IIRC the creator specifically said he's not reviewing any of the submissions and users should just be careful and vet skills themselves. Not sure who OpenClaw/Clawhub/Moltbook/Clawdbot/(anything I missed) was marketed at, but I assume most people won't bother looking at the source code of skills.
"There's about 1 Million things people want me to do, I don't have a magical team that verifies user generated content. Can shut it down or people us their brain when finding skills."
Users should be careful and vet skills themselves, but also they should give their agent root access to their machine so it can just download whatever skills it needs to execute your requests.
Somehow I doubt the people who don't even read the code their own agent creates were saving that time to instead read the code of countless dependencies across all future updates.
The author also claims to make hundreds of commits a day without slop, while not reading any of it. The fact anyone falls for this bullshit is very worrying.
lm28469|24 days ago
muvlon|24 days ago
CER10TY|24 days ago
InsideOutSanta|24 days ago
Presented as originally written:
"There's about 1 Million things people want me to do, I don't have a magical team that verifies user generated content. Can shut it down or people us their brain when finding skills."
jon-wood|24 days ago
fl0ki|24 days ago
pixl97|24 days ago
UI is perfect for 'vote' manipulation. That is download your own plugin hundreds of times to get it to the top. Make it look popular.
No way to share to other that the plugin is risky.
Empowers users to do dangerous things they don't understand.
Users are apt to have things like API keys and important documents on computer.
Gold rush for attackers here.
latexr|24 days ago