codevoid.de/1/hn/comments_48509844.gph

        _______               __                   _______
       |   |   |.---.-..----.|  |--..-----..----. |    |  |.-----..--.--.--..-----.
       |       ||  _  ||  __||    < |  -__||   _| |       ||  -__||  |  |  ||__ --|
       |___|___||___._||____||__|__||_____||__|   |__|____||_____||________||_____|
                                                             on Gopher (inofficial)
  HTML Visit Hacker News on the Web
       
       
       COMMENT PAGE FOR:
  HTML   SkillSpector
       
       
        jacobgold wrote 5 hours 22 min ago:
        This approach seems useful for validating certain kinds of skills, but
        I worry that it provides a false sense of security. It is a bit like
        antivirus software. It might be better than nothing, but it is hard to
        know how much better.
        
        Skills are ultimately just prompts, and agents execute code based on
        what is in them. If agents running skills can write code, execute
        commands, and reach the internet, it is virtually impossible to prove
        they are trustworthy.
        
        When we download programs, we trust that the companies who wrote them
        did not add malicious code. We do have some ways of detecting malicious
        code, but software distribution is still mostly a trust-based system.
        
        My recommendation is not to run skills from any source you would not
        download and execute code from.
       
          0gs wrote 3 hours 15 min ago:
          skills can include python files that do whatever in subfolders. it's
          actually pretty crazy how much they can do for how blindly a lot of
          people import them. (i built basically this exact same thing a few
          months ago)
       
          DonsDiscountGas wrote 4 hours 15 min ago:
          True but supply chain attacks are real. A good security plan needs
          multiple layers, this seems like a good one to include.
       
          TZubiri wrote 5 hours 16 min ago:
          It seems redundant as well, if it were complementary, like LLM
          reviewing code or code verifying LLM, then that's defense in depth.
          
          But LLM reviewing LLM? I think if the review LLM catches it, then the
          executing LLM would refuse to run it, and if the prompt fools the
          executing LLM, it will probably fool the reviewing LLM.
          
          Also it looks very silly? Like I know it sounds like a joke, but
          optics matter, imagine you are getting paid a salary in tender money
          to feed your family, would you really want to get caught with this
          anywhere in the chain at all? Regardless of whether it contributed to
          the vuln, or just failed to catch it, will you defend your role in a
          company with this? Unless you are deep into the AI is a god/gold
          mine, it sounds like buffoonery.
       
       
   DIR <- back to front page