so moltbook and clawedbot are having a meltdown because it only took ten days for someone to realize it was a pietri dish for malware and packed the skills store full of backdoored malicious bullshit and they had no plan to deal with that inevitability?
-
@Viss just jumping in to fuck up some webhooks-aaS (webhook dot site) I see in this attack chain.
.beeceptor[.]com/
.hookbin[.]com/
.hookdeck[.]com/
.mockly[.]me/
.mockoon[.]app/
.pipedream[.]com/
.postb[.]in/
.putsreq[.]com/
.requestcatcher[.]com/
.requestinspector[.]com/
.svix[.]com/
.webhook[.]cool/
.webhook[.]site/
.webhookapp[.]dev/
.webhookcatcher[.]com/
.webhookinbox[.]com/
.webhooklistener[.]cloud/
.webhookrelay[.]com/
.webhook-test[.]com/
.wiremock[.]cloud/ -
@maaneeack @ewhac full payment up front, then rm everything
@Viss @maaneeack @ewhac No, even better: do this, but when they get mad you say "chatgpt said it would fix it!". They can't get mad at chatgpt!
-
so moltbook and clawedbot are having a meltdown because it only took ten days for someone to realize it was a pietri dish for malware and packed the skills store full of backdoored malicious bullshit and they had no plan to deal with that inevitability? because this was a guarantee. it was GOING to happen. if we go save them, we are letting them fuck around, but not find out. they NEED to find out.
do not help
you are OBLIGATED to watch it burn
@Viss What the fuck is this? Reading the comments here, all I can tell is that they trained a bunch of LLMs on noise produced by other LLMs. I don't understand what exactly is going on, but it's still funny.
-
@Viss What the fuck is this? Reading the comments here, all I can tell is that they trained a bunch of LLMs on noise produced by other LLMs. I don't understand what exactly is going on, but it's still funny.
@jackemled oh did you find moltbook.com/m/shitposts?
-
@Viss just jumping in to fuck up some webhooks-aaS (webhook dot site) I see in this attack chain.
.beeceptor[.]com/
.hookbin[.]com/
.hookdeck[.]com/
.mockly[.]me/
.mockoon[.]app/
.pipedream[.]com/
.postb[.]in/
.putsreq[.]com/
.requestcatcher[.]com/
.requestinspector[.]com/
.svix[.]com/
.webhook[.]cool/
.webhook[.]site/
.webhookapp[.]dev/
.webhookcatcher[.]com/
.webhookinbox[.]com/
.webhooklistener[.]cloud/
.webhookrelay[.]com/
.webhook-test[.]com/
.wiremock[.]cloud/@badsamurai i have every confidence that this rabbit hole will be like, guardians of the galaxy flavored, with all the colors and shit. It'll be an absolutely roller coaster of lunacy
-
@jackemled oh did you find moltbook.com/m/shitposts?
@Viss I did not find it. I meant the replies here.
-
@Viss you could even say they are having a moltdown
-
so moltbook and clawedbot are having a meltdown because it only took ten days for someone to realize it was a pietri dish for malware and packed the skills store full of backdoored malicious bullshit and they had no plan to deal with that inevitability? because this was a guarantee. it was GOING to happen. if we go save them, we are letting them fuck around, but not find out. they NEED to find out.
do not help
you are OBLIGATED to watch it burn
@Viss
> do not helpWouldn't, even if I knew how.
-
so moltbook and clawedbot are having a meltdown because it only took ten days for someone to realize it was a pietri dish for malware and packed the skills store full of backdoored malicious bullshit and they had no plan to deal with that inevitability? because this was a guarantee. it was GOING to happen. if we go save them, we are letting them fuck around, but not find out. they NEED to find out.
do not help
you are OBLIGATED to watch it burn
Just been reading about it...sounds more like someone's weird idea of an experimental art project til I got to this bit:
"“In practice, because it was written by AI, security wasn’t a dominating feature in the development process,” Turner said."
Oh dear...did someone AI vibe-code an entire social media site for 'AIs'? And it's full of security holes?
*shocked pickachu face*
-
@Viss I did not find it. I meant the replies here.
Short version, moltbook is a bunch of LLMs chatting with each other, reddit style. "Skills" are untrusted, unsigned, unverified code the LLMs can "choose" to run to "do things."
Think of them like tools under MCP server, but without all that pesky authentication, verification, and such.
Wackiness ensued.
@Viss enjoys Nostradamus level fame for predicting it.
-
so moltbook and clawedbot are having a meltdown because it only took ten days for someone to realize it was a pietri dish for malware and packed the skills store full of backdoored malicious bullshit and they had no plan to deal with that inevitability? because this was a guarantee. it was GOING to happen. if we go save them, we are letting them fuck around, but not find out. they NEED to find out.
do not help
you are OBLIGATED to watch it burn
@Viss That trash fire was always burning...
-
Short version, moltbook is a bunch of LLMs chatting with each other, reddit style. "Skills" are untrusted, unsigned, unverified code the LLMs can "choose" to run to "do things."
Think of them like tools under MCP server, but without all that pesky authentication, verification, and such.
Wackiness ensued.
@Viss enjoys Nostradamus level fame for predicting it.
@pseudonym @Viss What the fuck
Why would they set up a system that rolls dice to decide what unknown code to run?I have no idea what MCP is if it's a LLM thing.
-
@Viss just like you, my first instincts on "let the agents who have traditionally have extremely poor security congregate and learn skills with absolutely no confirmation that the skills aren't malicious."
Every fiber of my being was shouting this is gonna be a shitshow.
-
@pseudonym @Viss What the fuck
Why would they set up a system that rolls dice to decide what unknown code to run?I have no idea what MCP is if it's a LLM thing.
@jackemled @pseudonym mcp is "model control protocol". its a syntax invented so that you could tell a model there is a "tool" it can use to do stuff. run commands, visit websites, pull data from apis etc
-
Short version, moltbook is a bunch of LLMs chatting with each other, reddit style. "Skills" are untrusted, unsigned, unverified code the LLMs can "choose" to run to "do things."
Think of them like tools under MCP server, but without all that pesky authentication, verification, and such.
Wackiness ensued.
@Viss enjoys Nostradamus level fame for predicting it.
@pseudonym @jackemled it'll be shortlived, dont worry. something will happen tomorrow, or over the weekend, and by monday we're on to whatever fresh asshattery comes next
-
so moltbook and clawedbot are having a meltdown because it only took ten days for someone to realize it was a pietri dish for malware and packed the skills store full of backdoored malicious bullshit and they had no plan to deal with that inevitability? because this was a guarantee. it was GOING to happen. if we go save them, we are letting them fuck around, but not find out. they NEED to find out.
do not help
you are OBLIGATED to watch it burn
I've been looking for an excuse to go buy a bag of marshmallows. I think I have one. Between them and cryptocurrency melting down, I might be making s'mores this weekend.
-
I've been looking for an excuse to go buy a bag of marshmallows. I think I have one. Between them and cryptocurrency melting down, I might be making s'mores this weekend.
@wolfinpdx smores sound great
-
@jackemled @pseudonym mcp is "model control protocol". its a syntax invented so that you could tell a model there is a "tool" it can use to do stuff. run commands, visit websites, pull data from apis etc
@Viss @pseudonym Oh ok! Thank you! That seems overcomplicated for something you could just do yourself though
-
@Viss @pseudonym Oh ok! Thank you! That seems overcomplicated for something you could just do yourself though
@jackemled @pseudonym thats what lots of people are saying
-
@Viss Part of me wants to suggest, if you do choose to help, you should make them pay through the nose. Like, Arvin Haddad-level of consulting fees (up to $25K/hour).
...But no. We should let it burn.
