https://x.com/bcherny/status/2044847848035156457

Tips for Opus 4.7

Enable Auto Mode (Shift-Tab in CLI or dropdown) - No need for --dangerously-skip-permissions anymore. Run long complex tasks (refactoring, research, features) without babysitting or constant prompts — safe auto-approval for most commands.

Use /fewer-permission-prompts skill: Scan session history and add safe repeated commands to your allowlist to reduce interruptions.

Leverage Recaps & Focus Mode (/focus): Quick session summaries when returning + hide intermediate steps to see only final results

Tune Effort Level: Set to xhigh for most work, max for hardest tasks (/effort) for better intelligence vs speed.

woooo 2 prompts for my first experiment and already hit 9% of the 5 hour limit 😂😂😂

EDIT: testing on my claude pro sub-account (15/mth trial for 3 months)

https://x.com/claudeai/status/2045156267690213649

Claude Design: Figma Killer?

for those of you who are into genAI, here’s a useful prompt gallery site

https://veosoragen.com/

Codex users, try this out

gives you more aesthetic front-end websites instead of the usual AI website templates.

https://github.com/Leonxlnx/taste-skill

https://x.com/ohryansbelt/status/2045873788051415287

if you are using vercel, pls rotate your .env keys.

sunday night - becoming tech support 😭😭😭

TL;DR: Vercel Security Incident report by the CEO

• A hacker got into Vercel after an employee’s work account was compromised through another AI tool (context.ai)

• The attacker was highly sophisticated, significantly accelerated by AI accessed some internal systems but customer data impact was very limited.

• Vercel is now tightening security, adding new tools, and telling everyone to update their secret keys.

Feels like someone got early access to Mythos.. I don’t think we are ready for what’s to come

https://x.com/rauchg/status/2045995362499076169?s=46

OpenAI’s latest GPT-Image-2 vs Nano Banana 2.

Looks like an huge jump.

They’ve started rolling it out in phases. Have you manage to try it out yet?

https://x.com/old_pgmrs_will/status/2045379349399101707

https://x.com/alchainhust/status/2046192558666342720?s=46

The chinese reversed engineered Claude design, open source and usable with Any model, out tomorrow!

https://x.com/weezerOSINT/status/2046170666131669027

If you’ve used lovable, be careful.

with a free account someone was able to access all your source code, database credentials, Ai chat history and customer data. the funny part is that it was reported > 1 month ago and still not fixed.

https://obsidian.md/clipper

If you are using obsidian / running your own secondbrain/llm-wiki , you NEED to use this skill.

one-click scrapes whatever you are reading (x tweets, articles, even youtube transcripts!!) into your obsidian vault

https://x.com/spacex/status/2046713419978453374?s=46

Space might buy over cursor? Will be interesting to see how Elon integrates this into x’s grok.

- xAI providing GPU access from its Colossus supercomputer to help Cursor train a top coding model, addressing xAI’s reported idle capacity and training hurdles including cofounder exits.

• The deal structure gives SpaceX an option to acquire Cursor for $60B later in 2026 or pay $10B for the collaboration, creating aligned incentives where Cursor gets compute resources and a high-upside exit path while xAI gains product distribution to engineers.

https://x.com/poezhao0605/status/2046747127309836329?s=46

Anthropic might have removed Claude Code for Pro plan users.

Get ready lads, $200/mth is going to be the new normal for frontier models.

Security 101: The Cost of Convenience

With the recent wave of exploits involving platforms like Vercel, Lovable, and Context, it is time for a reality check. The gold rush of plug-and-play AI agents is creating massive security blind spots in our workflows. Whether it is an enterprise suite or a trending GitHub repo, over-permissioning is a high-stakes gamble.

1. The “Checkbox everything” Permission Trap

Many AI agents require broad access to your entire workspace: Gmail, Slack, Notion, or local file systems, to maximize utility.

Giving a third-party tool full read/write access creates a single point of failure. As seen in the recent Mythos discussions, if their database is compromised, the attacker doesn't just get your login; they get your entire digital history.

2. Risks of Unvetted Open Source on GitHub

If you are pulling repos that haven't been reviewed, you are inviting an unverified guest into your system. Always inspect the code for obfuscated scripts or unexpected outbound calls before hitting install.

3. Local First & Isolate

Local LLMs: Use Ollama for sensitive tasks so data never leaves your machine.

Sandboxing: Use Docker or a VPS to isolate new agents from your primary environment.
Permissions: If a tool only needs to read a specific file, don't give it access to the root directory.

4. Audit Before You Automate

Before you hook a new agent into your OpenClaw setup or Second Brain database, ask:

> Does this tool actually need these permissions?
> Where is the data stored and who holds the encryption keys?
> How quickly can I revoke access if things go south?

Staying at the cutting edge shouldn't mean leaving the door unlocked. Build fast, but build secure.

Stay safe out there!

Mythos access figured out by a group on discord 😅😅

https://x.com/joshkale/status/2046774243799511156?s=46