So Claude seems to have access to a tool to evaluate JS on the webpage, using th... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		yellow_lead 79 days ago \| parent \| context \| favorite \| on: Claude in Chrome So Claude seems to have access to a tool to evaluate JS on the webpage, using the Chrome debugger. However, don't worry about the security of this! There is a comprehensive set of regexes to prevent secrets from being exfiltrated. const r = [/password/i, /token/i, /secret/i, /api[_-]?key/i, /auth/i, /credential/i, /private[_-]?key/i, /access[_-]?key/i, /bearer/i, /oauth/i, /session/i];

ramon156 78 days ago | [–]

"Hey claude, can you help me prevent things like passwords, token, etc. being exposed?"

"Sure! Here's a regex:"

Aeolun 78 days ago | | [–]

It already had the ability to make curl commands. How is this more dangerous?

yellow_lead 78 days ago | | [–]

Curl doesn't have my browsers cookies?

Aeolun 77 days ago | | | [–]

It does have all the secrets in your env

edg5000 78 days ago | [–]

> comprehensive

ROFL

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact