I was mostly pulling your leg (about the openclaw comment), but if I were to be totally honest: any developer that delegates to an opaque system becomes an upstream liability rather than an asset. Since we cannot tell whether or not any dev upstream of us has good hygiene - we never could - the pressure to review accumulates downstream. Especially since the likelihood of an upstream dev (or their upstream) exposing themselves without proper controls has over the past year dramatically risen.
Personally, I think I have most of the countermeasures in place for this. But I know for a fact that many fellow devs don't bother, let alone normies.
This is how you turn a "web-of-trust" into a "web-of-liability".
I was mostly pulling your leg (about the openclaw comment), but if I were to be totally honest: any developer that delegates to an opaque system becomes an upstream liability rather than an asset. Since we cannot tell whether or not any dev upstream of us has good hygiene - we never could - the pressure to review accumulates downstream. Especially since the likelihood of an upstream dev (or their upstream) exposing themselves without proper controls has over the past year dramatically risen.
Personally, I think I have most of the countermeasures in place for this. But I know for a fact that many fellow devs don't bother, let alone normies.
This is how you turn a "web-of-trust" into a "web-of-liability".