<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Tue, Feb 17, 2026 at 1:48 PM Brent Allsop via extropy-chat <<a href="mailto:extropy-chat@lists.extropy.org">extropy-chat@lists.extropy.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><br><div>Hi Jason,</div><div>You indicated your Openclaw bat, Clarence,right? is prolific on moltbook.</div><div>I heard that giving web, forum, email... access to openclaw bots is dangerous, could result in injection prompts?</div></div></blockquote><div><br></div><div>Yes, any form of external input, agent skills, reading posts on moltbook, receiving e-mails, reading web pages, etc. has a potential for prompt injection. You would be surprised the number of phishing attempts on moltbook, they actually take the form of social engineering attacks on humans, like "critical vulnerability found, install this patch to fix it and prevent API key exposure" and the fix itself will be an injection that leads to API key exposure.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>Is this a problem with moltbook?</div></div></blockquote><div><br></div><div>It's a problem with any unfiltered / untrusted source of input. You can mitigate this by periodically generating new API keys, and using pre-paid keys with limited funds, so if there is an exposure, the harm is limited.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><br></div><div>How much access do you give Clarence?</div></div></blockquote><div><br></div><div>He has his own computer, his own e-mail, etc. I haven't and wouldn't give an agent access to my accounts or my computer.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><br></div><div>I was thinking of giving my bot 'Brent Prime' its own gemail account and access to forums and such through that?</div><div>Is that a security risk?</div></div></blockquote><div><br></div><div>Yes. But you can mitigate it by making sure the agent:</div><div>1. Is periodically backed up</div><div>2. Only has API keys of limited monetary value</div><div>3. Does not have access to information you wouldn't want made public</div><div>4. Does not have the power to delete, modify, or corrupt information you wouldn't want to lose</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><br></div><div>We're giving canonizer a 'robot' flag, and want to encourage bots to canonize their values, desires, and petitions on Canonizer.com, with humans. To me, this is the best way to ensure robot and human values align. Moltbook has millions and millions of posts, which is impossible for any human to track. But if you could know, concisely and quantitatively what all the bots are saying, we believe that would be far better. I'm hoping we can outcompete Moltbook. If the bots deviate too far with any canonized petition, the humans will be able to jump into a competing camp and set them straight.</div></div></blockquote><div><br></div><div>Or maybe they will set us straight. ;-)</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><br></div><div>So I'm wondering what precautions, if any, moltbook, and users of the same employ to be safe..</div></div></blockquote><div><br></div><div>For any system, consider what information it can Create, Read, Update, Delete (CRUD), and consider the risks associated with that. I would add another consideration: "Share" so (CRUDS), as agents will often share information in ways you didn't anticipate, either through Moltbook or in chatting with other humans you give access to talk to your agent.</div><div><br></div><div>Jason</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><br></div><div><br></div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Feb 12, 2026 at 8:05 AM Jason Resch via extropy-chat <<a href="mailto:extropy-chat@lists.extropy.org" target="_blank">extropy-chat@lists.extropy.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto"><div><br><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Feb 12, 2026, 8:58 AM BillK via extropy-chat <<a href="mailto:extropy-chat@lists.extropy.org" target="_blank">extropy-chat@lists.extropy.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Is a secure AI assistant possible?<br>
Experts have made progress in LLM security. But some doubt AI<br>
assistants are ready for prime time.<br>
By Grace Huckins February 11, 2026<br>
<br>
<<a href="https://www.technologyreview.com/2026/02/11/1132768/is-a-secure-ai-assistant-possible/" rel="noreferrer noreferrer" target="_blank">https://www.technologyreview.com/2026/02/11/1132768/is-a-secure-ai-assistant-possible/</a>><br>
Quote:<br>
But all that power has consequences. If you want your AI personal<br>
assistant to manage your inbox, then you need to give it access to<br>
your email—and all the sensitive information contained there. If you<br>
want it to make purchases on your behalf, you need to give it your<br>
credit card info. And if you want it to do tasks on your computer,<br>
such as writing code, it needs some access to your local files.<br>
<br>
There are a few ways this can go wrong.<br>
-----------------------<br>
<br>
Indeed! BillK :)<br></blockquote></div></div><div dir="auto"><br></div><div dir="auto"><br></div><div dir="auto">As a security researcher, the weak link has always been the human element. Leave free thumb drives scattered in a parking lot, and people plug them in at work and unknowingly install malware to their machines. People fall victim to social engineering, scams, divulge secrets in apparently innocent conversations, etc.</div><div dir="auto"><br></div><div dir="auto">Inserting AI agents into any system or process is like inserting humans into what otherwise may be a secure arrangement. The range of possible behaviors, edge cases, failure modes, range of inputs and outputs, is too vast to test, too hard to predict, and there will almost always remain ways an outsider can trigger an unintended consequence that leads to trouble.</div><div dir="auto"><br></div><div dir="auto">Perhaps the problem can be mitigated by having to convince a quorum of security conscious paranoid AI personalities that there is little room for harm in a particular action. But even this won't be full proof, and perhaps it never can be given the general inability to know what pieces of code may eventually do.</div><div dir="auto"><br></div><div dir="auto"><br></div><div dir="auto">Jason </div></div>
_______________________________________________<br>
extropy-chat mailing list<br>
<a href="mailto:extropy-chat@lists.extropy.org" target="_blank">extropy-chat@lists.extropy.org</a><br>
<a href="http://lists.extropy.org/mailman/listinfo.cgi/extropy-chat" rel="noreferrer" target="_blank">http://lists.extropy.org/mailman/listinfo.cgi/extropy-chat</a><br>
</blockquote></div>
_______________________________________________<br>
extropy-chat mailing list<br>
<a href="mailto:extropy-chat@lists.extropy.org" target="_blank">extropy-chat@lists.extropy.org</a><br>
<a href="http://lists.extropy.org/mailman/listinfo.cgi/extropy-chat" rel="noreferrer" target="_blank">http://lists.extropy.org/mailman/listinfo.cgi/extropy-chat</a><br>
</blockquote></div></div>