Skills are ultimately just prompts, and agents execute code based on what is in them. If agents running skills can write code, execute commands, and reach the internet, it is virtually impossible to prove they are trustworthy.

When we download programs, we trust that the companies who wrote them did not add malicious code. We do have some ways of detecting malicious code, but software distribution is still mostly a trust-based system.

My recommendation is not to run skills from any source you would not download and execute code from.

But I can't think of a program more worthy of sandboxing when run with untrusted input than ffmpeg. It's a huge amount of C dealing with the most complicated video and audio codecs, which is notoriously impossible to get completely right.

But it's not actually that big of a problem. I run ffmpeg inside a VM or gVisor, and the end result is usually a video file that I'm perfectly willing to play in my browser, where it gets decoded in yet another sandbox because this shit is hard.

I had a Uber driver block my Waymo at an intersection in SF some months ago just to be an asshole. Apparently some other people have been attacked and robbed while in a Waymo.

Waymo should treat it like a security flaw that anyone can stop your car and there's nothing you can do about it.

Edit: yes, with WSL2 I believe in both cases.

I would have assumed almost everyone would get a Mac/Linux computer to use coding agents because Unix is their "native" platform. It's Bash tool calls all the way down.

Does anyone know a source for reliable data on what coding agent apps devs are using? How many are using Code Claude CLI vs Claude Desktop, etc?

We think the lack of a CLAW.md format is one of the biggest things holding asynchronous agents like OpenClaw back. Today, it's very difficult to make OpenClaw do a lot of useful stuff, which is why most people just give up.

We think that if there were a better way to share agentic cron jobs, there might be an explosion of people sharing their "claws" with their friends and coworkers.

Comments URL: https://news.ycombinator.com/item?id=48464847

Points: 5

# Comments: 1

You're assuming a single global database, which ignores the many alternatives.

My point above is that the simple solution ("traditional CRUD app") is actually viable even when the goal is very low latency.

"A few milliseconds is all it takes to update an issue in Linear. A traditional CRUD app doing the same thing takes about 300ms."

"Any data sent between the client and server costs hundreds of milliseconds."

There’s no solving the problem of a large RTT between an HTTP client and server when it’s due to the speed of light.

But what you can do is locate the backend near users and make sure it’s fast.

For example, it’s very possible to run a web app backend within ~10ms RTT of most users and have the backend render responses within ~10ms too.

In other words, you can absolutely create a traditional CRUD app where doing the same thing takes more like 30ms, not 300ms.

Yeah, it is left to a claw's tasks to be idempotent. A rollback mechanism could be interesting but many of the tasks have irreversible side effects. For example, you can't undo sending an email that has already been delivered.

So far it seems to be the case that by default most tasks are "naturally" idempotent. Even when there are minor issues, agents tend to come up with good workarounds, which is a very different kind of solution from how we've had to do it in the past.

It would be possible to add runtime options that enable certain environments to do fancy things like block-level snapshots/rollbacks, API level undos, etc. The spec for CLAW.md is designed to be simple but very flexible by letting claw runtimes define sandboxing and other advanced features.

"Your laptop, Mac mini, or a VM" -- is there a Clor-hosted option, or is it always on your own hardware? Do the tools run locally or are those hosted by you?

The tools run locally using the `clor` CLI and access Clor's own APIs as well as mail servers, DNS servers, etc.

The claws run entirely on your own computers, for now. There are a lot of trade-offs to running agents in the cloud, like not having access to local devices for home automation, using datacenter internet which is often blocked, being somewhat out of the user's immediate control, etc.

Running claws in the cloud is definitely part of the future though.

Clor ships a toolbox of CLIs that claws can call directly (but don't have to), grouped into simple areas like Inference (Claude/GPT/Gemini/OpenRouter), Web (search and scraping), Email (IMAP/SMTP), Drive (cloud storage), Pages (static web hosting, SPAs), Notifications, Social, Domains, Weather, and Secrets. This makes claws dramatically more efficient and deterministic.

The big AI companies have tried building some claw-like functionality, but I think they're missing that claws need to be their own first class primitive inside every agent. Today we're open sourcing the CLAW.md format. It's completely vendor-neutral, and we're hoping to work with other companies to improve it:

Website: https://agentclaws.io

GitHub: https://github.com/agentclawsio/agentclaws

Happy to get into the technical details or anything else. Thank you!

I also spent 20 years leading Linux infrastructure and distributed systems teams. Anyone who's written service daemons knows that most of what we think of as "always on" is really just wake up, do some work, and go back to sleep, which is an efficient pattern to use and reason about. Cron has worked this way for decades.

So I built Clor, a CLI that lets your coding agent create "claws", which are background agents that automate anything on a schedule and run on your laptop, Mac mini, or a VM.

A claw can be defined and shared as a single CLAW.md file, which contains a bit of metadata (name, schedule, personality, etc.) and one or more ordered tasks. Each task is a real agent run with full tool use, or a plain bash step. Anything you can ask your agent to do once, a claw can do repeatedly. One of my claws tidies my inbox every few minutes, labeling obvious spam, rescuing legit email that got mislabeled, and starring threads I owe a reply to, etc. It's way smarter than Gmail's filters because it actually reads my mail instead of just matching rules.

Installing is the usual command on Linux/macOS in the terminal: curl -fsSL https://clor.com/install.sh | bash. That will set up the CLI, a small scheduling daemon, and a skill that you can run from your agent, /claws in Claude Code or $claws in Codex.

Comments URL: https://news.ycombinator.com/item?id=48375347

Points: 11

# Comments: 5

Almost no one made serious attempts at competing with Google. And not because of network effects or any other hard blocker. In the early 2000s, the industry just wasn't mature enough to heavily fund serious competition.

By the 2020s the industry has funding and founders ready to jump on any huge opportunity that presents itself.

There are of course downsides, but this competitive landscape in AI seems like a huge net win for users in terms of lower costs and faster progress.

Comments URL: https://news.ycombinator.com/item?id=46951390

Points: 5

# Comments: 1

There are very good reasons things didn't go that way. But, as is often the case, the original vision had a very pure and strong idea in it that has been somewhat lost. It's still alive in helicopters, and some other air vehicles, but it'd be cool if future aircraft were more robust in this way.