At first glance, this feels like just an internal testing prompt at their company for some sort of sales pipeline. Feels more like an accident. None of the referenced files are actually in the repository. If the prompts had more of a "If the user mentions xyz, mention our product" that would absolutely give more credence that this is an advertising prompt, but none of that is here.
Gavriel (creator of NanoClaw) here. This is the correct answer. It's more dogfooding than testing though.
This is describing the structure of an Obsidian vault that is mounted in the container as an additional directory that claude has access to. Me and my co-founder chat with NanoClaw in WhatsApp and get daily briefings on sales pipeline status, get reminders on tasks, give it updates after calls, etc.
I accidentally committed this - if you look at the .gitignore (https://github.com/qwibitai/nanoclaw/blob/main/.gitignore) you can see that this specific file is included although the folder it's in is excluded. There's some weirdness here because the CLAUDE.md is a core part of the project code that gives claude general context about the memory system, but is then also updated per user.
Interesting tidbit is that adding instructions for this specific thing (additional directory claude is give access to) is no longer necessary because claude now automatically loads the CLAUDE.md from the added directory.
Gonna change things so it uses CLAUDE.local.md for user-specific updates and the regular CLAUDE.md is static. This will help prevent this from happening to contributors.
CLAUDE.local.md is deprecated but I'm sure anthropic will continue supporting it for a long time.
I did this trick at work where I use git worktrees and my team does not yet.
There's the common team instructions + a thing that says "run whoami and find the users name, you can find possible customizations to these instructions in <username>.md" and that will be conditionally loaded after my first prompt is sent. I also stick a canary word in there to track that it's still listening to me.
I saw this too and immediately thought: well, they published this on GitHub which surely has a clause that grants it a license to use the code for training Copilot for Microsoft at a minimum, sooo should've published on another Git platform.
> This repository is a public mirror. All development is happening elsewhere.
So if I have code on a personal (but publicly exposed) git server with a license that includes the above quoted terms, and someone decides they want to be helpful and publish a public read-only mirror of my code to GitHub, then they’re allowed to accept that license on my behalf? I never did a thing and yet I’m now in a contract with Microsoft? How does this work legally?
1. Microsoft does not gain the license, but will be able to argue that they aren't intentionally committing copyright infringement in the cases where that distinction matters.
2. If Microsoft does something resulting in damages because they thought they had a license, their indemnification clause kicks in and they can recoup those damages from the user who uploaded it (to the extent that that user doesn't go bankrupt anyways)
3. Likely none of this matters because your license can't prevent activities that weren't prohibited by copyright in the first place, and training doesn't appear to be a prohibited activity at least under US law.
When code is published on GitHub, GitHub itself is not bound by the public-facing license, but rather license grants the uploader aggress to as part of the terms of service. That points to the uploader as a responsible party.
In practice though, none of that is even remotely enforceable.
> You grant us and our legal successors the right to store, archive, parse, and display Your Content, and make incidental copies, as necessary to provide the Service, including improving the Service over time. This license includes the right to do things like [...] or otherwise analyze it on our servers; share it with other users
That could be boilerplate legalese for "obviously we need access to your code if we're to display and share it (as is the purpose for a public git host)"
You joke, but that's a very real approach that AI pentesting companies do take: an agent that creates reports, and an agent that 'validates' reports with 'fresh context' and a different system prompt that attempts to reproduce the vulnerability based on the report details.
*Edit: the paper seems to suggest they had a 'Triager' for vulnerability verification, and obviously that didn't catch all the false positives either, ha.
At my first job, all the applications the data people developed were compulsorily evaluated through Fortify (I assume this is HP Fortify) and to this day I have no idea what the security team was actually doing with the product, or what the product does. All I know is that they never changed anything even though we were mostly fresh grads and were certainly shipping total garbage.
It's like, when you say agents will largely be relegated to "triage" --- well, a pretty surprising amount of nuts and bolts infosec work is basically just triage!
Big fan of https://github.com/synzen/MonitoRSS, not mentioned in the article. I self host at home and it sends feed updates to my own Discord server. I appreciate the customization for how the feed notification appear in Discord.
I work both cybersec + fun/research, LOVE this resource and lucky to have come across it here. Subscribed via email & looking forward to RSS. Thanks for sharing it here!
Thanks so much, that really means a lot! I'm actively upgrading the feed right now: more vendors, faster signal (closer to real-time), and smarter triage to cut through the noise.
I’m also shaping a Pro tier and would love your input. Some of the things I’m working on:
There are multiple 'National Archives' across the country: https://www.archives.gov/locations Looks like this only affects the one in College Park, MD.
Really wish people didn't continue to misunderstand the concept of wealth & having cash. First sentence of the article:
> Back when Elon Musk had a bank account with merely one billion dollars in it he had to borrow money from the federal government to get his fledgling EV automaker off the ground. In January of 2010 the Department of Energy's Loan Programs Office floated Tesla $465 million ...
> The Verizon Call Filter app uses the endpoint hxxps://clr-aqx.cequintvzwecid.com/clr/callLogRetrieval to lookup call history for the authenticated user and display it in the app.
Have you ever seen a more internal-looking domain name?
It does look very internal, but the root domain name is more comprehensible than it might appear.
Cequint is a company that provides caller ID services. "Vz" is short for Verizon. "Cid" is short for caller ID. That only leaves "we", which probably refers to either
"wireless" or "web" in some way, e.g. wireless/web "edge" or "endpoint".
The domain is therefore the Cequint Verizon Wireless (Web?) Edge Caller ID endpoint.
I don't know what clr or aqx are, though. (I assume CLR is not Microsoft's Common Language Runtime, but I suppose it could be. I know at least one company that likes to name services after the technology used to implement them.)
though it seems a little strange that the name of the endpoint would be repeated three times across the URL (including domain name), it looks like CLR stands for "call log retrieval"
I don't get that at all. I understand this to point to an attempt at scrubbing information that could lead back to him personally -- but done poorly as Krebs pointed out that other personal photos continued to exist on the Facebook account afterwards.
