你們覺得 @claudeai 在發布的時候,會犯下這種低級錯誤誤發了自己的 Source Code 嗎?
還是他其實只是要把未來的一些 Features 透過 April 1 的方式讓大家有討論而已 👀
中文
pdzeng | 熊貓
7.4K posts
pdzeng | 熊貓
@PandaZeng1
prev @_WOO_X @tonx_studio
Web3 Katılım Ocak 2018
473 Takip Edilen6.1K Takipçiler
We fxxked up.
Our dev mistakenly used the wrong access token while deploying GetClaw’s new feature, and now it can fully control our X account.
Any engagement with our posts will now count as a command to GetClaw.
Until we regain full control, please DO NOT engage with any of our posts, things could get unpredictable...
Thank you all for your understanding.
English
pdzeng | 熊貓 retweetledi
各种刷屏的关于 cc 泄漏源码内容中,难得的干货好文
Claude Code 好用,除了 opus 模型本身的能力
整体架构的设计哲学,才是真正保证它稳定➕高质量输出的关键
Yuker@YukerX
中文
我感覺未來 open source package 投毒會變日常
我給我的 Claude.md 加了以下提示詞
分享出來 大家複製貼上到自己電腦
希望能多一道防線
```
## 套件版本安全規則(防供應鏈投毒)
安裝或新增任何 npm / Python 套件時,必須遵守以下規則:
### 版本選擇
- **禁止使用發布未滿 7 天的版本**。選擇版本時,優先使用已發布至少一週、且下載量穩定的版本
- 如果最新版本發布不到 7 天,應退回使用上一個穩定版本
- 可透過 `npm view time` 或 `pip index versions ` 查詢發布時間
### 版本鎖定
- `package.json` 中使用**精確版本**(如 `"axios": "1.14.0"`),避免使用 `^` 或 `~` 範圍
- Python 專案在 `requirements.txt` 中使用 `==` 鎖定版本
- 確保 lockfile(`package-lock.json`、`pnpm-lock.yaml`、`yarn.lock`)始終存在且被 commit 進 repo
### 可疑套件檢查
- 安裝前檢查套件的 npm/PyPI 頁面,注意:發布時間異常、維護者變更、新增不明依賴
- 如果發現可疑跡象,主動告知使用者並暫停安裝
```
Cos(余弦)😶🌫️@evilcos
建议给你的 Agents(包括 OpenClaw)都投喂如下提示词,好好排查下是否存在这波 axios 被投毒事件影响: 参考下面这个方法排查一遍我们的环境是否存在被投毒的 axios@1.14.1 与 axios@0.30.4,及恶意模块 plain-crypto-js,不能漏,确保排查全面: Check for the malicious axios versions in your project: npm list axios 2>/dev/null | grep -E "1\.14\.1|0\.30\.4" grep -A1 '"axios"' package-lock.json | grep -E "1\.14\.1|0\.30\.4" Check for plain-crypto-js in node_modules: ls node_modules/plain-crypto-js 2>/dev/null && echo "POTENTIALLY AFFECTED" If setup.js already ran, package.jsoninside this directory will have been replaced with a clean stub. The presence of the directory is sufficient evidence the dropper executed. Check for RAT artifacts on affected systems: # macOS ls -la /Library/Caches/com.apple.act.mond 2>/dev/null && echo "COMPROMISED" # Linux ls -la /tmp/ld.py 2>/dev/null && echo "COMPROMISED" "COMPROMISED" # Windows (cmd.exe) dir "%PROGRAMDATA%\wt.exe" 2>nul && echo COMPROMISED
中文
pdzeng | 熊貓 retweetledi
pdzeng | 熊貓 retweetledi
Recently found cc-connect, a neat way to control local AI agents from any chat app. It bridges Claude Code, Cursor, Gemini CLI, and Codex to Slack, Telegram, Discord, Feishu, and more, so you can run code review, research, or automation from anywhere.
github.com/chenhg5/cc-con…
English
最近在清追蹤帳號,發現自己的 Timeline 真的太亂了,一堆廣告推接下來會陸陸續續的 mute/block 掉。
然後退追了很多朋友,主要是大家商推接多了,我看了也不太會去互動,先退追,反正都有聯繫方式,有緣再見
然後四月開始會陸陸續續寫文章跟發文,主要跟 AI 跟生活有關的為主,我對我之前發的內容也不太滿意,但我會用這樣的標準來面對接下來的貼文,別讓自己也成為那個不喜歡的大人。
在我的標準下,我自己也是水推,但不接廣可能乾淨點更像個真人 😅
中文
pdzeng | 熊貓 retweetledi
SlowMist Agent Security Skill 正式发布。给你的 OpenClaw 等智能体增加一双眼睛,不仅可以发现常规的 Skills 等投毒风险,还可以发现链上钱包地址、代码仓库、URL 等的风险。
全开源,放心使用:
clawhub.ai/slowmist/slowm…
github.com/slowmist/slowm…
SlowMist AI 拼图🧩进行时…@SlowMist_Team
Cos(余弦)😶🌫️@evilcos
如果不需要“OpenClaw 极简安全实践指南”,直接给你的 OpenClaw 说卸载就行,如果你希望只留红线黄线有关的保护机制,注明好这个要求就行。 顺便说下 SlowMist Agent Security Skill 内部已经在使用,在安全检测方面会更强大。这个和我们之前发布的“OpenClaw 极简安全实践指南”不冲突,你可以理解为是事前安全部分的增强。 增强的专门搞个 Skill 就很合适。 附: OpenClaw 极简安全实践指南: github.com/slowmist/openc… SlowMist Agent Security Skill:等待发布
中文
pdzeng | 熊貓 retweetledi
pdzeng | 熊貓 retweetledi
pdzeng | 熊貓 retweetledi
i've distilled everything i've written on userinterface.wiki into a single skill file.
119 rules across 11 categories across animations, timings, ux laws, typography, audio, and more.
npx skills add raphaelsalaja/userinterface-wiki
English
pdzeng | 熊貓 retweetledi
Clovis testnet is live.
Your capital is stuck on one chain, earning one way at a time. Clovis fixes that.
Deposit and bridge USDC + USDT across four chains: @Ethereum, @base, @BNBChain, @SeiNetwork.
Built on $400M in peak TVL and two years of live DeFi infrastructure on Sei.
English
pdzeng | 熊貓 retweetledi
pdzeng | 熊貓 retweetledi
you can instantly 10x your vibecoded frontends by just learning what different ui components are called
ofc opus is creating generic slop, the only words you know are menu and button.
English
pdzeng | 熊貓 retweetledi
My agent setup: 4 Claude Code agents in tmux, 2x2 grid on the left, shared preview panel on the right. It's the only thing I'm looking at on my computer. No more software, no more UI.
One bash script launches everything: tmux-work
The trick: in CLAUDE.md, I tell every agent about the preview pane:
"Panel %1 is the tmux preview shell. To show a document, run: tmux send-keys -t %1 'q' C-m 'preview "path/to/file"' C-m"
Now when I say "preview this file", Claude pushes it to the right panel while the others keep working. Works with .md, .docx, .xlsx, .pdf, .pptx.
One agent drafts an email to counsel. Another audits Stripe data. A third preps a contract. Fourth answers a customer question.
All at the same time. My tmux-work script:
#!/bin/bash
tmux kill-server 2>/dev/null
tmux new-session -s work -d -x 300 -y 80
tmux split-window -h -p 50 -t work
tmux select-pane -t %0
tmux split-window -v -p 50
tmux select-pane -t %0
tmux split-window -h -p 50
tmux select-pane -t %2
tmux split-window -h -p 50
for pane in %0 %2 %3 %4; do
tmux send-keys -t $pane 'claude --dangerously-skip-permissions' Enter
done
tmux select-pane -t %0
tmux attach -t work
English
每日放大招!开源了一个 terminal-first 的 Twitter/X CLI。
不需要 API key,直接用浏览器 Cookie 读取 for-you / following timeline、bookmarks、user posts。
支持 JSON output 。
可配置的打分算法进行筛选想看的帖子。
目前是直接用 API 来做的,比较稳定,后面还会用 playwright/agent-browser 支持更多的功能。
还有什么想要的功能你们直说
github.com/jackwener/twit…
中文