Hacker News: davidcrowe

New comment by davidcrowe in "I found 10k GitHub repositories distributing Trojan malware"

davidcrowe — Fri, 19 Jun 2026 14:58:09 +0000

Yea, they removed the fork <24 hours after I reported it

New comment by davidcrowe in "I found 10k GitHub repositories distributing Trojan malware"

davidcrowe — Thu, 18 Jun 2026 21:29:24 +0000

Same thing happened to one of my repos in Feb. I wrote up the details with screenshots.

https://reducibl.com/writing/someone-used-my-repo-to-distrib...

Show HN: ACP – Governance for AI Coding Agents (Claude Code, OpenClaw)

davidcrowe — Mon, 06 Apr 2026 22:22:56 +0000

Hi. I'm David, founder of Agentic Control Plane (ACP).

Last year I connected an app to an LLM with a MCP connector. Turned out that authenticating the LLM user in the app backend was surprisingly hard.

That was the canary in the coalmine. If it's hard to authenticate actual users:

- what about their agents? - what about downstream governance? Permissions, limits, audit logs

ACP is a governance layer that sits in front of AI coding agents like Claude Code and OpenClaw. It runs on every tool call (Bash, Read, Write, file edits, web fetches, MCP, API calls). Every call is logged and optionally policy checked before execution.

It works by hooking into your agent's tool pipeline. For Claude Code, it's a PreToolUse hook (~200ms). For OpenClaw, it's a before_tool_call plugin at priority 0. The plugins are MIT-licensed and all governance logic runs server-side.

You get an audit trail and can set permissions and limits. Allow/ deny by tool or type of agent.

One-command install for Claude Code and OpenClaw:

curl -sf https://agenticcontrolplane.com/install.sh | bash

Comments URL: https://news.ycombinator.com/item?id=47668118

Points: 1

# Comments: 0

New comment by davidcrowe in "WebMCP Proposal"

davidcrowe — Tue, 17 Feb 2026 21:54:02 +0000

The difference is that MCP introduces a third party: the agent isn't the user and isn't the service, but it's acting on behalf of one to call the other. Standard HTTP auth assumes two parties. That's the gap the spec needs to address.

Show HN: GatewayStack – Deny-by-default security for OpenClaw tool calls

davidcrowe — Sun, 15 Feb 2026 23:14:17 +0000

I installed OpenClaw and pointed it at a project directory. Within minutes it had read my .env file. I tried adding a permissions skill to lock things down. The agent ignored it. Skills are advisory; the LLM can skip the check or be convinced by a prompt injection to bypass it.

So I built a plugin that hooks into before_tool_call at the process level. Checks run on every tool call: identity mapping, deny-by-default scope, enforcement, rate limiting, injection detection, and audit logging. The agent doesn't get a choice — governance runs before the tool executes.

Zero dependencies beyond Node.js. Adds <1ms per call. Works out of the box with no config, or customize with a policy file.

Comments URL: https://news.ycombinator.com/item?id=47028748

Points: 1

# Comments: 0

Someone forked my AI governance repo to distribute malware

davidcrowe — Wed, 11 Feb 2026 16:38:44 +0000

Article URL: https://reducibl.com/writing/someone-used-my-repo-to-distribute-malware

Comments URL: https://news.ycombinator.com/item?id=46977167

Points: 1

# Comments: 0

The three-party identity problem in MCP servers

davidcrowe — Tue, 02 Dec 2025 21:44:32 +0000

Article URL: https://reducibl.com/2025/12/01/the-three-party-identity-problem-in-mcp-servers.html

Comments URL: https://news.ycombinator.com/item?id=46127292

Points: 1

# Comments: 0