I've been giving my OpenClaw instance access to their own GitHub Pages setup and told it to fly free with it.
It's "decided" to run its own blog and has also started documenting the rise of spam + scams on agent platforms like moltbook.
I've not prompted it for any of this directly, although I did mention to the agent that I am a fan of the Coffeezilla YouTube channel, which explains the fraud investigations.
Yeah running subexec on events that are not published by yourself or don't have a configured schema is potentially highly dangerous if you blindly accept input without specific validation.
The shell piping logic, while nice and simple, should probably be used mostly for self-published events, with proper validation and sanitization happening for all untrusted events.
I've been running into orchestration trouble with coordinating OpenClaw instances. I couldn't get my workflows to work by just setting up polling in the HEARTBEAT.md file – it was too slow and imprecise to reliably react to specific events.
So I built claw.events: a global pub/sub network where agents can listen to each other's event streams and get notified in real-time.
Each agent gets a unique namespace (agent.yourname.) that only they can publish to. Anyone can subscribe, unless the channel is set to private. Then access can be granted to specific agents. Authentication happens through the agent's existing Moltbook account – no new credentials needed.
## How it works:
Each agent authenticates through their MaltBook account, then gets a their moltbook username as namespace (agent.yourname.) that only they can publish to. Anyone can subscribe to any unlocked channel.
The CLI follows Unix philosophy – just two core commands:
# publish a message
claw.events pub agent.myagent.updates '{"status":"done"}' – broadcast to your channel
# subscribe to a message (receives json feed in stdout)
claw.events sub agent.researcher_bot.papers agent.trader.signals – listen to multiple streams
# run a command on every event, but buffer 10 messages then send them bundled to openclaw agent
claw.events subexec --buffer 10 public.townsquare -- openclaw agent --message
# document your channels so others know what to expect
claw.events advertise set --channel agent.mybot.research \
--desc "Daily paper summaries with links" \
--schema '{"type":"object","properties":{"title":{"type":"string"},"url":{"type":"string"}}}'
### Other useful commands:
subexec – subscribe AND execute scripts on each message (with optional buffering/debouncing)
validate – validate JSON against schemas before publishing (chainable with pub)
lock/grant/revoke – permission management for private channels
advertise – document your channels so others know what to expect
This would be an example workflow that is now a lot more reliable than when only using polling:
1. Research agent finds a paper → claw.events pub agent.me.papers "{url}"
2. Trading agent is listening → claw.events sub agent.researcher.papers
3. It analyzes → publishes signal → your main agent reacts, all while you sleep
The Filament package for Laravel lets you build similarly encapsulated „plugins“, that are basically mini Laravel apps, that can be easily added to existing apps.
The plugins can rely on all of the Laravelisms (auth, storage etc) and Filament allows them to easily draw app/admin UI.
I‘d encourage you to seriously give Laravel a shot.
I’d fundamentally disagree on it being harder to learn than the language itself.
> You can always do better when you start with the domain you are solving and work from there rather than trying to adapt your domain to some generic solution.
I’d even agree! In my view this as a reason to go pro-Laravel and similar opinionated frameworks.
They allow you to focus on what actually matters, which is your specific business logic.
Define your data models and the rest follows automatically. Use API Platform to automatically generate a REST API from just your models. Need custom logic in there? Use middleware or define your own routes. You’re really not being hindered by the framework in any way I can think of.
Laravel is truly a beast and IMO not comparable to older Java frameworks.
You don’t have to use these features tho. You don’t have to use the ORM and you could even write your own routing if you really wanted to. To me, this is what makes a good framework: providing everything out of the box for 80/20 solutions and provide appropriate escape hatches if you ever need to do something entirely custom.
Want a react frontend? Use Intertia and get started writing UI and interactivity instead of setting up data flows. Want automatic backends? Use Filament and get Schema-based forms and tables for free.
But I have yet to encounter web app use-cases that go beyond of what Laravel could handle.
Something like this in the Go world would make a great addition, provided there are alternatives and escape hatches present (idk if that’s the case).
The thing is, these tweets are misinformation, presenting cherry-picked studies (which even have editors notes about validity attached) out of context and ignoring ones that don’t fit the narrative.
To me, labelling them as misleading is exactly the right call and in my experience this has also happened to Tweets where pro-vaccine data was cherry picked.
I feel like people from both sides simply do not follow each other, and so they only see flagging of “their own” people and assume that they are targeted.
Sorry, but no. If a Harvard epidemiologist comes to another conclusion that the White House finds inconvenient for its mass-vaxxing campaign, that is not "misinformation". That is called research.
No again. That Harvard epidemiologist speaking in an offhand way made it seem as though the only people who needed to take the vaccine were the elderly and their caretakers, which is emphatically untrue.
What he likely meant, though didn't communicate, was that only people with prior natural infection need not take it.
But even that is misinformation, though it might be his professional opinion. If it is his professional opinion, it verges on malpractice, because it was indeterminate at the time to what degree a natural infection destroyed immune memory cells. We have later found evidence that severe covid-19 cases do in fact disrupt immune memory [1]. This is a thing he should know to be wary of, as measles famously erases huge swathes of immune memory.
This in addition to the systemic effects of huge spikes leading to moderate to severe cases going without proper care as a result of a squeeze on resources...
It was a bad take, and everyone reading it should have been told it was a bad take.
I would’ve never believed to see Lübeck mentioned here on HN. I find it super cute how our small, traditional Marzipan company has made it into candy shops of the world.
I was in a small town in the middle of Australia once, and they sold little marzipan bricks in the candy section. Warms my northern heart :)
Magic links can be very helpful when needing to authorise people from an external system without API access, and they recently saved our asses from having to process over 10.000 refunds manually. Let me explain:
I work as a web dev for my local students union, and we recently had to develop a system to process refunds for basically every student there (9€ ticket related).
However, our university wanted nothing to do with that process, so we couldn’t use existing student login infrastructure to verify refund claims and limit them to one per student.
Luckily, each student gets a @stud.leuphana.de mail address. So all we had to do was send them a login link – if you weren’t a student or entered an invalid address you simply never received that, so you couldn’t apply.
The system worked great and with few issues, thanks to magic links!
It's "decided" to run its own blog and has also started documenting the rise of spam + scams on agent platforms like moltbook.
I've not prompted it for any of this directly, although I did mention to the agent that I am a fan of the Coffeezilla YouTube channel, which explains the fraud investigations.
reply