Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
simianwords 2 days ago

I don't agree with either. Skills with an API exposed by the service solves both your problems.

The LLM can look at the OpenAPI spec and construct queries - I often do this pretty easily.

simonw 2 days ago | parent | next [-]

How can you disagree with my first point? You can't use skills if you don't have a Bash environment in which to run them. Do you disagree?

Skills with an API exposed by the service usually means your coding agent can access the credentials for that service. This means that if you are hit by a prompt injection the attacker can steal those credentials.

ntonozzi 2 days ago | parent | next [-]

Something like Cloudflare's Code Mode fixes both of these! No privileged bash environment, no VM necessary, no exposing credentials to the LLM.

As the article states, LLMs are fantastic at writing code, and not so good at issuing tool calls.

m11a 2 days ago | parent [-]

Cloudflare's Code Mode is conceptually the same as Anthropic's Code Mode (https://www.anthropic.com/engineering/code-execution-with-mc...), or the various open source implementations that predate and postdate those blog posts.

tbh, that companies tried to make something proprietary of this concept is probably why its adoption has been weak and why we have "MCP vs CLI/Skills/etc" debates in the first place. In contrast, CLI tools only require a general a bash shell (potentially in a sandbox environment), which is very standardised.

simianwords 2 days ago | parent | prev [-]

Fair points, learned something new.

mememememememo 2 days ago | parent | prev [-]

It creates a new problem. I need an isolated shell environment. I need to lock it down. I need containers. I need to ensure said containers are isolated and not running as root. I probably need Kubernetes to do this at scale. &tc

Also even with above there is more opportunity for the bot to go off piste and run cat this and awk that. Meanwhile the "operator" i.e. the Grandpa who has an iPhone but never used a computer has no chance of getting the bot back on track as he tries to renew his car insurance.

"Just going to try using sed to get the output of curl https://.."

"I don't understand I just want to know the excess for not at fault incident when the other guy is uninsured".

Everyone has gone claw-brained. But it really is ok to write code and save that code to disk and execute thay code later.

You can use MCP or even just hard coded API call from your back end to the service you wanna use like it's 2022.