HackerTrans
TopNewTrendsCommentsPastAskShowJobs

steipete

no profile record

comments

steipete
·قبل 3 أشهر·discuss
Peter here from OpenClaw. For context, here’s why our post reads the way it does:

Boris from Claude Code said publicly on Twitter that CLI-style usage is allowed. We took that seriously and invested time building around that guidance. I even changed the defaults, so when using the cli we're automatially disabling features that use excessive tokens like the heartbeat feature. But in practice, Anthropic still blocks parts of our system prompt, so the actual behavior today does not match what was communicated publicly.

https://x.com/bcherny/status/2041035127430754686

They since seemed to changed their classifier as people hack around it, as it is trivial to do so with a few renames. I'm not playing that game so it's in a weird limbo where it should work in theory but doesn't in practice.
steipete
·قبل 3 أشهر·discuss
ofc it's software engineers.
steipete
·قبل 3 أشهر·discuss
Honestly that seems like total guesswork. There's a lot of FUD going around, or people running portscans and assuming just because they detect a gateway on a port, that they can connect to it. That’s not the case.
steipete
·قبل 3 أشهر·discuss
They both sponsor the OpenClaw Foundation and provide engineers to improve OpenClaw.
steipete
·قبل 3 أشهر·discuss
OpenClaw creator here.

This was a privilege-escalation bug, but not "any random Telegram/Discord message can instantly own every OpenClaw instance."

The root issue was an incomplete fix. The earlier advisory hardened the gateway RPC path for device approvals by passing the caller's scopes into the core approval check. But the `/pair approve` plugin command path still called the same approval function without `callerScopes`, and the core logic failed open when that parameter was missing.

So the strongest confirmed exploit path was: a client that ALREADY HAD GATEWAY ACCESS and enough permission to send commands could use `chat.send` with `/pair approve latest` to approve a pending device request asking for broader scopes, including `operator.admin`. In other words: a scope-ceiling bypass from pairing/write-level access to admin.

This was not primarily a Telegram-specific or message-provider-specific bug. The bug lived in the shared plugin command handler, so any already-authorized command sender that could reach `/pair approve` could hit it. For Telegram specifically, the default DM policy blocks unknown outsiders before command execution, so this was not "message the bot once and get admin." But an already-authorized Telegram sender could still reach the vulnerable path.

The practical risk for this was very low, especially if OpenClaw is used as single-user personal assistant. We're working hard to harden the codebase with folks from Nvidia, ByteDance, Tencent and OpenAI.
steipete
·قبل 5 أشهر·discuss
Mario has a special place in the Clawtributor list.

https://github.com/openclaw/openclaw#community
steipete
·قبل 6 أشهر·discuss
Funny timing. Written in 10 days just when this took off. https://clawd.bot/
steipete
·قبل 9 أشهر·discuss
Marketing for what? I didn't even link to what I'm building because I wanna ship it when it's ready.
steipete
·قبل 9 أشهر·discuss
(OP) You know if I link to a half-finished project, people would take it apart as many don't understand the nuance between crap and simply not done yet. But if you follow me on twitter it'll take you a few minutes to figure out. I'm two months in, even with AI, shipping good stuff takes time.
steipete
·قبل 9 أشهر·discuss
(OP) 1/3rd of the code is tests.

There's an Expo app, two Tauri apps, a cli, a chrome extension. The admin part to help debug and test features is EXTREMELY detailed and around 40k LOC alone.

To give some perspective to that number.
steipete
·قبل 9 أشهر·discuss
OP: If you give the llm examples like https://react.dev/learn/you-might-not-need-an-effect, it does a farily good job at refactoring useEffecs.

And yes refactoring sometimes re-introduces these, so it's not a perfect solution.
steipete
·قبل 9 أشهر·discuss
(OP) the current projec is closed source. If you look at my cli tools, that's pure slop, all I care is that it works, so reviewing that code for sure will show some weird stuff. Does it matter? It's a tool to fetch logs form a server. I run it locally. As long as is does that reliably, idk about the code.
steipete
·قبل 9 أشهر·discuss
tbh in the time where everyone uses AI to write articles, some typos and mistakes like that are helpful to show that it's human made.
steipete
·قبل 9 أشهر·discuss
(OP) I use atlas for database migrations, it works quite well with agents and has plenty guardrails around it.
steipete
·قبل 10 أشهر·discuss
Been using that for a while, first Chinese model that works REALLY well!

Also fascinating how they solved the issue that Claude expects a 200+k token model while GLM 4.5 has 128k.