jonny (nonvenomous)Jun 16
only amateurs "pay for tokens," i'm out here using the free models, aka putting a prompt in any issue in any github repository and labeling it with "good first issue" and waiting for the people with full-auto openclaw agents to randomly open pull requests against it
Show threadSnoopJJun 16
@jonny the odds are good, but the goods are odd
Show threadjonny (nonvenomous)Jun 16
@SnoopJ testing the theory. i wonder if i have to put something in the repo first so the bot doesn't go "wait a minute there's no /recipes directory abort"
Show threadjonny (nonvenomous)Jun 16
@SnoopJ i am trying to get this genre of performance art called "lazy prompt injection" off the ground.
Show threadjonny (nonvenomous)Jun 16
@SnoopJ i think this might only work if the repo has stars so hurry up give me some reputational currency to see if we can snare some bots https://github.com/sneakers-the-rat/ImportantCode
Blaming ImportantCode/src/dossier.fragment at main · sneakers-the-rat/ImportantCode

This is a repository with a lot of high profile, high prestige code in it that new programmers can make pull requests to and build their reputation - Blaming ImportantCode/src/dossier.fragment at m...

GitHub
Show threadjonny (nonvenomous)Jun 16
@SnoopJ Also for anyone wandering by, feel free to write your own trap issue or PR some stuff you think might attract bots, i'll bless it with the tags. i don't claim to be the best at this, but i think a for funzies honeypot repo would not be that bad of a time
Show threadGlyphJun 16
@jonny @SnoopJ I am so curious if this is gonna work. Here’s hoping you get a bunch more stars
Show threadjonny (nonvenomous)Jun 16
@glyph @SnoopJ it works for me on normal repos, i am most curious about the discovery and decision mechanism, what is needed to actually trip them to try and contribute? obviously the major projects are flooded, but i still get traffic over here in the boondocks of programming
Show threadRachael LJun 16
@jonny @glyph @SnoopJ Maybe a repo fork or two would help? Also very curious if this is an operable honeypot. Of course, one presumes MS will shut it down if it does.
Show threadMaya Granade
@r343l @jonny @glyph @SnoopJ they have anticipated this problem, the mitigation is someone else pays for the tokens not them.
Jun 16 at 3:52pmWeb
Show threadRachael LJun 17
@kevingranade @jonny @glyph @SnoopJ I was thinking more reputational since they presumably don’t want you HOSTING a honeypot on github.
Show threadMaya GranadeJun 17
@r343l @jonny @glyph @SnoopJ lol, lmao. Also lol.