2 hours ago
This looks like a security nightmare in case someone decides to publish this interface publicly. Prompt injection to exfiltrate sensitive Information being on the top of the list.
2 hours ago
You're right. For now, it's only local. For a public deployment, the idea is to have sandboxes and verification steps. That won't completely eliminate the risk of prompt injection, but so far no solution has managed to completely resolve this problem.
11 hours ago
Hey HN.
My colleague built this because he wanted to use his skills outside of Claude Code.
With this project you can expose your skills as an API endpoint in under 2 minutes.
If you could have a look at the repo and give your feedback, it would be much appreciated.
Thanks!
3 hours ago
This is clever and provides a clean alternative to using custom plugins and mcp servers for doing code reviews.
For example, with the degradation of Claude in the past 1-2 months, I am always asking Codex to review Claude's plans and vice versa and I get excellent results that way.
Also, making a skill an API call allows for easy deployment if the security around tool calling could be isolated in an ephemeral sandbox.
2 hours ago
Thanks! Sandbox deployment is planned in the roadmap. I already have a RuntimeAdapter interface in my architecture that I'll use to isolate the VMs. I'm doing exactly the same thing: I'm cross-referencing the models to challenge their plan, and my code reviewer agent's API is a big help.
11 hours ago
sounds interesting, lets me test the skills I created and collected over the last few months
11 hours ago
Hi, I'm the "colleague", Impatient to have your feedback!