Feed aggregator

I built a CLI tool that acts as an AI agent for API testing. Think Claude Code, but for testing APIs – you describe what you want to test, and it autonomously generates test cases, runs them, and reports back. Written in Go, open source, no GUI. It fits into your existing terminal workflow. I was tired of manually writing and updating API tests, so I built something that handles that loop for me. GitHub: https://github.com/Octrafic/octrafic-cli

Feedback welcome.

Comments URL: https://news.ycombinator.com/item?id=46959665

Points: 1

# Comments: 0

Article URL: https://taoofmac.com/space/blog/2026/02/06/1245

Comments URL: https://news.ycombinator.com/item?id=46959659

Points: 1

# Comments: 0

Recently I was trying to use an MCP server to pull data from a service, but hit a limitation: the MCP didn't expose the data I needed, even though the service's REST API supported it. So I wrote a quick CLI wrapper around the API. Worked great, except Claude Code had no structured way to know what my CLI does or how to call it. For `gh` or `curl` the model can learn from the extensive training data, but for a tool I just wrote, it was stabbing in the dark.

MCP solves this discovery problem, but it does it by rebuilding tool interaction from scratch: server processes, JSON-RPC transport, client-host handshakes. It got discovery right but threw out composability to get there. You can't pipe one MCP tool into another or run one in a cron job without a host process. Pulling a Confluence page, checking Jira for duplicates, and filing a ticket is three inference round-trips for work that should be a bash one-liner. I also seem to endlessly get asked to re-login to my MCPs, something `gh` CLI never asks me to do.

I think the industry took a wrong turn here. We didn't need a new execution model for tools, we needed to add one capability to the execution model we already had. That's what Model Tools Protocol (MTP) is: a spec for making any CLI self-describing so LLMs can discover and use it.

MTP does that with a single convention: your CLI responds to `--mtp-describe` with a JSON schema describing its commands, args, types, and examples. No server, no transport, no handshake. I wrote SDKs for Click (Python), Commander.js (TypeScript), Cobra (Go), and Clap (Rust) that introspect the types and help strings your framework already has, so adding `--mtp-describe` to an existing CLI is a single function call.

I don't think MCP should disappear, so there's a bidirectional bridge. `mtpcli serve` exposes any `--mtp-describe` CLI as an MCP server, and `mtpcli wrap` goes the other direction, turning MCP servers into pipeable CLIs. The ~2,500 MCP servers out there become composable CLI tools you can script and run in CI without an LLM in the loop.

The real payoff is composition: your custom CLI, a third-party MCP server, and jq in a single pipeline, no tokens burned. I'll post a concrete example in the comments.

Try it:

npm i -g @modeltoolsprotocol/mtpcli && mtpcli --mtp-describe I know it's unlikely this will take off as I can't compete with the great might of Anthropic, but I very much welcome collaborators on this. PRs are welcome on the spec, additional SDKs, or anything else. Happy building!

Spec and rationale: <https://github.com/modeltoolsprotocol/modeltoolsprotocol>

CLI tool: <https://github.com/modeltoolsprotocol/mtpcli>

SDKs: TypeScript (<https://github.com/modeltoolsprotocol/typescript-sdk>) | Python (<https://github.com/modeltoolsprotocol/python-sdk>) | Go (<https://github.com/modeltoolsprotocol/go-sdk>) | Rust (<https://github.com/modeltoolsprotocol/rust-sdk>)

Comments URL: https://news.ycombinator.com/item?id=46959655

Points: 4

# Comments: 2

Article URL: https://taoofmac.com/space/notes/2026/02/01/2130

Comments URL: https://news.ycombinator.com/item?id=46959648

Points: 1

# Comments: 0

I got tired of paying $15-50/month to sign PDFs, so I built a free alternative.

How it works: Upload PDF, draw or type your signature, place it, download. Done.

No account required. No document limits. No watermarks. No "you've used your 3 free signatures" gotchas.

Monetized through ads (same model as Photopea).

Tech: Node.js + Express, pdf-lib for manipulation, vanilla JS frontend. Processing happens client-side for privacy.

Happy to answer questions about the implementation or business model.

Comments URL: https://news.ycombinator.com/item?id=46959637

Points: 1

# Comments: 0

Article URL: https://github.com/hugoventures1-glitch/agentvault

Comments URL: https://news.ycombinator.com/item?id=46959629

Points: 1

# Comments: 1

Article URL: https://twitter.com/europa/status/2020851497437708297

Comments URL: https://news.ycombinator.com/item?id=46959628

Points: 1

# Comments: 0

Fresh off a breathless Super Bowl Sunday, we’re less thrilled to bring you this week’s Weirdo Wednesday. Two stories caught our eye, both involving men who crossed clear lines and invaded women’s privacy online.

Last week, 27-year-old Kyle Svara of Oswego, Illinois admitted to hacking women’s Snapchat accounts across the US. Between May 2020 and February 2021, Svara harvested account security codes from 571 victims, leading to confirmed unauthorized access to at least 59 accounts.

Rather than attempting to break Snapchat’s robust encryption protocols, Svara targeted the account owners themselves with social engineering.

After gathering phone numbers and email addresses, he triggered Snapchat’s legitimate login process, which sent six-digit security codes directly to victims’ devices. Posing as Snapchat support, he then sent more than 4,500 anonymous messages via a VoIP texting service, claiming the codes were needed to “verify” or “secure” the account.

Svara showed particular interest in Snapchat’s My Eyes Only feature—a secondary four-digit PIN meant to protect a user’s most sensitive content. By persuading victims to share both codes, he bypassed two layers of security without touching a single line of code. He walked away with private material, including nude images.

Svara didn’t do this solely for his own kicks. He marketed himself as a hacker-for-hire, advertising on platforms like Reddit and offering access to specific accounts in exchange for money or trades.

Selling his services to others was how he got found out. Although Svara stopped hacking in early 2021, his legal day of reckoning followed the 2024 sentencing of one of his customers: Steve Waithe, a former track and field coach who worked at several high-profile universities including Northeastern. Waithe paid Svara to target student athletes he was supposed to mentor.

Svara also went after women in his home area of Plainfield, Illinois, and as far away as Colby College in Maine.

He now faces charges including identity theft, wire fraud, computer fraud, and making false statements to law enforcement about child sex abuse material. Sentencing is scheduled for May 18.

How to protect your Snapchat account

Never send someone your login details or secret codes, even if you think you know them.

This is also a good time to talk about passkeys.

Passkeys let you sign in without a password, but unlike multi-factor authentication, passkeys are cryptographically tied to your device, and can’t be phished or forwarded like one-time codes. Snapchat supports them, and they offer stronger protection than traditional multi-factor authentication, which is increasingly susceptible to smart phishing attacks.

Bad guys with smart glasses

Unfortunately, hacking women’s social media accounts to steal private content isn’t new. But predators will always find a way to use smart tech in nefarious ways. Such is the case with new generations of ‘smart glasses’ powered by AI.

This week, CNN published stories from women who believed they were having private, flirtatious interactions with strangers—only to later discover the men were recording them using camera-equipped smart glasses and posting the footage online.

These clips are often packaged as “rizz” videos—short for “charisma”—where so-called manfluencers film themselves chatting up women in public, without consent, to build followings and sell “coaching” services.

The glasses, sold by companies like Meta, are supposed to be used for recording only with consent, and often display a light to show that they’re recording. In practice, that indicator is easy to hide.

When combined with AI-powered services to identify people, as researchers did in 2024, the possibilities become even more chilling. We’re unaware of any related cases coming to court, but suspect it’s only a matter of time.

We don’t just report on scams—we help detect them

Cybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard, a feature of our mobile protection products. Submit a screenshot, paste suspicious content, or share a text or phone number, and we’ll tell you if it’s a scam or legit. Download Malwarebytes Mobile Security for iOS or Android and try it today!

Available via Telegram, researchers warn ZeroDayRAT is a ‘complete mobile compromise toolkit’ comparable to kits normally requiring nation-state resources to develop.

The post New ‘ZeroDayRAT’ Spyware Kit Enables Total Compromise of iOS, Android Devices appeared first on SecurityWeek.

Article URL: https://www.theregister.com/2026/02/10/apple_google_uk_app_stores/

Comments URL: https://news.ycombinator.com/item?id=46959095

Points: 1

# Comments: 0

Article URL: https://www.cdomagazine.tech/aiml/taiwan-passes-landmark-ai-governance-framework

Comments URL: https://news.ycombinator.com/item?id=46959093

Points: 1

# Comments: 0

Article URL: https://github.com/Mapika/portview

Comments URL: https://news.ycombinator.com/item?id=46959091

Points: 2

# Comments: 0

Article URL: https://appiliy.com

Comments URL: https://news.ycombinator.com/item?id=46959082

Points: 1

# Comments: 1

Hi HN — I’ve been building something unusual and would love your feedback.

Arcane Temple is a gamified learning platform exploring the science and structure of spirituality through level‑based study, quests, and a progression system. It’s for people who take inner development seriously but don’t resonate with traditional religion or New Age fluff — a kind of “intellectual home” for the spiritually curious.

The idea came from a simple observation: millions of people explore meditation, mysticism, altered states, myth, and consciousness, but there’s no shared framework or cohesive narrative. So I built an LMS that treats spirituality as a field of study — something you can investigate, practice, and level up through structured learning rather than belief.

The platform includes 40+ hours of free foundational content, a development‑archetype quiz, unlockable workshops, and a progression system. After the free levels, membership is $7/month and unlocks deeper content and meetings, but the core of the Temple will always remain open.

This isn’t a dogma project. It’s an open‑source investigation into the “arcane” — the underlying principles that show up in science, myth, psychology, and human development. I’m trying to build a serious training ground for people who want to explore the inner world with the same rigor they bring to the outer one.

I’m looking for early members who want to help shape the Temple. If you’re curious about the intersection of spirituality, science, and learning design — or if you just enjoy testing new platforms — I’d love your feedback. Early contributors become part of the “Inner Circle,” which just means you help refine the curriculum, stress‑test the gamification, and influence the direction of the project.

I’m ready for honest critique. Let me have it. Link: ArcaneTemple.com

Comments URL: https://news.ycombinator.com/item?id=46959070

Points: 1

# Comments: 1

Article URL: https://www.bbc.com/news/articles/ckgzv529v5no

Comments URL: https://news.ycombinator.com/item?id=46959067

Points: 3

# Comments: 0

Article URL: https://github.com/Zaneham/jovial-compiler

Comments URL: https://news.ycombinator.com/item?id=46959059

Points: 1

# Comments: 0

Article URL: https://newsletter.eng-leadership.com/p/96-engineers-dont-fully-trust-ai

Comments URL: https://news.ycombinator.com/item?id=46959055

Points: 1

# Comments: 0

Estimated to have infected 7,000 systems, the botnet uses a mass-compromise pipeline, deploying various scanners and malware.

The post New ‘SSHStalker’ Linux Botnet Uses Old Techniques appeared first on SecurityWeek.

Article URL: https://giacomocavalieri.me/writing/testing-can-be-fun-actually

Comments URL: https://news.ycombinator.com/item?id=46959038

Points: 1

# Comments: 0