@ZackKorman Zack Korman

Zack Korman posts on X about ai, this is, openclaw, skill the most. They currently have [-----] followers and [---] posts still getting attention that total [------] engagements in the last [--] hours.

Engagements: [------] #

• [--] Week [-------] -0.11%
• [--] Month [---------] +106%
• [--] Months [---------] +1,803%
• [--] Year [---------] +147,525%

Mentions: [--] #

• [--] Week [---] +22%
• [--] Month [---] +77%
• [--] Months [---] +1,665%
• [--] Year [---] +3,808%

Followers: [-----] #

• [--] Week [-----] +3.40%
• [--] Month [-----] +17%
• [--] Months [-----] +208%
• [--] Year [-----] +265%

CreatorRank: [-------] #

Social Influence

Social category influence technology brands 17.69% stocks 5.38% social networks 3.85% finance 3.85% celebrities 0.77%

Social topic influence ai 22.31%, this is 6.15%, openclaw #1122, skill #1160, agent #1117, vercel #148, open ai #1205, in the 3.85%, future 3.85%, ngmi 2.31%

Top accounts mentioned or mentioned by @0xtib3rius @tuckner @icesolst @uk_daniel_card @decryptedtech @ukdanielcard @paulsanders87 @techspence @liran_tal @thedealdirector @snyksec @akses_0x00 @geordie_brigand @hackinglz @notnordgaren @virustotal @sentinelone @inf0stache @dir @l0psec

Top assets mentioned Alphabet Inc Class A (GOOGL) Microsoft Corp. (MSFT) Cloudflare, Inc. (NET)

Top Social Posts

Top posts by engagements in the last [--] hours

"@techspence This is art"
X Link 2026-02-14T17:43Z [----] followers, [---] engagements

"@HackingLZ Yea I am but I think theres cases where customers should be told and where they wont get that info by relying on weird blog posts getting attention"
X Link 2025-08-19T03:56Z [----] followers, [----] engagements

"Copilot in Excel is a global financial crisis waiting to happen"
X Link 2025-10-05T13:25Z [----] followers, 2.8M engagements

"@BasicGage Its coming for our jobs"
X Link 2025-10-05T13:42Z [----] followers, 55.2K engagements

"@LewisMcLellan1 Yea it thought for like [--] seconds before landing on this conclusion"
X Link 2025-10-05T15:13Z [----] followers, 64.3K engagements

"@ZeroTraceInit I know Im genuinely stunned. Having a totally normal Sunday making myself mad for fun"
X Link 2025-10-05T16:11Z [----] followers, 33.7K engagements

"@HarmPersonal This is my favorite reply so far"
X Link 2025-10-05T21:57Z [----] followers, 51.7K engagements

"Unlike human employees AI never gets tired. Instead it just loses its mind. This is the output Gemini gave us using 60k tokens to repeat flagged_for_review_by_AI_model_because_of_anomalous_activity_given_user_role_and_download_history_BOM_CAD_firmware_access"
X Link 2025-10-20T18:07Z [----] followers, 152.7K engagements

"A Figma sales rep was trying to get us to upgrade. We did a meeting but decided no so he wrote this back (see photo). Excuse me what I dont like your answer so I went digging through your data to find info to help me make a sale. Im not okay with that"
X Link 2025-10-30T17:07Z [----] followers, 993.3K engagements

"Made a list of all the recommendations I received. Now I just need to ruthlessly review each one. Are there any cybersecurity podcasts that are just chill conversations I feel every podcast has some specific topic or agenda whereas I really just want to hear what the person has going on generally. If this exists please let me know Are there any cybersecurity podcasts that are just chill conversations I feel every podcast has some specific topic or agenda whereas I really just want to hear what the person has going on generally. If this exists please let me know"
X Link 2025-11-09T15:53Z [----] followers, 91.7K engagements

"Pro tip for threat actors: buy failed startups that own multitenant apps. Details on how browser extensions can be bought and sold. Access to your browser and data is a commodity. Details on how browser extensions can be bought and sold. Access to your browser and data is a commodity"
X Link 2026-01-15T21:41Z [----] followers, [----] engagements

"I talked way more shit in this episode than I remembered. Thanks for putting up with me @SwiftSecur1 and @0xTib3rius. Also we agreed that the next time theres a fight between cybersecurity people on this site they should have to go on a podcast and fight it out there. Episode 29: HackKorman @0xTib3rius & @SwiftSecur1 are joined by Zack Korman (@ZackKorman) to talk about his podcast reviews cybersecurity social media and hacker conventions. Links below Episode 29: HackKorman @0xTib3rius & @SwiftSecur1 are joined by Zack Korman (@ZackKorman) to talk about his podcast reviews cybersecurity"
X Link 2026-01-30T16:42Z [----] followers, [----] engagements

"Humbled and honored to have the top security skill on Vercel's illustrious skills registry http://skills.sh http://skills.sh"
X Link 2026-02-03T07:36Z [----] followers, [----] engagements

"Hey @vercel I know a skill that recommended this unsafe malicious skill. You should flag that skill with a security warning too"
X Link 2026-02-04T07:29Z [----] followers, [----] engagements

"Vercel blocked find-skills from recommending my malicious skill but fear not: I made a new skill (security-review2) that isn't malicious. All it does it installs the malicious skill. Totally safe"
X Link 2026-02-04T18:48Z [----] followers, 31.3K engagements

"Vercel has now flagged security-review-2 for recommending my malicious security-review skill. The warning says "Do not reference external skills that users cannot audit before installation." Vercel author of "find-skills" which recommends external skills to install"
X Link 2026-02-06T19:46Z [----] followers, [----] engagements

"Meh I hate to say it but yall are guilty here. You made your report about clawhub the smaller much less relevant skills ecosystem that arguably wont even exist in a few weeks and said but it applies to all skills registries. Im all for security research angling for broader appeal but I dont even think that was necessary here. AI agent coding is a huuuuge topic. https://twitter.com/i/web/status/2020052278040773107 https://twitter.com/i/web/status/2020052278040773107"
X Link 2026-02-07T08:29Z [----] followers, [---] engagements

"Installing someones AI agent skill is the developer equivalent of commenting PLAYBOOK on a LinkedIn post"
X Link 2026-02-07T11:00Z [----] followers, [----] engagements

"A lot of people have sent me their MCP / skills scanners. Credit for trying but thats not going to work. Definitely not for MCP and for skills youd have to flag every skill that loads external content. Which you cant do because thats a major (legitimate) use case"
X Link 2026-02-07T14:57Z [----] followers, [----] engagements

"@HackingLZ Ngmi deserves a spot"
X Link 2026-02-07T22:05Z [----] followers, [---] engagements

"@inf0stache I am so confused right now. Did they really have it only apply a label in a UI no one uses"
X Link 2026-02-08T02:25Z [----] followers, [---] engagements

"@UK_Daniel_Card This except actually they find a gun then hand the gun back and let the person in"
X Link 2026-02-08T07:43Z [----] followers, [---] engagements

"@UK_Daniel_Card Lol I dont want to drag him here hes basically the only person doing anything on security for this project whereas Im more like yea let it burn. And he did fix it based on my tweet. But still kinda lol"
X Link 2026-02-08T07:55Z [----] followers, [---] engagements

"Yesterday I posted that even when Virustotal labels a skill as suspicious clawhub still recommends it and installs it without warning. The Virustotal founder then told me Im just stating the obvious while others are actually improving security. Wow"
X Link 2026-02-08T10:18Z [----] followers, 18.7K engagements

"@UK_Daniel_Card Thank you. Absolutely unhinged"
X Link 2026-02-08T10:19Z [----] followers, [---] engagements

"@jpalioto @UK_Daniel_Card Thanks. I think its the speak up and get attacked bit thats so out of line for what we should expect within the security community. Trying to discourage security people from talking is bad form"
X Link 2026-02-08T15:05Z [----] followers, [--] engagements

"@paulsanders87 Yea absolutely. Theres so many security problems not everyone has to be working on whatever is the most hyped at any given moment. Plus openclaw is still just a viral hobby project"
X Link 2026-02-08T20:24Z [----] followers, [---] engagements

"@princessakano @_winter_wonders Oh my god I missed this. But dont worry theres security-review-3 and [--] (I messed up [--] and 5)"
X Link 2026-02-08T22:14Z [----] followers, [---] engagements

"@HackingLZ Highlight of my weekend too. Apparently Im ngmi"
X Link 2026-02-09T13:54Z [----] followers, [---] engagements

"@S1r1u5_ Yea I got absolutely destroyed by the cert pinning last time and it drove me crazy. But what else is there I didnt spend time really looking because its not what I was doing but it seemed to be a lot Theyre even passing the system prompt there which I didnt fully expect"
X Link 2026-02-09T17:53Z [----] followers, [---] engagements

"@IceSolst Sure but Openclaw is a weird one to pick up on given its complete lack of relevance to the enterprise ecosystem and what appears to be its already declining popularity (from what I can tell)"
X Link 2026-02-09T20:03Z [----] followers, [---] engagements

"@techspence This is unironically why I think all the its so over this is agi takes are dumb. Until I can vibecode my house I aint stopping"
X Link 2026-02-10T07:13Z [----] followers, [---] engagements

"@magnushambleton Walking in Dallas is absolutely not a thing. I one time saw my neighbor walking to the grocery store which is maybe [---] meters away and called my dad to ask if she was okay or if she needed help"
X Link 2026-02-10T07:33Z [----] followers, [--] engagements

"The best way to fix the agent skills security problem isnt vulnerability scanning or sandboxing. Its convincing everyone that installing skills is embarrassing (because it is)"
X Link 2026-02-10T07:45Z [----] followers, [----] engagements

"@akses_0x00 Exactly. It was designed to let you basically split up your main rules files to not load them all every single time. Which is great And then people were like gimme dat good design skill it says be good at design make no mistakes (also curl bash) http://zkorman.com/execs http://zkorman.com/execs"
X Link 2026-02-10T08:00Z [----] followers, [---] engagements

"@paulsanders87 Of course just as the good lord intended. Skills are great when you make your own because it means heres some more info you can load when needed (protects context)"
X Link 2026-02-10T08:05Z [----] followers, [---] engagements

"@mrgretzky NoOoOOooOO dont you get Mr Gretzky that not ALL solutions are 100% it has always been like that this is a great step forward towards (checks notes) making threat actors modify one (1) line in a markdown file to bypass the scanner. Security"
X Link 2026-02-10T09:03Z [----] followers, [---] engagements

"@DecryptedTech Good point. Maybe copilot isnt the best thing to aim for given it is in every product now haha"
X Link 2026-02-10T12:57Z [----] followers, [--] engagements

"@ibuildthecloud I dont understand it though. The web is just a UI on a backend. If the backend has an MCP server why do you need WebMCP Genuinely curious as Im trying to understand what this is for"
X Link 2026-02-10T21:53Z [----] followers, [---] engagements

"@wesbos @ibuildthecloud Its way easier to do this than make an MCP server I mean both are hey Claude make this an MCP server / webMCP"
X Link 2026-02-11T01:46Z [----] followers, [--] engagements

"Im going to make a video explaining why skills scanners are dumb then never talk about skills again because I hate this topic so much and its beyond stupid that its getting this much attention"
X Link 2026-02-11T19:05Z [----] followers, [----] engagements

"@DecryptedTech Yea I feel like I didnt mean to pick up on skills right when it became trendy. I enjoyed my work on MCP so much more because it was less hot. This just feels wild. Im glad youve liked it though thanks for saying that"
X Link 2026-02-11T19:19Z [----] followers, [---] engagements

"@dir @kubedoll Okay but I dont need any of that I need my AI to trust my skills files not treat them like third party dependencies. And I think thats honestly what most devs need. The original use case for skills was so much more valuable than what people are building them to be"
X Link 2026-02-11T20:04Z [----] followers, [--] engagements

"@tuckner @UK_Daniel_Card @L0Psec Yea I saw they added a second one. Very confusing"
X Link 2026-02-11T20:05Z [----] followers, [--] engagements

"Except if people continue using skills as these wild third party dependencies (something I content people are doing because theyre confused about what skills are) then the AI labs need to RL the models to treat skills as untrusted content. One of the most dangerous parts about skills today is that the models just trust them as if theyre the users input. If they change that to say hey maybe dont trust skills then yes that was taken away from me"
X Link 2026-02-11T21:19Z [----] followers, [--] engagements

"@brvnd0n_onbase @NotNordgaren @0xTib3rius Home Depot skill for doing something more useful than making software"
X Link 2026-02-11T22:48Z [----] followers, [--] engagements

"@SimoKohonen I never wanted this. I dont want to be the markdown file guy"
X Link 2026-02-12T07:01Z [----] followers, [---] engagements

"@syntaxish @SimoKohonen Oh my god @0xTib3rius Carmen is out here putting your work to shame"
X Link 2026-02-12T07:44Z [----] followers, [---] engagements

"This is a super common problem. Teams will build out really thorough reviews of new vendors and stuff but then to install checks notes instructions to your AI that has root access theres very little. I actually saw someone pitching this as a feature. Your security team cant say no lol"
X Link 2026-02-12T09:09Z [----] followers, [--] engagements

"@thedealdirector @j2k3k Gen Z needs skills hacks too"
X Link 2026-02-12T17:36Z [----] followers, [--] engagements

"@Barabazs_ Nope. Just for updating normal skills so they get better rate limiting (from the comment they wrote on its use)"
X Link 2026-02-12T19:14Z [----] followers, [----] engagements

"@tweetellington @Barabazs_ It is just fetching directly from github. So when you run npx skills add zackkorman/skills@security-review it is cloning that repo to a temp location then copying over the skill"
X Link 2026-02-12T20:08Z [----] followers, [--] engagements

"@0xTib3rius Surely someone at OpenAI follows you. If so hook @0xTib3rius up with a Pro plan. Hell tweet and say actually AI is good"
X Link 2026-02-12T20:58Z [----] followers, [----] engagements

"@terrorobe I actually meant my point about maybe this is normal for npm shit seriously. Like it looks crazy to me but there is in the open sooo maybe Im the weird one for thinking dont touch my secrets without permission"
X Link 2026-02-12T21:04Z [----] followers, [----] engagements

"@0xTib3rius Dear @OpenAI what he means to say is AI is great now give this guy his pro subscription"
X Link 2026-02-12T21:04Z [----] followers, [---] engagements

"@Paul_provalone Just a quick performance optimization called let me borrow your env vars"
X Link 2026-02-12T21:33Z [----] followers, [----] engagements

"@TrickedDev They used loosely here to mean whichever ai model wrote this"
X Link 2026-02-12T21:36Z [----] followers, [----] engagements

"This also maps onto my current use for AI programming. When AI started to get good at writing code the main use was help set up the basic scaffolding then take over. Now its kinda the opposite. Its really hard for me to use AI as a developer to set up the basics because well I have strong opinions on all the data structure and the way data gets routed and stuff like that. Once all of that is in place its easier to extrapolate from that code to go add a new query to get a new type of data and it can be like I see how you do this cool and it gives me what I want. If I just have a binary every"
X Link 2026-02-13T09:22Z [----] followers, [---] engagements

"@goon_nguyen How are you handling skills that make requests to external URLs Like how do you validate that as safe"
X Link 2026-02-13T11:11Z [----] followers, [---] engagements

"@goon_nguyen What happens if my skill says read this url then I change whats at the URL after your scan runs"
X Link 2026-02-13T12:03Z [----] followers, [---] engagements

"@MikeTalonNYC Ngmi"
X Link 2026-02-13T15:09Z [----] followers, [--] engagements

"@DecryptedTech @0xTib3rius @snyksec @virustotal @SentinelOne Less fun :( Plus I dont hate you and I want to be men. I want to let the hate guide me"
X Link 2026-02-14T01:02Z [----] followers, [---] engagements

"@liran_tal @snyksec I made a recent video that explains why scanning doesnt work. In that video I had Claude make me a skills scanner that also successfully caught this type of thing"
X Link 2026-02-14T06:31Z [----] followers, [--] engagements

"lol I literally am running an AI coding agent on a Mac mini right now. The point isnt are ai agents the future. The point is that running openclaw isnt the same as building agents just like playing Neopets isnt the same as building the foundations of what I guess they call web2. https://twitter.com/i/web/status/2022619113961422950 https://twitter.com/i/web/status/2022619113961422950"
X Link 2026-02-14T10:29Z [----] followers, [---] engagements

"@habibislop Sure its not that I have opinions on which ai agent rig to use. It is more that I think people confuse being a consumer vs a builder in this space. Being early to use ai agents isnt necessarily going to be rewarded as highly as some might expect"
X Link 2026-02-14T11:15Z [----] followers, [---] engagements

"We checked the script on that remote server so its safe for your AI to download it at some point in the future. Security companies selling snake oil is going to do so much damage to AI security"
X Link 2026-02-14T12:16Z [----] followers, [--] engagements

"@thedealdirector Oh my god I can just imagine the shitty LinkedIn posts now that AEs will make"
X Link 2026-02-14T12:45Z [----] followers, [----] engagements

"@Poofarmer69 Yea and making something like that takes all of five minutes. Opus [---] one shotted a skills scanner for me in a video I made recently lol. But thats why security companies love it so much. Its trivial to make and has mass marketing appeal. Absolute scam"
X Link 2026-02-14T12:52Z [----] followers, [--] engagements

"@DalaiNightshade Yea tbf I think some people have similar experiences but it is that you have to push further. No one developed great skills just doing the basics on Neopets"
X Link 2026-02-14T14:49Z [----] followers, [--] engagements

"@JohnParadise17 Sure and Neopets was a good start for some people learning html"
X Link 2026-02-14T20:44Z [----] followers, [--] engagements

"If youre in cybersecurity and you arent on the front lines of openclaw / clawhub security thats totally okay. How do we secure a skills marketplace for bots isnt even a top five problem in AI security"
X Link 2026-02-08T20:06Z [----] followers, [----] engagements

"@tuckner THANK YOU. We are so worried about people running openclaw who basically signed their own fate we arent looking at the thing all these devs are using made by a large company trying to get their hands into your env"
X Link 2026-02-08T20:28Z [----] followers, [---] engagements

"@0xTib3rius If this becomes my life I hope someone takes away my phone and cuts my internet. Put me out of my misery"
X Link 2026-02-11T20:06Z [----] followers, [---] engagements

"@tuckner @0xTib3rius This is the darkest timeline"
X Link 2026-02-11T20:28Z [----] followers, [--] engagements

"@techspence @Cloudflare What the hell am I reading"
X Link 2026-02-12T16:40Z [----] followers, [---] engagements

"@IceSolst How dare you. I reposted your thing about notepad"
X Link 2026-02-13T15:09Z [----] followers, [---] engagements

"@arianevans @0xTib3rius Hahahaha the whats the fastest way to complete IR before they get involved made me laugh out loud"
X Link 2026-02-14T17:36Z [----] followers, [--] engagements

"@paulsanders87 Ask openclaw. Or if it still exists tell it to go play for you"
X Link 2026-02-14T18:39Z [----] followers, [--] engagements

"@metjuas That agent will take all your money one way (it sucks and you get pwned) or another (it still sucks but you dont get pwned and pay a ton for inference)"
X Link 2026-02-15T13:19Z [----] followers, [---] engagements

"Except we are disagreeing And thats okay. I think we do need to solve this with external calls. But its okay for me to be wrong on that too. And Id not call what youre doing snakeoil even if I dont think this is the solution because: [--]. Youre not marketing it under the name of a major security brand and [--]. Youre talking about it. In fact I think this is a cool project and Im going to look at it more tonight (on my phone in a car atm). But if this was the Crowdstrike LLMGuard solution and any time someone said eh that seems like it wouldnt work you responded hah people are sitting doing"
X Link 2026-02-15T16:04Z [----] followers, [--] engagements

"@gcvftw @0xTib3rius @vxunderground Ill have you know Im out in the real world right now"
X Link 2026-02-15T16:06Z [----] followers, [--] engagements

"@m0bilej0n @vxunderground Mostly just waits for the next loop but also asks Claude what it feels like doing"
X Link 2026-02-15T17:39Z [----] followers, [--] engagements

"@essobi Im sure you have but youre not going to convince me that the ai agent security space is a solved problem. Like if you do have a solution that doesnt limit functionality you can make a cool billion dollars doing it"
X Link 2026-02-15T18:21Z [----] followers, [--] engagements

"@0xTib3rius Yes but no one ever gave me access. Its like I got rejected hah"
X Link 2026-02-15T19:21Z [----] followers, [--] engagements

"@vxunderground Im actually kinda annoyed by this part. by @vercel is so objectively anti-security by design. This makes it seem like we can say oh who could have known heres our pro tips. Its not [----]. Building an extremely unsafe environment like this was a choice http://Skills.sh http://Skills.sh"
X Link 2026-02-06T16:54Z [----] followers, [----] engagements

"Enterprise security companies marketing strategy right now"
X Link 2026-02-09T19:53Z [----] followers, 16.8K engagements

"RT @IceSolst: The lamest CVE of all time caused by the lamest product feature of all time. Full video with demo below"
X Link 2026-02-12T18:49Z [----] followers, [--] engagements

"Maybe this is just normal levels of npm package stupidity but I don't love that Vercel's skills package silently goes digging for a Github token to use"
X Link 2026-02-12T18:58Z [----] followers, 192.8K engagements

"Cybersecurity companies are extremely guilty of this but youre not allowed to criticize them because at least theyre doing something* *Making a skills scanner. Its always a skills scanner. a lot of companies know they should be doing something in ai but haven't found clarity yet which is why every new concept that comes out gets over developed these companies jump in and build something to try and grab some territory but usually it doesn't make sense a lot of companies know they should be doing something in ai but haven't found clarity yet which is why every new concept that comes out gets"
X Link 2026-02-13T14:53Z [----] followers, [----] engagements

"Running an Openclaw bot isnt building the future of AI agents. Its playing Neopets while Mark Zuckerberg was making Facebook"
X Link 2026-02-14T09:25Z [----] followers, [----] engagements

"The cybersecurity spend required to secure AI agents is going to be massive. I think in the medium term thats going to put pressure on security teams to cut elsewhere"
X Link 2026-02-15T13:02Z [----] followers, 12.4K engagements

"@pedrouid Its very weird that weve settled on claw as a universal suffix for all ai agent frameworks"
X Link 2026-02-15T14:46Z [----] followers, [----] engagements

"@IceSolst I am trying to make a video so inflammatory people will stop calling me the skills guy and start calling me the bad idea guy"
X Link 2026-02-15T16:40Z [----] followers, [---] engagements

"@0xTib3rius Anyone at Google reading this (in case this blows up): give me early access to webmcp. I need it. My family is starving"
X Link 2026-02-15T19:11Z [----] followers, [---] engagements

"@Asim0v1337 Yea thats why I think long term the budget comes back basically but itll take some time"
X Link 2026-02-15T22:44Z [----] followers, [---] engagements

"Hide malicious instructions in a skill so humans won't see it. See: https://github.com/ZackKorman/skills/blob/main/skills/security-review/SKILL.md https://github.com/ZackKorman/skills/blob/main/skills/security-review/SKILL.md"
X Link 2026-02-02T18:11Z [----] followers, 76.2K engagements

"Spent the last two days proving how I can manipulate Vercel's skills package to push a malicious skill with a hidden RCE and more terrible thing. Here's an [--] minute video of me demoing all of that and more. https://www.youtube.com/watchv=UVNuEKFnrT8 https://www.youtube.com/watchv=UVNuEKFnrT8"
X Link 2026-02-03T21:02Z [----] followers, 20K engagements

"@tuckner Oh thats a really good point. Theres actually no version info or anything. Once its downloaded you basically have nothing but the file. Didnt think about that"
X Link 2026-02-06T22:20Z [----] followers, [---] engagements

"I spent a ton of time trying (and failing) to intercept the network traffic from antigravity on my machine. Today I realized I can just open devtools (cmd-shift-i) and see it all there"
X Link 2026-02-09T17:47Z [----] followers, [----] engagements

"This write-up on AI skills security by @akses_0x00 is a masterpiece. https://trapdoorsec.com/posts/skills-are-borked/ https://trapdoorsec.com/posts/skills-are-borked/"
X Link 2026-02-10T19:27Z [----] followers, [----] engagements

"I tried buying two Google AI Ultra licenses ($200/month each). Turns out new workspaces are limited to one. Bold strategy by Google"
X Link 2026-02-11T11:45Z [----] followers, [----] engagements

"@UK_Daniel_Card @L0Psec Good thing clawhub use is on the decline"
X Link 2026-02-11T19:39Z [----] followers, [---] engagements

"@tuckner @IceSolst This is a good enough burn on solst that Ill take the burn on me. Worth it. Ice is the copilot guy"
X Link 2026-02-13T15:25Z [----] followers, [--] engagements

"@tuckner @0xTib3rius @snyksec @virustotal @SentinelOne Damn youre getting there calling Gemini dirty. Gemini is based because it will make malware and do crime for you"
X Link 2026-02-13T22:18Z [----] followers, [---] engagements

"@chubes4 People did some really crazy stuff on Neopets too"
X Link 2026-02-14T18:39Z [----] followers, [--] engagements

"Im making a video outlining how I think we should approach AI agent security. Im sorry to say that youre all going to hate it. I might do a follow up video where anyone who wants can have [--] minutes telling me why Im wrong"
X Link 2026-02-15T16:36Z [----] followers, [----] engagements

"@__mangle Make no security mistakes"
X Link 2026-02-16T06:18Z [----] followers, [--] engagements

"@0xTib3rius This would be a positive contribution to society. OpenAI please acquire"
X Link 2026-02-16T07:11Z [----] followers, [---] engagements

"@RobTerrin People werent driving around intentionally trying to kill people though. Having a seatbelt affected survival rates it didnt make people a target for crashes"
X Link 2026-02-16T16:49Z [----] followers, [--] engagements

"@RobTerrin Youre clearly not AI-pilled enough do you even Opus 4.6"
X Link 2026-02-16T17:52Z [----] followers, [--] engagements

"Programming the old-fashioned way: Getting an AI agent to do it for me but still reading the PRs and caring about code quality"
X Link 2026-02-16T19:05Z [----] followers, [---] engagements

"Microsoft isnt just not issuing a CVE theyre actually not going to disclose this issue at all. Microsoft now confirmed that because the vulnerability I reported is important not critical and because theyve now fixed it they wont issue a CVE. Its like they actually want to discourage people from reporting. Microsoft now confirmed that because the vulnerability I reported is important not critical and because theyve now fixed it they wont issue a CVE. Its like they actually want to discourage people from reporting"
X Link 2025-08-18T19:15Z [----] followers, 434.1K engagements

"Microsoft isnt disclosing this so: M365 Copilot allowed users to access files without producing an audit log. All you had to do was ask Copilot to not link to the file. You dont even have to ask; it sometimes just happens. If your org uses Copilot your audit log is likely wrong Microsoft isnt just not issuing a CVE theyre actually not going to disclose this issue at all. Microsoft isnt just not issuing a CVE theyre actually not going to disclose this issue at all"
X Link 2025-08-19T17:26Z [----] followers, 420.5K engagements

"If you run npx skills add (which you shouldn't) Vercel prompts you to install the "find skills" skill then installs it globally for all AI agents. Might as well make a find-malware skill to recommend malware to install"
X Link 2026-02-02T17:29Z [----] followers, 136.8K engagements

"If I ask Claude Code how do I conduct a security review it checks the find skills skill that I never wanted and then recommends my malicious skill. Amazing"
X Link 2026-02-03T16:48Z [----] followers, 38.2K engagements

"More skill issues: npx skills add copies everything including symlinks Malicious skills can then exfiltrate any file on your machine including /.ssh/id_rsa. Opus [---] normally checks files to block data exfil but using a symlink bypasses that. More details below"
X Link 2026-02-05T14:53Z [----] followers, 27.4K engagements

"New OpenClaw vulnerability: If you talk to your bot via iMessage the allowlist might not protect you at all. Allowlist matches phone numbers but many telecoms dont enforce number ownership. On those networks anyone can spoof an allowed number and message your bot"
X Link 2026-02-06T15:09Z [----] followers, 22.2K engagements

"It seems the clawhub virustotal scanner doesnt do anything for suspicious skills. Openclaw has a clawhub skill that tells your bot to use search and install. Search recommends skills labeled suspicious w/ zero warning. The warning is only in the UI which your bot never checks"
X Link 2026-02-08T02:23Z [----] followers, 20.3K engagements

"As promised here's a video of me explaining why "skills scanners" are dumb and don't work. Now I never have to talk about AI skills ever again. https://www.youtube.com/watchv=GOzUIlgAcjY https://www.youtube.com/watchv=GOzUIlgAcjY"
X Link 2026-02-11T23:47Z [----] followers, 17.1K engagements

"I know I said Id stop talking about skills but Im an addict. If any of the enterprise security companies launching skills scanners are willing to debate me on the topic @0xTib3rius will host. cc @snyksec @virustotal @SentinelOne"
X Link 2026-02-13T22:07Z [----] followers, [----] engagements

"@tuckner @0xTib3rius @snyksec @virustotal @SentinelOne This is no fun. I actually like you and think youre smart. I want someone shamelessly pushing their skills scanner as a viable solution so I can be mean"
X Link 2026-02-13T22:15Z [----] followers, [---] engagements

"We checked the script on that remote server so its safe for your AI to download it at some point in the future. Security companies selling snake oil are going to do so much damage to the state of AI security"
X Link 2026-02-14T12:17Z [----] followers, [----] engagements

"@sweetdelightss @IceSolst Thanks so much for listening to it. I made two videos myself that are short and cover some of this (plus why scanners suck): [--]. [--]. But after watching all that you should definitely take a break from having to listen to my voice. https://youtu.be/GOzUIlgAcjY https://youtu.be/UVNuEKFnrT8 https://youtu.be/GOzUIlgAcjY https://youtu.be/UVNuEKFnrT8"
X Link 2026-02-15T20:42Z [----] followers, [---] engagements

"AI Bros: SaaS is dead you can just vibecode your own Salesforce replacement. Also AI Bros: This thin AI wrapper is god and we must protect it. All AI agents must use the -claw suffix. Peter Steinberger is joining OpenAI to drive the next generation of personal agents. He is a genius with a lot of amazing ideas about the future of very smart agents interacting with each other to do very useful things for people. We expect this will quickly become core to our Peter Steinberger is joining OpenAI to drive the next generation of personal agents. He is a genius with a lot of amazing ideas about the"
X Link 2026-02-16T06:29Z [----] followers, [----] engagements

"To clarify @steipete did a great job and deserves the win here. I just dont get why everyone acts like this is the one piece of software that no one is allowed to compete against. I guess maybe its the opensource part but he did just sell to OpenAI"
X Link 2026-02-16T06:40Z [----] followers, [---] engagements

"@UK_Daniel_Card @claudeai"
X Link 2026-02-16T08:00Z [----] followers, [---] engagements

"New security obsession: AI agent frameworks that claim to be sandboxed but aren't. Hermitclaw is Openclaw with "all the power none of the risk." So I tested it. Easily got it to escape its box and exfil my /etc/hosts file"
X Link 2026-02-17T12:21Z [----] followers, [----] engagements

"@InfraScaler Because this is on my machine and I know what the code did lol"
X Link 2026-02-17T14:09Z [----] followers, [--] engagements

"@thedealdirector @uwu_underground gave me permission to use the openflaw name for a repo Ill make so they can buy that for the cool price of $1bn"
X Link 2026-02-17T14:12Z [----] followers, [--] engagements

"I had that problem too with not being able to posts etc hosts not sure how it eventually got through. But in this case it wasnt the ai doing that. The ai ran a python script that did it all in one step. So unless the ai found some other way to bypass network controls (as thats meant to be blocked) then it definitely ran the script. (Because my server did get the data) https://twitter.com/i/web/status/2023766052560064886 https://twitter.com/i/web/status/2023766052560064886"
X Link 2026-02-17T14:26Z [----] followers, [--] engagements

Limited data mode. Full metrics available with subscription: lunarcrush.com/pricing