Readit News[flagged]
For those looking to quickly understand scope of impact:
> According to Bloomberg and CNN, citing sources, SitusAMC sent data breach notifications to several financial giants, including JPMorgan Chase, Citigroup, and Morgan Stanley. SitusAMC also counts pension funds and state governments as customers, according to its website.
MCP has already drastically lost utility already thanks to skills - for most things it is easier to just hand the model a CLI that it can run.
I'd imagine the same thing will happen here: It will prove more flexible to not push the model (and user) towards a UI that may not match what the user is trying to accomplish.
To me this seems like something I categorically don't want unless it is purely advisory.
There are important contexts outside of machines you control where installing or running cli commands isn’t possible. In those cases, skills won’t help, but MCP will.
electric_muse commented on MCP-Scanner – Scan MCP Servers for vulnerabilities github.com/cisco-ai-defen... · Posted by u/hsanthan
I have seen a bunch of demos of this, often building on top of open standards like the SAFE-MCP MITRE ATT&CK analysis https://github.com/SAFE-MCP/safe-mcp
In general, the only way to make sure MCPs are safe is to limit which connections are made in an enterprise setting
Agreed. Only provide the servers and tools needed for that job.
It would be silly to provide every employee access to GitHub, regardless of whether they need it. It’s just distracting and unnecessary risk. Yet people are over-provisioning MCPs like you would install apps on a phone.
Principle of least access applies here just as it does anywhere else.
electric_muse commented on GitHub is working on stacked diffs twitter.com/jaredpalmer/s... · Posted by u/mihau
This sounds like what graphite.dev had been doing. Is it?
That was fast! I guess that wasn’t the most profitable position to hold. Fail fast!
I'm surprised it has taken this long. Everything I thought I knew about economics (and basic finance) has pointed in the direction of imminent pain for consumers, but what I've been hearing is more of a dull ache at most.
I don't want a crisis, and if we avert one I'll happily update my beliefs. But even if the crisis comes I'll have to figure out why it has been so slow.
You’re probably underestimating how much credit is available to people. Having money issues? Keep paying your car while you borrow money from Klarna for your DoorDash chipotle.
electric_muse commented on EVs are depreciating faster than gas-powered cars restofworld.org/2025/ev-d... · Posted by u/belter
Well, sure. EV'S are smart phones on wheels. Are you going to grab your Samsung 5s in 2030, power it back up and use it to store your most sensitive personal data? Even the lowest-end varieties are always-on, internet-conected devices. Their safety and function is on the same tier as today's phone models. Expensive today, junk in 5 years.
Thanks, but I'm hanging in to my old Subaru.
I think the most accurate part of your analogy is how fast the technology changes and renders yesterday’s product obsolete.
Just saw the Audi etron gt has amazing deals on used cars. Then I saw a new model coming out with better battery, more power, better range, and more features. Suddenly last year’s model is way less compelling.
The idea behind skills is sound because context management matters.
However, skills are different from MCP. Skills has nothing to do with tool calling at all!
You can implement your own version of skills easily and there is absolutely zero need for any kind of standard or a framework of sorts. They way to do is to register a tool / function to load and extend the base prompt and presto - you have implemented your own version of skills.
In ChatBotKit AI Widget we even have our own version of that for both the server and when building client-side applications.
With client-side applications the whole thing is implemented with a simple react hook that adds the necessary tools to extend the prompt dynamically. You can easily come up with your own implementation of that with 20-30 lines of code. It is not complicated.
Very often people latch on some idea thinking this is the next big thing hoping that it will explode. It is not new and it wont explode! It is just part of a suite of tools that already exist in various forms. The mechanic is so simple at its core that practically makes no sense to call it a standard and there is absolutely zero need to have it for most types of applications. It does make sense for coding assistant though as they work with quite a bit of data so there it matters. But skills are not fundamentally different from *.instruction.md prompt in Copilot or AGENT.md and its variations.
One of the best patterns I’ve see is having an /ai-notes folder with files like ‘adding-integration-tests.md’ that contain specialized knowledge suitable for specific tasks. These “skills” can then be inserted/linked into prompts where I think they are relevant.
But these skills can’t be static. For best results, I observe what knowledge would make the AI better at the skill the next time. Sometimes I ask the AI to propose new learnings to add to the relevant skill files, and I adopt the sensical ones while managing length carefully.
Skills are a great concept for specialized knowledge, but they really aren’t a groundbreaking idea. It’s just context engineering.