HackerTrans
TopNewTrendsCommentsPastAskShowJobs

ashwinr2002

no profile record

Submissions

Show HN: Dangerously-skip-permissions IFF it doesn't WRITE outside Sandbox

github.com
1 points·by ashwinr2002·5 miesięcy temu·0 comments

Show HN: Prompt-injection firewall for OpenClaw agents

github.com
6 points·by ashwinr2002·5 miesięcy temu·3 comments

Show HN: ContextFort – Visibility and controls for browser agents

contextfort.ai
14 points·by ashwinr2002·6 miesięcy temu·1 comments

comments

ashwinr2002
·3 miesiące temu·discuss
Prompt Injections are very very rare these days after the Opus 4.6 update
ashwinr2002
·5 miesięcy temu·discuss
This is unreachable?
ashwinr2002
·5 miesięcy temu·discuss
minger's a new word
ashwinr2002
·5 miesięcy temu·discuss
This is a horrible change! I agree with everything in the article
ashwinr2002
·5 miesięcy temu·discuss
Apologies for the formatting

Can we not assume that the plan you just said “ok” to came from a user prompts you made earlier in the chat session and hence does influence this decision process.

Another point in the idea is that this trusted context can include even the AI replies up until there hasnt been a tool calls yet that brings back a response an attacker can control

But it’s entirely possible that there are edge cases here, a red teaming dataset to cover these cases shouldn’t be hard to create
ashwinr2002
·6 miesięcy temu·discuss
I understand that, but how do you come up with the endpoints you want claude to have access to ahead of time?

For example, how do you collect all the endpoints that have access to customer info per your example.

Thought about it and couldn't find a way how
ashwinr2002
·6 miesięcy temu·discuss
> With macaroons you can design the authz scheme that you want for any arbitrary API.

How would you build such an authz scheme? When claude asks permissions to access a new endpoint, if the user allows it, then reissue the macaroons?
ashwinr2002
·6 miesięcy temu·discuss
This seems like an under-rated comment. You are right, this is a vulnerability and the blog doesn't talk about this.
ashwinr2002
·6 miesięcy temu·discuss
P.S.: The extension has as many permissions as Claude in Chrome itself. But, the only network requests from the extension are to posthog, just for us to know which features are being used.

Here is a youtube video where I show the network requests of the extension: https://www.youtube.com/watch?v=J356Nquxmp4

To know what posthog collects and how to disable it (change in a single line of code), please refer to this file: https://github.com/ContextFort-AI/ContextFort/blob/main/POST...
ashwinr2002
·11 miesięcy temu·discuss
Really cool product! Which email providers do you support?