| ▲ | anon84873628 2 hours ago | |
Can you help me understand which of these happened? 1) Open Claw has a Google OAuth client id that users are signing in with. (This seems unlikely because why would Google have approved the client or not banned it) 2) Users are creating their own OAuth client id for signing themselves into Open Claw. (Again, why would these clients be able to use APIs Google doesn't want them to?) 3) Users are taking a token minted with the Antigravity client and using it in Open Claw to call "private" APIs. Assuming it's #3, how is that physically accomplished? And then how does Google figure out it happened? | ||
| ▲ | hiuioejfjkf 22 minutes ago | parent [-] | |
its 3, openclaw author admitted it, you just point codex at an antigravity installation and ask it "figure out how to login like this thing" and it starts decompiling javascript and extracting ids/secrets | ||