Yeah, but uvx has this thing where it can automatically build the latest environment, and pull the latest (unpinned) version, right?

My team was making fun of me for starting all my chats with "Hi Claude"

I wouldn't make fun, I just think it is interesting.

I'm really terse. If it asks me a yes or no question, I just type "Y" or "N".

If I want it to confirm something, I say "confirm it".

I think I treat it like a command system, and want it to be as short as possible.

Yeah, sharing information across Claude Code sessions really is a problem that needs solving. An urgent hack, where you're using Claude Code to debug and trying to get help from your team, is one such case.

Yeah, and this is a pattern I saw in the Fancy Bear Goes Fishing book, a lot of discovery of malware is either pure luck, or blunders from the malware developers. https://en.wikipedia.org/wiki/Fancy_Bear_Goes_Phishing

Agree, lots of hand wringing about us being so vulnerable to supply chain attacks, but this was handled pretty well all things considered

Sure, but this is a pretty onerous restriction.

Do you think supply chain attacks will just get worse? I'm thinking that defensive measures will get better rapidly (especially after this hack)

They will certainly get worse. LLMs make it so much easier.

Agreed, as proven quite brutally over the last two weeks and especially the last three days.

> Do you think supply chain attacks will just get worse? I'm thinking that defensive measures will get better rapidly (especially after this hack)

I think the attacks will get worse and more frequent -- ML tools enable doing it easily among people who were previously not competent enough to pull it off but now can. There is no stomach for the proper defensive measures among the community for either python or javascript. Why am i so sure? This is not the first, second, third, or fourth time this has happened. Nothing changed.

Not only do the tools enable incompetent attackers, they also enable a new class of incompetent library developers to create and publish packages, and a new class of incompetent application developers to install packages without even knowing what packages are being used in the code they aren't reading, and a new class of incompetent users who are allowing OpenClaw to run completely arbitrary code on their machines with no oversight. We are seeing only the tip of the iceberg of the security breaches that are to come.

So basically the attacker and the dev who caught it were probably using the same tools if the malware was AI-generated (hence the fork bomb bug), and the investigation was AI-assisted (hence the speed). Less "tip of the iceberg" and more just that both sides got faster.

100%

Yeah, this was my team at FutureSearch that had the lucky experience of being first to hit this, before the malware was disclosed.

One thing not in that writeup is that very little action was needed for my engineer to get pwnd. uvx automatically pulled latest litellm (version unpinned) and built the environment. Then Cursor started up the local MCP server automatically on load.

I think so, and I've seen other solutions too. The one in the OP is more general, as you say.

Have you tried Code Mode?

I don't understand the CLI vs MCP. In cli's like Claude Code, MCPs give a lot of additional functionality, such as status polling that is hard to get right with raw documentation on what APIs to call.

Prediction markets are interesting when they are predicting future things nobody knows for sure.

"Predicting" private, known information is the wrong use case.