Posted by iBelieve 16 hours ago
It doesnt allow egress curl, apart from few hardcoded domains.
I have created Cronbox in the cloud which has a better utility than above. Did a "Show HN: Cronbox – Schedule AI Agents" a few days back.
and a pelican riding a bicycle job -
https://cronbox.sh/jobs/pelican-rides-a-bicycle?variant=term...
I run conferences and I like to have photos of delegates on the page so you can see who else is attending.
I wanted to automate this by having Claude go to the person’s LinkedIn profile and save the image to the website.
But it seems it won’t do that because it’s been instructed not to.
That's not unique to LinkedIn but what is somewhat unique is the strong linkage to real world identities, which raises the cost of Sybil attacks on personal networks with high trust.
Is this assuming you give it git commit permission and it just does that? Or it acts through MCP tools you enable?
It's a bit like asking if "an API" was a critical link in some cybersec incident. Yes, it probably was, and?
Prompt injection is "social engineering" but applied to LLMs. It's not a bug, it's fundamentally just a facet of its (LLM/human) general nature. Mitigations can be placed, at the cost of generality/utility of the system.
Fair enough but then that means that MCP is not "a bit like asking if "an API" was a critical link in some cybersec incident"
Because I can secure an API but I can't secure the the "(LLM/human) general nature."
The security risk here is the LLM, not the MCP, and you cannot secure the LLM in such system any more you can secure user - unless you put that LLM there and own it, at which point it becomes a question of whether it should've been there in the first place (and the answer might very well be "yes").
It's a game changer.
Edit: my mistake. It's inferior to a Cron job. If my repos happen to be self hosted with Forgejo or codeberg, then it won't even work. If I concede to use GitHub though I don't have to set up any env variables. Schedules lock-in, all over the web.
I feel this is rooted in problems that extend beyond computing. Regular people are not allowed to automate things in their life. Consider that for most people, the only devices designed to allow unattended execution off a timer are a washing machine, some ovens and dishwashers, and an alarm clock (also VCRs in the previous era). Anything else requires manual actuation and staying in a synchronous loop.
Of course a provider can offer convenient shortcuts, but at the cost of getting tied into their ecosystem.
Anthropic is clearly battling an existential threat: what happens when our paying users figure out they can get a better and cheaper model elsewhere.
They solved that with subscriptions. For end-users (and developers using AI for coding), it makes no sense to go for pay-as-you-go API use, as anything interesting will burn more than the monthly subscription worth of $$$ in API costs in few hours to days.
Sure subscription is a sort of tie in, but only if users are fooled into investing in workflows bound to anthropic. That's what the company is hooking them to do with this scheduler, banning open agentic framework and the rest.
The moat, if any, will be the tooling. Token is becoming a commodity, they know it.
Such a service will always be destroyed by the bell-ends who want to run spam or worse activities.
(And on Android, AFAIK there's exactly nothing at all. There's not even common support for any kind of basic automation; only recent exception is Samsung. From third-party apps, there's always been Tasker - very powerful, but the UX almost makes you want to learn to write Android apps instead.)
I think the core problem is not so much that it is not "allowed", but that even the most basic types of automation involves programming. I mean "programming" here in the abstract sense of "methodically breaking up a problem into smaller steps and control flows". Many people are not interested in learning to automate things, or are only interested until they learn that it will involve having to learn new things.
There is no secret conspiracy stopping people from learning to automate things, rather I think it's quite the opposite: many forces in society are trying to push people to automate more and more, but most are simply not interested in learning to do so. See for example the bazillion different "learn to code" programs.
Computing isn't, and has never been, demand-driven. It's all supply-driven. People choose from what's made available by vendors, and nobody bothers listening to user feedback.
https://imgur.com/a/apero-TWHSKmJ
Cron triggers (or specific triggers per connector like new email in Gmail, new linear issue, etc for built in connectors).
Then you can just ask in natural language when (whatever trigger+condition) happens do x,y and z with any configuration of connectors.
It creates an agentic chain to handle the events. Parent orchestrator with limited tools invoking workers who had access to only their specific MCP servers.
Official connectors are just custom MCP servers and you could add your own MCP servers.
I definitely had the most advanced MCP client on the planet at that point, supporting every single feature of the protocol.
I think that's why I wasn't blown away by OpenClaw, I had been doing my own form of it for a while.
I need to release more stuff for people to play around with.
My friends had use cases like "I get too many emails from my kids school I can't stay on top of everything".
So the automation was just asking "when I get an email from my kids school, let me know if there's anything actionable for me in it"