You're talking about if a box is compromised, but to clarify, this is hard coded into the source in the repo, not an end-user's credentials (and it's a `client_id` and `client_secret`, not a token): https://github.com/clawdbot/clawdbot/blob/7187c3d06765c9d3a7...
Wild. There are 300 open Github issues. One of them is this (also AI generated) security report: https://github.com/clawdbot/clawdbot/issues/1796 claiming findings of hundreds of high-risk issues, including examples of hard coded, unencrypted OAuth credentials.
I don't feel like they owe me a refund in principle, at the end of the day I paid for subscription-free software and they delivered it, and I'm happy to do that exchange. I just don't like the changes and the future direction and that I won't be receiving updates to the one I'm currently using.
Not happy. I recently purchased the whole suite and now not only is it now free (didn't need to purchase it), but it's no longer even what I want. And it doesn't work on iPad until they finish whatever rewrite, when cross-platform + apple pencil niceness was a huge draw.
Sure, it's free -- but it's no longer the same product with the same priorities.
Not all rewriting and not all summarization is the same, and the surprising part is that it often makes it seem more legitimate. There's no reason, for example, that it couldn't rephrase it in a way that conveys it as suspicious.