For example, I use codex to manage a local music library, and it was able to use the skill to open a YT Music tab in my browser, search for each album, and get the URL to pass to yt-dlp.
Do note that it only works for Chrome browsers rn, so you have to edit the script to point to a different Chromium browser's binary (e.g. I use Helium) but it's simple enough
On one hand, cool demo, on the other, this is horrifying in more ways than I can begin to describe. You're literally one prompt injection away from someone having unlimited access to all of your everything.
Not the person you're replying to, but: I just use a separate, dedicated Chrome profile that isn't logged into anything except what I'm working on. Then I keep the persistence, but without commingling in a way that dramatically increases the risk.
edit: upon rereading, I now realize the (different) prompt injection risk you were calling out re: the handoff to yt-dlp. Separate profiles won't save you from that, though there are other approaches.
Even without the bash escape risk (which can be mitigated with the various ways of only allowing yt-dlp to be executed), YT Music is a paid service gated behind a Google account, with associated payment method. Even just stealing the auth cookie is pretty serious in terms of damage it could do.
Agreed. I wouldn't cut loose an agent that's at risk of prompt injection w/ unscoped access to my primary Google account.
But if I understood the original commenter's use case, they're just searching YT Music to get the URL to a given song. This appears[0] to work fine without being logged in. So you could parameterize or wrap the call to yt-dlp and only have your cookie jar usable there.
Oh, that's true, even allows you to play without an account. I can swear that at some point it flat out refused any use unless you're logged in with an account that has YT Music (I remember having to go to regular YouTube to get the same song to send it to someone who didn't have it).
You get used to it :) And especially once you get used to the YOLO lifestyle, you end up realizing that practically any form of security is entirely worthless when you're dealing with a 200 IQ brainwashed robot hacker.
For now you are. All these things fall with time, of course. You will stop caring once you start feeling safe, we all do.
Also. AAarrgh, my new thing to be annoyed at is AI drivel written slop.
"No browser automation framework, no separate browser instance, no re-login."
Oh really, nice. No separate computer either? No separate power station, no house, no star wars? No something else we didn't ask for? Just one a toggle and you go? Whoaaaaaa.
Edit: lol even the skill itself is vibe coded:
Lightweight Chrome DevTools Protocol CLI. Connects directly via WebSocket — no Puppeteer, works with 100+ tabs, instant connection.
I feel like there's nothing fucking left on the internet anymore that is not some mean of whatever the LLM is trained to talk like now.
What can you do? I mentioned the use of AI on another thread, asking essentially the same question. The comment was flagged, presumably as off topic. Fair enough, I guess. But about 80% (maybe more) of posted blogs etc that I see on HN now have very obvious signs of AI. Comments do too. I hate it. If I want to see what Claude thinks I can ask it.
HN is becoming close to unusable, and this isn’t like the previous times where people say it’s like reddit or something. It is inundated with bot spam, it just happens the bot spam is sufficiently engaging and well-written that it is really hard to address.
As long as it’s gated and not turned on by default, it’s all good. They could also add a warning/sanity check similar to “allow pasting” in the console.
Relying on warnings or opt-ins for something with this blast radius is security theater more than protection. The cleverest malware barely waits for you to click OK before making itself at home, so that checkbox is a speed bump on a highway.
Chrome's 'allow pasting' gets ignored reflexively by most users anyway. If this agent can touch DevTools the attack surface expands far faster than most people realize or will ever audit.
> Most browser automation tools launch a fresh, isolated browser. This one connects to the Chrome you're already running
Is this the same as what Claude in Chrome does?
I tried that for a while and since I use Firefox and Chromium, the security problem of it seeing your tabs wasn't a big deal. Fresh Chrome install, only ever used for this exact purpose. Plus you can watch it working in real (actually very slow) time so if you did point it at something risky you can take over at any point.
For actual testing of web apps though, a skill with playwright cli in headless mode is much more effective. About 1-2k context per interaction after a bit of tuning.
To be clear, this isn't a skill for the devtools mcp, but an independent project. It doesn't look bad, but obviously browser automation + agents is a very busy space with lots of parallel efforts.
DevTools MCP and its new CLI are maintained by the team behind Chrome DevTools & Puppeteer and it certainly has a more comprehensive feature set. I'd expect it to be more reliable, but.. hey open source competition breeds innovation and I love that. :)
(I used to work on the DevTools team. And I still do, too)
This was actually entirely vibe coded by Sonnet 4.6, with a lot of me yelling at it!
It's essentially a SolidStart SPA with virtualized scrolling and a few other tricks (even I don't know most of them!). Vector search is entirely client-side with transformers.js and CLIP. The first load is quite slow unfortunately, cause it has to download the index of photo id -> link (~7 mb last time i checked), and same for searches, as it has to download the vector index (~28mb) and embedding model the first time. Caching is pretty good though.
I was previously using [Lychee](https://lychee.electerious.com/), which worked well but wasn't really suited for this use case. So I scrapped it and started from first principles with Claude. This entire task only used up 50% of my 5-hour quota on the $20 plan!
Since the site itself is an SPA and images are static, using a VPS is overcomplicating things since I (well, Claude) am essentially just using Caddy as a glorified CDN. But I had free DigitalOcean credits since I'm a student, and where else can I host 40 gigabytes of photos for free?
All in all, this was definitely a very fun exploration of what someone who's technical[1] can do with Claude. The code is all open-source (but it's slop) at https://github.com/aadishv/catapp.
[1]: at least I'd like to consider myself technical!
I find it very ironic that Apple's Mac hardware is the best it's ever been, and some of the best (if not the best) in the entire industry, yet their software team seems intent on burning down their entire reputation. Maybe they think that's better than getting fired over the laughingstock that is Apple Intelligence
I wonder if this makes AI models particularly well-suited to ML tasks, or at least ML implementation tasks, where you are given a target architecture and dataset and have to implement and train the given architecture on the given dataset. There are strong signals to the model, such as loss, which are essentially a slightly less restricted version of "tests".
We've been doing this at work a bunch with great success. The most impressive moment to me was when the model we were training did a type of overfitting, and rather than just claiming victory (as it all too often) this time Claude went and just added a bunch more robust, human-grade examples to our training data and hold out set, and kept iterating until the model effectively learned the actual crux of what we were trying to teach it.
I'm certain this is the case. Iterating on ML models can actually be pretty tedious - lots of different parameters to try out, then you have to wait a bunch, then exercise the models, then change parameters and try again.
Coding agents are fantastic at these kinds of loops.
I feel like that's the whole point of the OP. I agree with the overall post but mentioning the ICE relationship seems to detract from the main point.
"I hate GitHub because X Y and Z features are bad" is a good reason to move away; "I hate GitHub because one of their thousands of enterprise customers does not align with my political views" is not, in my opinion.
People protesting ICE do not do so out of political concern, but humanitarian concern.
This seems like a minor nitpick as those two are intimately tangled up, but it matters to make the distinction. Standing up for others is not petty or self-serving and that's exactly what this sort of conflation can falsely imply.
Just because people have a revolutionary fetish and fantasize about being the ones to stop Hitler in 1933 (they would not have) does not make their delusions a reality. These dorks make anti-establishment vibes so lame. Just because you say something doesn’t make it real.
Hello there (new-account){name}{number}! When did you discover that {you, a real person} believed that the only way to protect the {women!} and {children!} was this new agency founded under Bush in the wake of 9/11?
Did you know that all {women!} (over 12 million every year) are actually most endangered by their intimate partners, who are predominately within their same race and class?
Do you think this is more or less concerning than this inflammatory anecdata you've created an account to provide? Do you think that domestic violence prevention (less than 1 billion) should be more or less well-funded than ICE (170 billion)?
> (Under the Trump admin): Teams responsible for violence prevention have been decimated, and a reorganization of the Department of Health and Human Services has eliminated divisions wholesale.
It's virtue signaling plain and simple. People who crafted their identities around the current thing in ~2017 are religiously attached to having to be part of the in group and can't let it go, and it inevitably bubbles up like this.
This will no doubt rankle those who align with that group, but they are a pathetic remnant of a terrible period of rampant sociopathy.
Though you will no doubt assume you're getting downvoted because you're speaking truth to sociopaths, I just wanted to say I'm downvoting you because your comment violates multiple HN guidelines. Reminder, those are here:
It's disappointing to see such a long-term community member engage so thoughtlessly. I know the guidelines also say I should just flag and move on, but this will only reenforce your narrative, and I am hoping to break the cycle.
Politics in the US is so extremely binarized these days that I think it’s hard to assign motive for political issues beyond “my friends say that our team feels this way.” Which I would argue is much more political than anything fundamental.
If they had not mentioned github's association with ICE,
then we'd be in a situation where everyone would be questioning whether or not the relationship had anything to do with the decision.
You got one. And how many good neighbors were dragged out of their cars, how many parents torn from their children, and how many American citizens wrongly harassed or dragged out of their houses for it? How many preachers praying peacefully in the streets were shot in the head?
This is not, and has never been, about the murderers. The murderers are the excuse, the people who are actually being harassed and brutalized are not them. And as mentioned, many of them are American citizens.
You can support sane border policies without also supporting racial profiling, the militarization of our cities and warrantless searches and detention. These two things don’t have to be mutually exclusive, but arguably much of what ICE has represented recently is what many people would consider to be unconstitutional behavior.
Ok, if you want to go down this road, should I start posting articles of religious leaders caught raping children? Should we be spending 170 billion a year trying to shut down all churches?
One or the biggest ironies in US politics to me is the complaints about the degradation of the rule of law in this country under Trump. While simultaneously arguing that federal immigration law should be actively ignored and blocked by cities and states. Of course the details are all messy and complicated. But if you feel both of those things are true, you owe it to yourself to take a moment and reflect on the irony of your own views. Empathy for people you disagree with is in dangerously short supply these days and is fundamental to a functioning democracy.
There is a lot of complaints about Zed in the comments here. I don't think that they are "hate", per se; they all definitely care about Zed and want it to succeed.
I daily drive Zed for work across several languages and I love it. I use a lot of its features, like the git interface, agentic editing, etc. I might even consider paying for Pro in the future if I want unlimited edit predictions.
However, all of these complaints are fully justified. I think Zed is a massive undertaking, only one that a VC-backed company has the capital to do. iirc, it requires 70k lines of Rust just for the cloud part [1]. I cannot fathom the amount of fundamental infrastructure they have to get the editor functional at all. That doesn't excuse all of the papercuts in Zed though.
If I were Zed I would do the following:
1. stop all work on future features, like DeltaDB etc. They all seem extremely cool but they won't meaningfully contribute to increasing Zed adoption or fixing its issues.
2. remove all agentic editing features. if Zed tries to simultaneously become the world's best agentic editor and a good general-purpose text editor, it will fail at both. Keep around ACP so users can still use other agents, but remove all of Zed's built in agent stuff.
3. fix literally every papercut. Triage every single issue and go through every PR, even if it will take half a year to do so. People won't switch to Zed until it's perfect, and the existence of this many issues means it's not perfect enough.
4. make extensions actually good. Every programming language, library, etc. has it's own ecosystem, and many such ecosystems mainly rely on VSCode extensions for advanced features. Zed needs to be extremely extensible like VSCode is; obviously its architecture makes this slightly harder, as it's nontrivial, for example, for extensions to render their own GUI, but there are a lot of low(er)-hanging fruit for extensions that need to get solved. People will only switch to Zed if they can get a similar breadth of ecosystems.
Of course, this won't happen, and given that none of these will really make them money, Zed has no incentive to focus on these, especially given the amount of time they would need to do this. But I think that if Zed can't nail the core experience, it won't get anywhere.
https://github.com/pasky/chrome-cdp-skill
For example, I use codex to manage a local music library, and it was able to use the skill to open a YT Music tab in my browser, search for each album, and get the URL to pass to yt-dlp.
Do note that it only works for Chrome browsers rn, so you have to edit the script to point to a different Chromium browser's binary (e.g. I use Helium) but it's simple enough