zlacker

[return to "Show HN: NanoClaw – “Clawdbot” in 500 lines of TS with Apple container isolation"]
1. popcor+lb[view] [source] 2026-02-02 00:24:58
>>jimmin+(OP)
> running it scares the crap out of me

A hundred times this. It's fine until it isn't. And jacking these Claws into shared conversation spaces is quite literally pushing the afterburners to max on simonw's lethal trifecta. A lot of people are going to get burned hard by this. Every blackhat is eyes-on this right now - we're literally giving a drunk robot the keys to everything.

◧◩
2. anabis+Hj[view] [source] 2026-02-02 01:44:11
>>popcor+lb
Maybe. People have run wildly insecure phpBB and Wordpress plugins, so maybe its the same cycle again.
◧◩◪
3. egeozc+Oo[view] [source] 2026-02-02 02:31:58
>>anabis+Hj
Those usually didn't have keys to all your data. Worst case, you lost your server, and perhaps you hosted your emails there too? Very bad, but nothing compared to the access these clawdbot instances get.
◧◩◪◨
4. Terret+Ow[view] [source] 2026-02-02 03:58:48
>>egeozc+Oo
> Those usually didn't have keys to all your data.

As a former (bespoke) WP hosting provider, I'd counter those usually did. Not sure I ever met a prospective "online" business customer's build that didn't? They'd put their entire business into WP installs with plugins for everything.

Our step one was to turn WP into static site gen and get WP itself behind a firewall and VPN, and even then single tenant only on isolated networks per tenant.

To be fair that data wasn't ALL about everyone's PII — until by ~2008 when the Buddy Press craze was hot. And that was much more difficult to keep safe.

[go to top]