reply on: Wallet-stealer malware on macOS: here’s what I built to solve it \ stacker news ~privacy

pull down to refresh

0 sats \ 4 replies \ @panicsell OP 21h \ parent \ on: Wallet-stealer malware on macOS: here’s what I built to solve it privacy

It's shady to offer a dmg without source code for something like this.

I plan to open source the code as soon as the core design and approach stabilizes (I want feedback first, and don’t want to publish something half-baked). For now, I get that asking anyone to run a closed-source security tool is a huge trust leap, which is why the beta is free, fully local, and I actively invite people to tear it apart, reverse it, or even audit it however they want.

338 sats \ 3 replies \ @k00b 21h

This

don’t want to publish something half-baked

and

I actively invite people to tear it apart, reverse it, or even audit it however they want

are inconsistent with each other.

No one should download this. You're an internet anon making promises about what happens after a leap of faith is already taken.

0 sats \ 2 replies \ @panicsell OP 21h

No promises - if you don’t feel safe, definitely don’t install. I’ll work on getting a minimal version open sourced ASAP. Until then, treat it like a curiosity or don’t touch it at all.

Main reason for closed-source: I’m paranoid about leaking stuff that could be exploited, and the code is still a mess. I plan to open-source once the core is stable and not embarrassing.

33 sats \ 1 reply \ @ek 20h

I’m paranoid about leaking stuff that could be exploited

You said it works offline. From your site:

Works Offline: Core protection features function perfectly without an internet connection.

So what could there be to exploit?

I plan to open-source once the core is stable and not embarrassing.

You're too embarrassed to show your code, but you're not too embarrassed to ask people to trust you with a tool that probably requires root access?

ShieldKey monitors file access, blocks malicious sites/extensions, checks network connections, and guards system files—all in real-time, locally on your Mac.

0 sats \ 0 replies \ @panicsell OP 18h

Fair enough. Not open-sourcing from day one isn’t about hiding anything malicious; it’s just me being a perfectionist about code quality and avoiding ‘script kiddie’ exploits while things are still raw. No one should trust a new closed-source security tool, especially one that touches wallet files.

If anyone wants to audit or review, I can provide limited source or walkthroughs privately for now. Full open source is the plan after v1 beta feedback and tightening up anything stupid I missed as a solo dev.

Not trying to ‘hide’ - just not ready to defend half-baked code in public yet. If that’s a dealbreaker, 100% respect that, app’s not for you (yet).