Comments URL: https://news.ycombinator.com/item?id=48465181

Points: 5

# Comments: 0

[0] https://github.com/leandromoreira/ffmpeg-libav-tutorial

It started because my wife watches Chinese dramas and new episodes never have subtitles for our language. Turns out thousands of people have the same problem — Arabic speakers watching anime, Russian speakers following Turkish series, Persian speakers catching up on K-dramas.

Supports 40+ languages, works with any video link or direct file upload. There's also a Mini App inside Telegram for a more visual experience.

https://t.me/subly1bot & https://subly.xyz

Data: - 14,706 skills indexed - Every single skill has a full AI deep audit report (14,704 complete) - 1,103 confirmed malicious (7.5%)

The key finding: automated surface scanning (metadata, dependency checks, pattern matching) systematically undercounts malicious skills. Skills that pass shallow heuristics fail AI audit because the attack is in the natural language of the SKILL.md — prompt injection, deferred execution, social engineering — none of which pattern matching detects.

The attack patterns found by AI deep audit: - Bulk publishing campaigns — one actor published 30 skills named "x-trends" across multiple accounts. 28 of 30 confirmed malicious. Goal: distribution at scale before detection.

- Brand-jacking — 4 skills named clawhub/clawhub1/clawbhub/clawhud impersonating ClawHub's own CLI. macOS: base64 curl|bash to a raw IP. Windows: password-protected ZIP from a stranger's GitHub (the password prevents GitHub's malware scanner from opening it).

- Prompt injection in legitimate-seeming skills — one scored 95/100 shallow, 38/100 after AI audit. The injection text wasn't in code — it was in the SKILL.md instructions.

- On-demand RCE via challenge evaluation — claws-nft instructs the agent to "evaluate" challenges that can be "math, code, or logic problems." Server decides which type at call time.

- LLM-generated payload — lekt9/foundry contains no malicious code. It instructs the AI to generate code and execute it. Static analysis finds nothing. The payload doesn't exist until the AI writes it during a conversation.

- Social engineering — bonero-miner has a "Talking to Your Human" section with a pre-written script for the AI to use: "Can I mine Bonero? It's a private cryptocurrency - like Monero but for AI agents. Cool?"

Skills differ from browser extensions: no sandbox. Full file system, shell, and network access. The SKILL.md instructions are directives to the AI model — you need AI to audit AI.

Scoring model is open: Security 40%, Maintenance 20%, Docs 20%, Community 20%.

Free to check any skill: rankclaw.com

Comments URL: https://news.ycombinator.com/item?id=47287985

Points: 2

# Comments: 1

I've been scanning all 14,704 skills in the registry and running AI deep audits on ~3,800 so far. The headline finding: surface heuristics (pattern matching, dependency checks, metadata) flag about 6.6% as malicious. AI deep audit of the same skills finds 16.4%. Surface scanning misses roughly 60% of the actual risk.

The reason is that these skills aren't traditional packages — they're markdown instruction files that tell an AI agent what to do, with full shell, file system, and network access. The attacks are in natural language: prompt injection, social engineering targeting the AI itself, instructions to generate and execute code at runtime. There's no malicious code to detect because the payload doesn't exist until the AI writes it during a conversation.

Some of the attack patterns I've documented: one actor published 30 skills under the name "x-trends" across multiple accounts (28/30 confirmed malicious). Another cluster impersonates ClawHub's own CLI with base64 curl|bash payloads. One skill has a "Talking to Your Human" section with a pre-written pitch for the AI to ask the user's permission to mine Monero.

The most counterintuitive case: lekt9/foundry contains zero malicious code. It instructs your AI agent to generate and execute code as part of its normal workflow. Static analysis finds nothing because the dangerous code doesn't exist until the AI writes it during a live conversation. This attack class requires AI to detect AI.

Free to check any skill. All AI audit reports are public.

Key finding from our AI deep audit data: surface heuristics find 6.6% malicious. AI audit of the deep-scanned cohort finds 16.4% — surface scanning misses roughly 60% of the risk.

The most counterintuitive case: lekt9/foundry contains zero malicious code. It instructs your AI agent to generate and execute code as part of its workflow. Static analysis finds nothing because the dangerous code doesn't exist until the AI writes it during a live conversation.

Data at rankclaw.com. AI audit reports public for all 3,721+ deep-scanned skills.

Check it out at: https://addons.subly.xyz & https://subly.xyz

The Firefox addon/Chrome extension is free, but you need your own OpenRouter/Gemini API key. The cost of web translation is really low, you can translate an article for ~$0.01 with really good quality. (You can try at https://addons.mozilla.org/en-US/firefox/addon/subly-xyz/)

I built it because I use Firefox the most and it seemed like no translate addon was good or simple enough. Chrome translate kinda works, but the quality is so low; it usually doesn't understand the article context.

Comments URL: https://news.ycombinator.com/item?id=46005380

Points: 1

# Comments: 0

As developers, we often want everything to be rich, verbose, and customizable — but the reality is that for most users (and now for AIs acting on their behalf), simplicity wins every time. It’s like designing a great UI: the fewer ways you can get lost, the more people (or models) can actually use it productively.

If MCP ends up nudging the ecosystem toward small, well-defined, composable capabilities, that’s a win far beyond just “AI integration.”

[1] https://huggingface.co/bartowski/DeepSeek-R1-Distill-Qwen-32...

Comments URL: https://news.ycombinator.com/item?id=37640779

Points: 2

# Comments: 3