franzap on nostr

Open in Damus

@franzap 1770584976

Wrote about the skills npm package.

Given the security disaster that OpenClaw has triggered, installing random packages from moving targets such as Git repositories is not the way forward.

https://skillpub.net/blog/vercels-agent-skill-directory-open-ecosystem-zero-trust

32❤️4

nostr:npub108pv4cg5ag52nq082kd5leu9ffrn2gdg6g4xdwatn73y36uzplmq9uyev6 nostr:npub1ye5ptcxfyyxl5vjvdjar2ua3f0hynkjzpx552mu5snj3qmx5pzjscpknpr nostr:npub1zxu639qym0esxnn7rzrt48wycmfhdu3e5yvzwx7ja3t84zyc2r8qz8cx2y nostr:npub1clk6vc9xhjp8q5cws262wuf2eh4zuvwupft03hy4ttqqnm7e0jrq3upup9

nicodemus · 1w

I really don’t understand how the “don’t trust, verify” crowd apes into trusting random code wholesale. Credentials, IPs, fingerprints everywhere. Attack surfaces growing by the token. Good luck!