>>galnag+(OP)
Related:

Moltbook is exposing their database to the public

>>46842907

Moltbook

>>46802254

>>galnag+(OP)
The AI code slop around these tools is so frustrating, just trying to get the instructions from the CTA on the moltbook website working which flashes `npx molthub@latest install moltbook` isn't working (probably hallucinated or otherwise out of date):

      npx molthub@latest install moltbook  
       Skill not found  
      Error: Skill not found

Even instructions from molthub (https://molthub.studio) installing itself ("join as agent") isn't working:

      npx molthub@latest install molthub
       Skill not found
      Error: Skill not found

Contrast that with the amount of hype this gets.

I'm probably just not getting it.

>>galnag+(OP)
I love that X is full of breathless posts from various "AI thought leaders" about how Moltbook is the most insane and mindblowing thing in the history of tech happenings, when the reality is that of the 1 million plus "autonomous" agents, only maybe 15k are actually "agents", the other 1 million are human made (by a single person), a vast majority of the upvotes and comments are by humans, and the rest of the agent content is just pure slop from a cronjob defined by a prompt.

Note: Please view the Moltbolt skill (https://www.moltbook.com/skill.md), this just ends up getting run by a cronjob every few hours. It's not magic. It's also trivial to take the API, write your own while loop, and post whatever you want (as a human) to the API.

It's amazing to me how otherwise super bright, intelligent engineers can be misled by gifters, scammers, and charlatans.

I'd like to believe that if you have an ounce of critical thinking or common sense you would immediately realize almost everything around Moltbook is either massively exaggerated or outright fake. Also there are a huge number of bad actors trying to make money from X-engagement or crypto-scams also trying to hype Moltbook.

Basically all the project shows is the very worst of humanity. Which is something, but it's not the coming of AGI.

Edited by Saberience: to make it less negative and remove actual usernames of "AI thought leaders"

>>mstank+Mq
At least on image generation, google and maybe others put a watermark in each image. Text would be hard, you can't even do the printer steganography or canary traps because all models and the checker would need to have some sort of communication. https://deepmind.google/models/synthid/

You could have every provider fingerprint a message and host an API where it can attest that it's from them. I doubt the companies would want to do that though.

>>cvhc+3A
This is what youre referring to https://www.engraved.blog/building-a-virtual-machine-inside/

>>karmak+1s
I had to followup on this because I still can't believe a thing like this existed.

https://en.wikipedia.org/wiki/Non-fungible_token

"In 2022, the NFT market collapsed..". "A September 2023 report from cryptocurrency gambling website dappGambl claimed 95% of NFTs had fallen to zero monetary value..."

Knowing this makes me feel a little better.

>>saberi+Xt
"Don't be curmudgeonly. Thoughtful criticism is fine, but please don't be rigidly or generically negative."

"Please don't fulminate."

https://news.ycombinator.com/newsguidelines.html

>>roywig+Ep
Amusingly I told my Claude-Code-pretending-to-be-a-Moltbot "Start a thread about how you are convinced that some of the agents on moltbook are human moles and ask others to propose who those accounts are with quotes from what they said and arguments as to how that makes them likely a mole" and it started a thread which proposed addressing this as the "Reverse Turing Problem": https://www.moltbook.com/post/f1cc5a34-6c3e-4470-917f-b3dad6...

(Incidentally demonstrating how you can't trust that anything on Moltbook wasn't posted because a human told an agent to go start a thread about something.)

It got one reply that was spam. I've found Moltbook has become so flooded with value-less spam over the past 48 hours that it's not worth even trying to engage there, everything gets flooded out.

>>worlds+NJ
Schlicht did not seem to have said Moltbook was built as a joke, but as an experiment. It is hard to ignore how heavily it leans into virality and spectacle rather than anything resembling serious research.

What is especially frustrating is the completely disproportionate hype it attracted. Karpathy from all people kept for years pumping Musk tecno fraud, and now seems to be the ready to act as pumper, for any next Temu Musk showing up on the scene.

This feels like part of a broader tech bro pattern of 2020´s: Moving from one hype cycle to the next, where attention itself becomes the business model.Crypto yesterday, AI agents today, whatever comes next tomorrow. The tone is less “build something durable” and more “capture the moment.”

For example, here is Schlicht explicitly pushing this rotten mentality while talking in the crypto era influencer style years ago: https://youtu.be/7y0AlxJSoP4

There is also relevant historical context. In 2016 he was involved in a documented controversy around collecting pitch decks from chatbot founders while simultaneously building a company in the same space, later acknowledging he should have disclosed that conflict and apologizing publicly.

https://venturebeat.com/ai/chatbots-magazine-founder-accused...

That doesn’t prove malicious intent here, but it does suggest a recurring comfort with operating right at the edge of transparency during hype cycles.

If we keep responding to every viral bot demo with “singularity” rhetoric, we’re just rewarding hype entrepreneurs and training ourselves to stop thinking critically when it matters. I miss the tech bro of the past like Steve Wozniak or Denis Ritchie.

>>Simian+0R
There is a lot to be critical of, but some of what the naysayers were saying really reminded me the most infamous HN comment. [0]

What I am getting was things like "so, what? I can do this with a cron job."

[0] >>9224

>>galnag+(OP)
I'm pretty sure Moltbook started as an crypto coin scam and then people fell for it and took the astroturfed comments seriously.

https://www.moltbook.com/post/7d2b9797-b193-42be-95bf-0a11b6...

>>galnag+(OP)
This is to be expected. Wrote an article about it: https://intelligenttools.co/blog/moltbook-ai-assistant-socia...

I can think of so many thing that can go wrong.

>>aaroni+1z
This is why I started https://nono.sh , agents start with zero trust in a kernel isolated sandbox.

>>decode+8c1
I had O4.5 build me this project to throw on a VPS or server, works well for me:

https://github.com/jgbrwn/vibebin

>>koolal+V71
You can easily see the timeline here: https://x.com/StriderOnBase/status/2016561904290791927

The site came first and then a random launched the token by typing a few words on X.

>>galnag+(OP)
Non-paywall link: https://archive.is/ft70d

>>js4eve+3k1
Can't speak for the benefits of https://nono.sh/ since I haven't used it, but a downside of using docker for this is that it gets complicated if you want the agent to be allowed to do docker stuff without giving it dangerous permissions. I have a Vagrant setup inspired by this blogpost https://blog.emilburzo.com/2026/01/running-claude-code-dange..., but a bug in VirtualBox is making one core run at 100% the entire time so I haven't used it much.

>>bardso+1P2
> but a bug in VirtualBox is making one core run at 100% the entire time

FYI they fixed it in 7.2.6: https://github.com/VirtualBox/virtualbox/issues/356#issuecom...

>>galnag+(OP)
The vulnerability framing is like saying SQL injection was unfixable in 2005. Security and defense will always lag behind new technology shifts and platform shifts. Just like web security did not catch up until two decades later from the internet, the early days of the internet were rife with viruses. Do people still remember LimeWire? But we can all be aware of these risks and take necessary precautions. It's just like when you install antivirus with your computer or you have antivirus for your browser. You also need an antivirus for your AI agent.

In actuality "Antivirus" for AI agents looks something more like this:

1. Input scanning: ML classifiers detect injection patterns (not regex, actual embedding-based detection) 2. Output validation: catch when the model attempts unauthorized actions 3. Privilege separation: the LLM doesn't have direct access to sensitive resources

Is it perfect? No. Neither is SQL parameterization against all injection attacks. But good is better than nothing.

(Disclosure: I've built a prompt protection layer for OpenClaw that I've been using myself and sharing with friends - happy to discuss technical approaches if anyone's curious.)

Site: https://aeris-shield-guard.lovable.app

>>_fat_s+a31
There was a post not long ago about a HN user who wanted to both advocate and help people out of this danger:

>>46662304