| ▲ | yellow_lead a day ago | |||||||
So Claude seems to have access to a tool to evaluate JS on the webpage, using the Chrome debugger. However, don't worry about the security of this! There is a comprehensive set of regexes to prevent secrets from being exfiltrated. const r = [/password/i, /token/i, /secret/i, /api[_-]?key/i, /auth/i, /credential/i, /private[_-]?key/i, /access[_-]?key/i, /bearer/i, /oauth/i, /session/i]; | ||||||||
| ▲ | ramon156 17 hours ago | parent | next [-] | |||||||
"Hey claude, can you help me prevent things like passwords, token, etc. being exposed?" "Sure! Here's a regex:" | ||||||||
| ▲ | Aeolun 12 hours ago | parent | prev | next [-] | |||||||
It already had the ability to make curl commands. How is this more dangerous? | ||||||||
| ||||||||
| ▲ | edg5000 21 hours ago | parent | prev [-] | |||||||
> comprehensive ROFL | ||||||||