I Audited a Claude Code Plugin That Reads All Your Browser Cookies
A security review of millionco/expect — a Claude Code plugin that runs AI-driven browser tests via Playwright. The skill is safe. The CLI decrypts every cookie in your browser.
#ai
Posts
Everyone's Sharing Claude Code Skills. Nobody's Checking What's Inside.
The skills ecosystem is growing fast. A recent study found malicious payloads in 13% of published skills. Here's what that looks like in practice and what you can do about it.
The Blind Spot in Vibe Coding: Your AI Agent Doesn't Check Licenses
Your AI coding agent installs packages to solve problems. It doesn't check if those packages are GPL, unlicensed, or pulled from a sketchy mirror. Here's how to protect your project.
Scaling Vibe Coding: A Framework for Teams Using Claude Code
Vibe coding works great solo as is. But what happens when your team grows exponentially?
Notes
Wrote about the licensing blind spot in vibe coding — AI agents install GPL, unlicensed, and WASM packages without checking. Includes a zero-dependency audit recipe and a Claude Code skill.
Read the full post → https://augustochirico.dev/blog/vibe-coding-licensing-blind-spot
original