It's a British word for someone or something that's ugly, dirty or unpleasant. Generally it was used to be derogatory about women - ie. "she's minging mate". I believe it originally came from the Scots, where the word 'ming' comes from the old Scottish English word for 'bad smell' or 'human excrement'. It was in wide spread use in the South of the UK while I was growing up.
I always heard minging as "eating pussy". I am not british nor lived there but I think I learnt that decades ago watching French and Saunders TV show from the BBC.
It's a very versatile word; minge, minger, minging, all meaning something different. (in order: vagina, ugly person, gross/disgusting, like Calypso Paradise Punch)
Can we not assume that the plan you just said “ok” to came from a user prompts you made earlier in the chat session and hence does influence this decision process.
Another point in the idea is that this trusted context can include even the AI replies up until there hasnt been a tool calls yet that brings back a response an attacker can control
But it’s entirely possible that there are edge cases here, a red teaming dataset to cover these cases shouldn’t be hard to create
1. You can issue your own tokens which means you can design your own authz in front of the upstream API token.
2. Macaroons can be attenuated locally.
So at the time that you decide you want to proxy an upstream API, you can add restrictions like endpoint path to your scheme.
Then, once you have that authz scheme in place, the developer (or agent) can attenuate permissions within that authz scheme for a particular issued macaroon.
I could grant my dev machine the ability to access e.g. /api/customers and /api/products. If i want to have claude write a script to add some metadata to my products, I might attenuate my token to /api/products only and put that in the env file for the script.
Now claude can do development on the endpoint, the token is useless if leaked, and Claude can't read my customer info.
Stripe actually does offer granular authz and short lived tokens, but the friction of minting them means that people don't scope tokens down as much.
I'm not sure I'm fully understanding you, but in my experience I have a few upstream APIs I want to use for internal tools (stripe, gmail, google cloud, anthropic, discord, my own pocketbase instance, redis) but there are a lot of different scripts/skills that need differing levels of credentials.
For example, If I want to write a skill that can pull subscription cancellations from today, research the cancellation reason, and then push a draft email to gmail, then ideally I'd have...
- a 5 minute read-only token for /subscriptions and /customers for stripe
- a 5 minute read-write token to push to gmail drafts
- a 5 minute read-only token to customer events in the last 24h
Claude understands these APIs well (or can research the docs) so it isn't a big lift to rebuild authz, and worst case you can do it by path prefix and method (GET, POST, etc) which works well for a lot of public APIs.
I feel like exposing the API capability is the easy part, and being able to get tight-fitting principle-of-least-privilege tokens is the hard part.
P.S.: The extension has as many permissions as Claude in Chrome itself. But, the only network requests from the extension are to posthog, just for us to know which features are being used.
reply