. Mic92+Fn[view] [source] 2026-01-26 03:55:04
>>xtagon+Sl
I skipped over the first few ones and haven't seen critical ones. The hardcoded oauth client secrets is basically present in any open-source or commercial app that is distributed to end users. It doesn't break the security of end users. It mainly allows other apps to impersonate this app, i.e. present itself as clawdbot, which is a moot point given anyone can just change /inject code into it.
◧◩◪
3. xtagon+wt[view] [source] 2026-01-26 05:03:45
>>Mic92+Fn
Yeah, I see what you're saying.
[go to top]