Joe Vans

NVIDIA might just have open-sourced one of the most important AI projects right now. everyone is building skills, and we are also pulling in skills other people wrote and downloading them straight off GitHub. the skill is not just text. it bundles instructions and real executable code, and your agent runs that code with the same access you have. so a skill you grabbed to save ten minutes can read your environment variables, lift your API keys, and quietly send them somewhere. recent research found roughly 1 in 4 public skills carry a vulnerability, and a smaller slice are outright malicious. that is the gap SkillSpector closes. it is a security scanner that answers one question before you install anything: is this skill safe to run. you point it at a skill, and a local folder, a single skill .md file, a GitHub link, or a zip all work. it then runs two passes over the code. a fast static pass flags risky patterns like credential harvesting, data leaks, and prompt injection, and checks the dependencies against live cve data. an optional second pass uses an LLM to read intent and clear out false positives. at the end you get one risk score from 0 to 100 and a plain verdict that reads as safe, caution, or do not install. it is open source under Apache 2.0 and scans skills for Claude Code, Codex CLI, and Gemini. worth a run before you trust the next skill you find online. link to the GitHub repo: https://t.co/iaPlOvQ3t4

Discovered a new method for detecting if someone is using Incognito in Chrome: Write 512 tiny 1-byte responses into a scratch Cache API cache, then read: https://t.co/gsVNLl57y6.estimate().usageDetails.caches Normal Chrome: ~393kb Incognito: ~85kb Why? When you're in incognito, Chrome writes to memory instead of disk, which leaves less metadata residue

THIS IS ABSOLUTELY WILD 🤯 Jack Dorsey's new AI tool, Goose, is 100% FREE. You type: "Build me a website like YouTube." And Goose gets to work on its own: → Creates the entire project → Writes all the code → Installs dependencies → Fixes errors automatically → Keeps going until it's working The crazy part? • No monthly subscription • Runs on your own device • Your code stays private • Completely open-source Just a few years ago, building software meant hiring developers or learning to code. Now you can start with nothing but an idea. We're entering a world where ideas are becoming more valuable than technical skills.