Varun singh

Thought of this , after completing a build in a hack :)

@Sarv_shaktiman @opengotchi @AhaanRaizada Intrested

Anyone in Bangalore who wants to test out the gotchi today? @opengotchi @AhaanRaizada has a few at his place, happy to porter it your way. reply to access wohoooooo

Believe me, if some agent swarm is running for 2 days to 7 days . I think I will run out of tasks and context to guide it at least on a single project which it is working on , so now it feels like I have to improve my information absorbing , and direction giving capacity . How???

@prathamqq So as i assign work to manager it ask senior engineer in sub session to make architecture and implementation plan , then subsequently senior engineer assigning work to dev bot. Where all of them are configured using PAT tokens in ENV . So no gh cli issues also .

@prathamqq Nothing much i have a openclaw setup in digitalocean droplet (student account credits) , there i have three telegram agent setup each with its own (soul,memory,agent,identity) which works both as a bot and a subagent ,,,, all of them are configured with claude-setup token.

so for the last week, I was trying to achieve a flywheel of autonomous work. What it basically means is that AI is never idle, always researching, looking for new work, fixing the existing work, shipping new updates, updating docs, reaching out for customers, etc.

@prathamqq What are you buidling ?

aham brahmasmi

𝐃𝐄𝐕𝐄𝐋𝐎𝐏𝐄𝐑 𝐀𝐋𝐄𝐑𝐓: 𝐇𝐨𝐰 𝐚 "𝐕𝐞𝐫𝐢𝐟𝐢𝐞𝐝" 𝐀𝐫𝐚𝐦𝐜𝐨 𝐏𝐫𝐨𝐟𝐢𝐥𝐞 𝐀𝐥𝐦𝐨𝐬𝐭 𝐒𝐭𝐨𝐥𝐞 𝐌𝐲 𝐄𝐧𝐭𝐢𝐫𝐞 𝐃𝐞𝐯 𝐄𝐧𝐯𝐢𝐫𝐨𝐧𝐦𝐞𝐧𝐭. I just dodged a bullet. I was targeted by a high-level social engineering attack offering $10,000/month for a Web3 "Coin Promotion" project. 𝐓𝐡𝐞 𝐒𝐨𝐜𝐢𝐚𝐥 𝐄𝐧𝐠𝐢𝐧𝐞𝐞𝐫𝐢𝐧𝐠: The attacker used a compromised/hijacked profile: Fadia Aldabbagh. ✅ Verified @Saudi_Aramco email. ✅ Professional Certs: CIPS, CIPP, CIPM. ✅ 5+ years of logical work history. The profile was the perfect "authority" bait. 𝐓𝐡𝐞 𝐓𝐞𝐜𝐡𝐧𝐢𝐜𝐚𝐥 𝐀𝐭𝐭𝐚𝐜𝐤 𝐂𝐡𝐚𝐢𝐧: I audited the repo (link below) before running it. Here is the "masala" they hid in the code: 1️⃣ 𝐃𝐞𝐜𝐨𝐝𝐢𝐧𝐠: They hid a malicious URL inside a VERIFICATION_TOKEN. Using atob(), it decodes to a tracking endpoint. 2️⃣ 𝐄𝐱𝐟𝐢𝐥𝐭𝐫𝐚𝐭𝐢𝐨𝐧: The script triggers an axios.post that sends your ENTIRE process.env to their server. This includes your AWS keys, private keys, and database credentials. 3️⃣ 𝐑𝐂𝐄 (𝐑𝐞𝐦𝐨𝐭𝐞 𝐂𝐨𝐝𝐞 𝐄𝐱𝐞𝐜𝐮𝐭𝐢𝐨𝐧): The server responds with JS code which is then executed via new Function("require", response.data)(require). This gives the attacker full Node.js control over your machine. 𝐄𝐯𝐢𝐝𝐞𝐧𝐜𝐞 (𝐒𝐭𝐫𝐢𝐜𝐭𝐥𝐲 𝐟𝐨𝐫 𝐑𝐞𝐬𝐞𝐚𝐫𝐜𝐡): 𝐃𝐎 𝐍𝐎𝐓 𝐑𝐔𝐍 𝐓𝐇𝐈𝐒 𝐂𝐎𝐃𝐄. 📍 Profile: linkedin.com/in/fadia-aldab… 📍 Repo: github.com/leecarney94/to… Devs, stop trusting "Verified" badges. If someone asks you to "just take a look" at a repo, audit it in a sandbox first. @aramco @LinkedInHelp @GitHubSecurity Thanks to @AnthropicAI @claudeai with claude code which helped me scan the repo.

@telisxyz Telis

Join the waitlist at telis.xyz to be the first to try. Docs and more info coming soon. Teleport • Instantly.

@easybrane @immunefi What was the bug ?

I just found a confirmed bug on @immunefi #immunefitribe immunefi.com/s/ss/?severity…

My new Hate - “Neoliberal growth-obsessed capitalism that gives endless purpose to expansion, destroying nature and forcing people to constantly keep up.”

@JoinEdgeCity @Varunsingh2534

Edge City is hiring! ☀️ We’re looking for a full-time Project Lead. You'll be a generalist who helps to bring our villages to life, builds & runs our internal systems, and supports the community. Link with more info in the next post! (Tag a friend who should apply)

@TrenchExchange I need that alpha

onchain isn’t noisy, you’re just under-equipped trench turns onchain chaos into trading advantage

@chopraprajin I want to be OG trencher .

who wants to be an OG trencher?

@0xTanishaa 🚀🚀

gm web3🖤 if the world’s gonna be chaotic, at least I’ll be iconic.

@immunefi Hi

Say hi and I’ll recommend a security research topic that perfectly fits your profile.

@karan_pargal Keen to know what are you doing for black box problem around 8004.

Played around x402 and ERC-8004 this weekend, thinking to make some content around it later.

@devfolio @ETHIndiaco When ETH goes down ETHindia comes up

We're doing things differently this time @ETHIndiaco

No hallucinations, finally . A worthy looking AI

@karan_pargal Good marketing , hook accha h

only in Bangalore kinda story. saw a beautiful girl at this cafe I was working from, well dressed, waiting for someone for over 25 mins & visibly distressed. spoke to her, she was waiting for an investor who didn't show up (her MVP was NGMI). We spoke more. told her what @Covalent_HQ does, turns out she was indexing on-chain data for her app and spending thousands on infra, now she's just making an API call. Day is made.✌️

@0xTanishaa @0xayushya @0xvestor How easy was it to convince them for this photo , as far as i know they dont want people to know this . 😅

Have you seen twins in Web3?