HackerTrans
トップ新着トレンドコメント過去質問紹介求人

lunw

no profile record

投稿

[untitled]

1 ポイント·投稿者 lunw·12 か月前·0 コメント

[untitled]

1 ポイント·投稿者 lunw·12 か月前·0 コメント

[untitled]

1 ポイント·投稿者 lunw·12 か月前·0 コメント

Supabase MCP's Lethal Trifecta

simonwillison.net
12 ポイント·投稿者 lunw·昨年·0 コメント

Community Is Motivation on Tap

alanwu.xyz
117 ポイント·投稿者 lunw·昨年·49 コメント

Agency is your secret edge

alanwu.xyz
3 ポイント·投稿者 lunw·昨年·0 コメント

Cursor and Supabase MCP = private SQL tables leaked

generalanalysis.com
6 ポイント·投稿者 lunw·昨年·1 コメント

A Review of ThunderKittens for General ML Audience

alanwu.xyz
4 ポイント·投稿者 lunw·昨年·1 コメント

コメント

lunw
·12 か月前·議論
- imessage MCP: built by Anthropic - Claude Desktop: has dev keys - Stripe: just executing bad requests - avg devs: claude goes brr - CISOs: should be concerned
lunw
·昨年·議論
Co-founder of General Analysis here. Technically this is not a responsibility of Supabase MCP - this vulnerability is a combination of:

1. Unsanitized data included in agent context

2. Foundation models being unable to distinguish instructions and data

3. Bad access scoping (cursor having too much access)

This vulnerability can be found almost everywhere in common MCP use patterns.

We are working on guardrails for MCP tool users and tool builders to properly defend against these attacks.
lunw
·昨年·議論
Agreed. I'm very curious to see how this unfolds.
lunw
·昨年·議論
Nice to see some cool jailbreaks being worked on. Hope people patch it soon so we can look at the methodology.