Liran Tal
@lirantal.com
🦄 Node.js Secure Coding: http://nodejs-security.com
🌟 @GitHub Star
🏅 @OpenJS Pathfinder award for Security
🥑 DevRel at @snyksec
🌟 @GitHub Star
🏅 @OpenJS Pathfinder award for Security
🥑 DevRel at @snyksec
Cross-site Scripting is a solved problem, eh...? that's why this bug bounty hunter scored $312,500 worth of stored/reflected XSS vulnerabilities on Meta’s systems
Youssef Sammouda (sam0) on X
$312,500 worth of stored/reflected XSS vulnerabilities in Meta’s Conversions API Gateway allowed Javascript code to run on any Facebook domain and millions of third-party websites. The flaw enabled zero-click Facebook account takeover and more: https://t.co/7gWpR4LQ8x
x.com
February 3, 2026 at 7:00 PM
Cross-site Scripting is a solved problem, eh...? that's why this bug bounty hunter scored $312,500 worth of stored/reflected XSS vulnerabilities on Meta’s systems
is there a remotion prompt hub? I'm not getting good results with just the remotion skills (or maybe it's just Gemini 3 on auto mode that is not pushing the work)
February 3, 2026 at 4:03 PM
is there a remotion prompt hub? I'm not getting good results with just the remotion skills (or maybe it's just Gemini 3 on auto mode that is not pushing the work)
אנחנו דוהרים מהר להיות בן האנוש המיעוט על הפלנטה
February 3, 2026 at 10:01 AM
אנחנו דוהרים מהר להיות בן האנוש המיעוט על הפלנטה
lol watching Gemini goes agentic and needs to google search like we used to is epic 😆
February 3, 2026 at 7:00 AM
lol watching Gemini goes agentic and needs to google search like we used to is epic 😆
I feel like I've been here before
February 2, 2026 at 7:00 PM
I feel like I've been here before
lol sassy little fella this clawdbot is
February 2, 2026 at 4:01 PM
lol sassy little fella this clawdbot is
חברים יש גרסה חדשה של railil עם לו״ז רכבת שגם כולל תחנות מעבר
מי שהתקין את ה skill עבור ה clawdbot שלו (איך אנחנו קוראים לבוטים עכשיו בעידן ה openclaw?) מוזמן לשתף אם זה נותן לו תוצאות טובות יותר בשיחה
מי שהתקין את ה skill עבור ה clawdbot שלו (איך אנחנו קוראים לבוטים עכשיו בעידן ה openclaw?) מוזמן לשתף אם זה נותן לו תוצאות טובות יותר בשיחה
February 2, 2026 at 10:01 AM
חברים יש גרסה חדשה של railil עם לו״ז רכבת שגם כולל תחנות מעבר
מי שהתקין את ה skill עבור ה clawdbot שלו (איך אנחנו קוראים לבוטים עכשיו בעידן ה openclaw?) מוזמן לשתף אם זה נותן לו תוצאות טובות יותר בשיחה
מי שהתקין את ה skill עבור ה clawdbot שלו (איך אנחנו קוראים לבוטים עכשיו בעידן ה openclaw?) מוזמן לשתף אם זה נותן לו תוצאות טובות יותר בשיחה
opencode cooked this time nicely
not just locally developed, but also commit and pushed it ;-)
not just locally developed, but also commit and pushed it ;-)
February 2, 2026 at 7:00 AM
opencode cooked this time nicely
not just locally developed, but also commit and pushed it ;-)
not just locally developed, but also commit and pushed it ;-)
So GitHuman (githuman.dev) from Matteo Collina strengthens what I've been saying about CLI coding agents - the terminal UI is not a productive way to review the diff and code changes...
if you're churning out code strictly on terminal agents then willing to bet you're not reviewing all of it
if you're churning out code strictly on terminal agents then willing to bet you're not reviewing all of it
GitHuman - Review AI Code Before Commit
Review AI agent code changes before commit. A local code review interface for the staging area.
githuman.dev
January 29, 2026 at 7:01 PM
So GitHuman (githuman.dev) from Matteo Collina strengthens what I've been saying about CLI coding agents - the terminal UI is not a productive way to review the diff and code changes...
if you're churning out code strictly on terminal agents then willing to bet you're not reviewing all of it
if you're churning out code strictly on terminal agents then willing to bet you're not reviewing all of it
🦞 Your Clawdbot AI Assistant Has Shell Access and One Prompt Injection Away from Disaster: snyk.io/articles/cla...
Your Clawdbot AI Assistant Has Shell Access and One Prompt Injection Away from Disaster | Snyk
Your monthly roundup of Snyk content – the latest insights patched in, dispatched straight to your inbox. No fluff. Just the good stuff.
snyk.io
January 28, 2026 at 7:00 PM
🦞 Your Clawdbot AI Assistant Has Shell Access and One Prompt Injection Away from Disaster: snyk.io/articles/cla...
a good CI is a green CI 😉
new lockfile-lint released with ESM config file support. get the next major version of the CLI if you want that Node.js module compatibility.
new lockfile-lint released with ESM config file support. get the next major version of the CLI if you want that Node.js module compatibility.
January 28, 2026 at 4:01 PM
a good CI is a green CI 😉
new lockfile-lint released with ESM config file support. get the next major version of the CLI if you want that Node.js module compatibility.
new lockfile-lint released with ESM config file support. get the next major version of the CLI if you want that Node.js module compatibility.
full turbo CI: engaged
feels like I'm running my tests suite on the USS enterprise hah
feels like I'm running my tests suite on the USS enterprise hah
January 28, 2026 at 10:01 AM
full turbo CI: engaged
feels like I'm running my tests suite on the USS enterprise hah
feels like I'm running my tests suite on the USS enterprise hah
הפרודקטיביות עם AI, המחשה מפרויקט אמיתי:
- העלות היא חצי שקלים חדשים
- העלות האלטרנטיבית היא בערך חצי שעה
הפעולה היא ווידוא ששינוי קוד (שהאייג׳נט ביצע מלכתחילה, אחד אחר) עובדים כמו שצריך ולא שוברים שום דבר
- העלות היא חצי שקלים חדשים
- העלות האלטרנטיבית היא בערך חצי שעה
הפעולה היא ווידוא ששינוי קוד (שהאייג׳נט ביצע מלכתחילה, אחד אחר) עובדים כמו שצריך ולא שוברים שום דבר
January 28, 2026 at 7:01 AM
הפרודקטיביות עם AI, המחשה מפרויקט אמיתי:
- העלות היא חצי שקלים חדשים
- העלות האלטרנטיבית היא בערך חצי שעה
הפעולה היא ווידוא ששינוי קוד (שהאייג׳נט ביצע מלכתחילה, אחד אחר) עובדים כמו שצריך ולא שוברים שום דבר
- העלות היא חצי שקלים חדשים
- העלות האלטרנטיבית היא בערך חצי שעה
הפעולה היא ווידוא ששינוי קוד (שהאייג׳נט ביצע מלכתחילה, אחד אחר) עובדים כמו שצריך ולא שוברים שום דבר
Gemini 3 Flash is good for your token diet and it's kinda smart too, I like
January 27, 2026 at 7:00 PM
Gemini 3 Flash is good for your token diet and it's kinda smart too, I like
podman what is going on with you ???
January 27, 2026 at 4:01 PM
podman what is going on with you ???
btw Copilot already gives you the original prompt when it runs and creates a pull request, conveying the intent for "why"
January 27, 2026 at 10:00 AM
btw Copilot already gives you the original prompt when it runs and creates a pull request, conveying the intent for "why"
recognize the prompt?
screenshot courtesy of Literat
screenshot courtesy of Literat
January 27, 2026 at 7:00 AM
recognize the prompt?
screenshot courtesy of Literat
screenshot courtesy of Literat
Israeli train schedule so easy with clawdbot and railil CLI
January 26, 2026 at 4:00 PM
Israeli train schedule so easy with clawdbot and railil CLI
Clawdbot fans in Israel, I have a new skill for you: skill-railil
Uses the `railil` CLI to search Israel train station from-to schedule. Go give your lobster a new skill.
Uses the `railil` CLI to search Israel train station from-to schedule. Go give your lobster a new skill.
January 26, 2026 at 7:00 AM
Clawdbot fans in Israel, I have a new skill for you: skill-railil
Uses the `railil` CLI to search Israel train station from-to schedule. Go give your lobster a new skill.
Uses the `railil` CLI to search Israel train station from-to schedule. Go give your lobster a new skill.
Save the date! 🗓️
On February 11, Snyk is unveiling the latest innovations that empower builders to securely embrace AI-driven development - come tune in ;-)
📈 Strengthen your team’s foundation of DevSecOps for the age of AI development
🛠️ Develop guardrails to secure generative AI from the first p
On February 11, Snyk is unveiling the latest innovations that empower builders to securely embrace AI-driven development - come tune in ;-)
📈 Strengthen your team’s foundation of DevSecOps for the age of AI development
🛠️ Develop guardrails to secure generative AI from the first p
January 25, 2026 at 4:12 PM
Save the date! 🗓️
On February 11, Snyk is unveiling the latest innovations that empower builders to securely embrace AI-driven development - come tune in ;-)
📈 Strengthen your team’s foundation of DevSecOps for the age of AI development
🛠️ Develop guardrails to secure generative AI from the first p
On February 11, Snyk is unveiling the latest innovations that empower builders to securely embrace AI-driven development - come tune in ;-)
📈 Strengthen your team’s foundation of DevSecOps for the age of AI development
🛠️ Develop guardrails to secure generative AI from the first p
New Israel train station skill (railil) created, including a CLI, so you can call your agents with it to search schedule:
GitHub - lirantal/skill-railil: An Agent SKILL for Israel Rail API
An Agent SKILL for Israel Rail API. Contribute to lirantal/skill-railil development by creating an account on GitHub.
github.com
January 23, 2026 at 7:00 PM
New Israel train station skill (railil) created, including a CLI, so you can call your agents with it to search schedule:
new npx CLI dropping so you can create a clawdbot skill for it and find Israel rail way stations easily
January 23, 2026 at 4:01 PM
new npx CLI dropping so you can create a clawdbot skill for it and find Israel rail way stations easily
POV: Snyk security checks complete faster than your CI ;-)
January 23, 2026 at 10:01 AM
POV: Snyk security checks complete faster than your CI ;-)