vd7

@itstimconnors Something similar I did, GPT-4V + Puppeteer and some hacks Chrome Canary setup to get around paywalls and login screens: github.com/vdutts7/gpt4V-…

@AikidoSecurity @TansTack @mistral @UiPath @Squawk @tallyui @BeProduct AI writen tweet by cyber security company with "AI detection defense" 😂

Update 5:05 PT: The attack has now expanded well beyond @TanStack and @Mistral. 373 malicious package-version entries across 169 npm package names, including @uipath, @squawk, @tallyui, @beproduct, and more. The malware propagates by stealing your CI credentials and using them to publish new compromised versions. Full IOCs, affected package list, and detection steps: aikido.dev/blog/mini-shai…

@BrianRoemmele @Scobleizer Needed- to be able to communicate with Claude Chrome extension . It makes it seamless so whenever you install Claude extension on another browser and login, it has all the context and it doesn't just get siloed within one browser github.com/vdutts7/glider does same thing

LISTENING IN: Privacy Researcher Finds Anthropic’s Claude Desktop App Installs Undisclosed Native Messaging Bridge DO YOU HEAR ME NOW? A detailed technical analysis published by privacy and security researcher Alexander Hanff has raised serious concerns about Anthropic’s Claude Desktop application for macOS. Hanff, whose work is frequently referenced by Chief Privacy Officers and cybersecurity professionals, discovered the issue while auditing Native Messaging helpers on his own MacBook. According to the blog post, installing the Claude Desktop app automatically deploys a Native Messaging manifest file named com.anthropic.claude_browser_extension.json into the support directories of multiple Chromium-based browsers. This occurs even for browsers the user has never installed or does not use! The manifest file references a local binary located inside the Claude.app bundle at /Applications/Claude.app/Contents/Helpers/chrome-native-host. This binary functions as a bridge that allows pre-authorized browser extensions to communicate directly with the Claude Desktop app outside the browser’s sandbox, operating at full user privilege level via standard input/output. Key technical findings include: •The bridge pre-authorizes three specific Chrome extension IDs. •It is designed to remain dormant until activated by one of those extensions. •The manifest files are automatically recreated every time the Claude Desktop app launches, making permanent removal difficult. •Installation activity is logged in ~/Library/Logs/Claude/main.log, with timestamps confirming the files were written regardless of whether the browsers were present or supported. Hanff notes that the silent installation without user disclosure or consent is the central issue. Privacy, Security, and Potential Legal Implications. Corporations should not only note this but assume this is taking place. The researcher characterizes the behavior as “pre-installed spyware capability” for several reasons: •No clear notification or opt-in is provided to users during installation. •The process modifies configuration files across multiple browser vendors and creates directories for non-existent browsers. •Once active, the bridge could potentially expose authenticated web sessions (e.g., banking, email, or health portals), read decrypted page content, or enable automation. •The generic naming and automatic re-creation obscure the mechanism, resembling “dark patterns.” Hanff further contends that the practice may violate Article 5(3) of the EU’s ePrivacy Directive, which requires explicit consent before storing or accessing information on a user’s device. In response, he has issued a formal Cease and Desist letter to Anthropic, demanding that the company update the app to require explicit user opt-in (for example, only after the corresponding Chrome extension is installed) within 72 hours, or face further legal action. This revelation highlights ongoing challenges in the AI industry as companies develop increasingly “agentic” tools that require deep system and browser access. While such technical bridges are sometimes necessary for advanced functionality, transparency, documentation, and user control are considered essential by privacy advocates. Anthropic as expected has not issued a public statement addressing the specific allegations. Users who have installed Claude Desktop on macOS are advised be sure they like this idea. I sure don’t. 
Alexander Hanff’s full technical analysis: thatprivacyguy.com/blog/anthropic…

@cocktailpeanut yt-dlp is one commad

1-Click Download ANY video/audio on the web! Just tried it out, it works really well! One app to download anything. YouTube, TikTok, Instagram, Twitter/X, Reddit, Facebook, Vimeo, Twitch, Dailymotion, SoundCloud , Loom, Streamable, Pinterest, Tumblr, Threads, LinkedIn and 1000+ more

@rauchg @garrytan @ctatedev github.com/vdutts7/glider

@garrytan 🙌 agent-browser.dev h/t @ctatedev

MCP sucks honestly It eats too much context window and you have to toggle it on and off and the auth sucks I got sick of Claude in Chrome via MCP and vibe coded a CLI wrapper for Playwright tonight in 30 minutes only for my team to tell me Vercel already did it lmao But it worked 100x better and was like 100LOC as a CLI

@mattshumer_ @dzhng 👀

Company identified. They’re going to pull us into the multi-agent future. I’m sure of it. More to come soon :)

@BenjaminDEKR Yes it uses “Javascript tools” and then proceeds to reverse engineer a site

When Claude uses the Chrome Extension, does it also have access to read page DOM / source, similar to Playwright?

@clare_liguori Isn’t every MD file only useful because there is a JSON, YAML, and/or set of primitive bash commands ultimately doing the work/execution? Markdown as “dumb” orchestrators, scripts as smart executors

I predict Markdown tools will eat the world in 2026 LLMs excel at markdown from their coding training, so it's the best format for agents to consume and produce content. Agents can use MD conversion tools (pandoc, marp, mkdocs) to make slides, docs, websites, emails. What else?

@ericzakariasson Isn’t this Cursor’s job 😂

append this prompt to prevent agent hallucinations: > ask more questions until you have enough context to give an accurate & confident answer it also helps you discover edge cases you might not have thought about. it's not a silver bullet, but it's a step in the right direction

@clare_liguori Any plans of BYOM to Kiro? i.e. billing by API key Have been using Kiro internally for custom use case of building knowledge bases + faster ticket triaging on my team. How can I reach out and share? @clare_liguori

Cursor (composer-1) just hallucinated an entire finance project into my AWS project 🤡 No mention of bonds, CPI, or FRED Suddenly: “Task 4 complete - collected 13 global economic series” + fake Python files Long-context users in shambles @cursor_ai @mntruell @ericzakariasson

@askOkara @Zai_org is cracked

your favorite open-source ai lab, and why?

VibeSDK's site: build.cloudflare.dev

get the code from github: github.com/vdutts7/cf-fp

vibecoding prompt: "Build a page that fingerprints me and then shows me what it found" 🤯 Threw ^ that prompt into the new @CloudflareDev VibeSDK and it built this in one shot Underrated. Code below 🔗 …qdyv16sftvocsrl_qi62w.vd7.workers.dev

@boneGPT Brand new sentence

as expected, the LLMs trade worse if they think they are black

@svpino @capeandcode “Let me add one more README summarizing what we’ve accomplished so far” “Let me add one more slightly safer version, in case this one doesn’t work” ☕️

@capeandcode Been there

@boneGPT @grok make a realistic selfie of marc and sam woth proper bg removal

is it time to buy $CRM calls