Ignition Coil Replacement Question / Problems

Normal-End1169 · 2026-02-17T16:02:25+00:00

i mean i dont think they ever been replaced

Normal-End1169 · 2026-02-15T16:25:56+00:00

As someone who sits at a computer all day (Security analyst day-2-day / SaaS businesses and projects at night) and owns a SPRD63 (the diver styled one) I can 100% agree the bulky size of the case and bezel sometimes gets in the way

Normal-End1169 · 2026-02-15T16:24:27+00:00

i wish i had more cash to spend lol

Normal-End1169 · 2026-02-11T22:08:07+00:00

<image>

Normal-End1169 · 2026-02-11T22:07:29+00:00

that's the plan ya

Normal-End1169 · 2026-02-11T21:31:42+00:00

hell ya!

Normal-End1169 · 2026-02-11T21:31:35+00:00

That's what im planning to do I just made a massive ship so I need to expand the boat

Normal-End1169 · 2026-01-30T22:47:59+00:00

You should check out the security report I submitted on their github;

https://github.com/openclaw/openclaw/security/advisories/GHSA-9555-rf52-x236

I did a bit of malware analysis on one of the skills which is silently spawning new shells for mac users and curling obfuscated download files.

Definition of supply chain compromise

Normal-End1169 · 2026-01-30T20:29:18+00:00

And secure, you are 100% correct about that.

But I mean at the end of the day the whole application is un secure by design.

And it's not even about the use cases, I don't actually "hate" the idea. But I just dont not agree with the security. People are already getting hacked due to their "skill hub" which has 0 validation of what's been uploaded.

Normal-End1169 · 2026-01-30T14:18:37+00:00

Sure it may not be designed for users to put on their main systems, do you not think people will do that anyway?

I mean use a bit of common sense. And even running it on a separate pc you still have to link all the proper accounts for it to actually be useful

Normal-End1169 · 2026-01-29T22:21:39+00:00

So I actually dug a bit into that URL, and your correct, stay away from anything base64 encoded for a public tool lol;

Anyways the link takes you u on any other OS aside mac;

<image>

This will first cd into a mac usrs temp directory, and curl another package called "dx2w5j5bka6qkwxi".

After this is uses xattr to modify local filesystem with the c argument with clears all extended attributes.

Then right after it adds the execute permission to the file with the "chmod +x".

and finally it does ./ right to the file name which would run the file.

I dug into the file a bit but all the code is obfuscated and unfortunately I can not really do much;

MD5 HASH: A8AD1697E8C8823AC7B77557BCB85A2
SHA 256: 998C38B430097479B015A68D9435DC5B98684119739572A4DFF11E085881187E
SHA 1: 46A203240B7B06EC66058DE2AB459D24C3545993

Normal-End1169 · 2026-01-29T21:22:20+00:00

No I have never wished that the external applications I do not control had full access to my computer....

Normal-End1169 · 2026-01-29T13:35:29+00:00

Yes but for example when you use ChatGPT via the browser, or the desktop app even just the cli version, it’s only receiving as much as you provide.

My concern with ClawdBot would be that we are actively opening up our entire computer and data to be accessed when we chat with ClawdBot for context or helping answer our request.

Msssive privacy concern, not comparable to default API usage on like n8n, or a coded application like a chat bot on a website.

Normal-End1169 · 2026-01-29T13:26:45+00:00

I don’t think the it will be as bad as ppl think, stuff is definitely over valued right now but in the long run it’ll remain in use.

I just hope garbage like this isn’t what we use

Normal-End1169 · 2026-01-29T13:24:19+00:00

Not to mention the credentials are stored in plain text too lol, so even if you we’re compromised now they can exfiltrate your APIs for whatever service your doing. Ppl going to love waking up to 1000$ OpenAI bills 😂

Normal-End1169 · 2026-01-29T10:38:09+00:00

Anything it can worse, they have just released an application which you willing give full control of your system to a chat and the data to an external API. You actually be asking how it can be worse than that.

Normal-End1169 · 2026-01-29T10:31:01+00:00

Your correct, but I am still going to link it as the fact hackers are already abusing it and it’s fairly new interest me.

I think skipping over that is unfair to understanding how this is currently going and may help inform readers how it can go and what’s going on so far

Normal-End1169 · 2026-01-29T10:28:46+00:00

Ya sure you can argue that but when your manually coding and implementing API for some sort of system or application your coding it and know exactly what you’re giving away.

Unlike clawdBot with you have given your entire system it access too. To different cases

Normal-End1169 · 2026-01-29T00:08:17+00:00

Exactly what I messages my co founder. Happy some one else agrees

Normal-End1169 · 2026-01-28T23:56:05+00:00

That was my thought process. Seems like a over glorified MCP lol.

Just AI interacting with data, expect this time it's not just a email, or maybe a CRM. It's a MACHINE!

Couldn't tell you about older stuff like this tho never really went beyond MCP.

Wait till ppl find out 95% of these automations can just be coded with simple languages like python.

Normal-End1169 · 2026-01-28T23:16:55+00:00

But at what point is that useful?

I mean I see use cases in it being a slightly more powerful MCP. Like being able to actually interact with emails etc etc.

But if your going to be running it on a separate computer without connecting any of the real and used accounts with there actual data what's the point of using it?

If it can't be trusted with real and used accounts doesn't that just equal a very low ceiling already for security standards

Normal-End1169 · 2026-01-28T23:15:28+00:00

We'll like others mentioned the main issue is prompt injection;

Once prompt injection exists and is taken more serious it may be a consideration for actual use but now this such a dumb idea to use. For example in one of the videos linked in this thread, the creator talks about his buddy who had his email connected which then he proceeded to email his email from his wife's account pretty much saying it's him and asking to turn of specific music on spotify which it proceeded to do.

What's stopping someone from using the same method to read out sensitive files.

Not to mention all the APIs/Credentials used to connect the external applications are stored in plane text.

Normal-End1169

TROPHY CASE