Posts
All the articles I've posted.
-
One CLAUDE.md File, 44K Stars in a Week: Karpathy's Four Principles for AI Coding
A breakdown of how the forrestchang/andrej-karpathy-skills repo gained 44K stars in a single week: Karpathy's four principles for AI coding (think before coding, simplicity first, surgical changes, goal-driven execution), and how to use them directly in Claude Code.
-
Two Claude Code Environment Variables You've Probably Never Used: EFFORT_LEVEL and ADDITIONAL_DIRECTORIES_CLAUDE_MD
A deep dive into two underrated Claude Code environment variables: CLAUDE_CODE_EFFORT_LEVEL controls the reasoning effort tier, and CLAUDE_CODE_ADDITIONAL_DIRECTORIES_CLAUDE_MD enables sharing rules across projects — with complete configuration examples and use cases.
-
Inside the Axios Poisoning: How a North Korean APT Infected Millions of Developer Environments in 3 Hours
In March 2026, the axios npm package was hijacked by a North Korean state-level APT, planting a RAT into millions of developer environments within 3 hours. This post breaks down two separate but related incidents: the full supply-chain poisoning attack chain, and the technical mechanics and real-world exploitability debate around CVE-2026-40175 (CVSS 10.0).
-
The AI Agent Security Landscape: From the ClawHavoc Poisoning to Cisco DefenseClaw and Microsoft's Governance Toolkit
A ClawHavoc-style supply chain attack poisons 1,184 agent skills and hits 300,000 users; within two weeks, Cisco and Microsoft ship agent security tooling. This post breaks down the threat model, compares the two defense architectures, and walks through real integration code.
-
Getting Started with Claude Managed Agents: Let Anthropic Run Your Agent Loop
Claude Managed Agents, which entered public beta in April 2026, moves the agent loop, tool execution, and sandboxed runtime entirely into Anthropic's cloud—three API calls are all it takes to get an autonomous agent running. This post walks through the core concepts, demonstrates the full workflow with real code, and compares it against building your own.
-
Hermes Agent in Practice: Embedding an AI Assistant into Your Development Workflow
Not another feature rundown of Hermes — this is what it's actually like after wiring it into a real development workflow: code review, requirement breakdown, doc generation, scheduled monitoring. Which scenarios genuinely help, and which ones will bite you.
-
A Deep Dive into Claude Code Hooks: Making the AI Coding Tool Truly Fit Your Workflow
Claude Code Hooks might be the most underrated AI coding feature out there. This post starts with how the three hook types fire, then walks through 10+ real configurations from my blog agent, tooling site, and daily work to show how Hooks can make Claude Code truly part of your workflow.
-
Hermes Agent Review: OpenClaw's Successor, a Multi-Platform AI Assistant with a Built-In Learning Loop
Hermes Agent is an open-source AI assistant framework from Nous Research, featuring a self-learning loop, cross-platform messaging integration, and cron scheduling, with one-command migration from OpenClaw configs. This post covers its core features, where it fits, and its limitations.