raw_payload
{
"by": "Wirbelwind",
"id": 48308376,
"url": "https://llmgame.scalex.dev",
"kids": [
48311215,
48312382,
48313561,
48311085,
48313478,
48315039,
48314708,
48310698,
48310712,
48311036,
48310574,
48312537,
48313442,
48315343,
48310539,
48314477,
48312328,
48310375,
48311115,
48311809,
48311854,
48313553,
48315905,
48315544,
48313008,
48311512,
48311195,
48313125,
48315267,
48310435,
48311044,
48310919,
48308636,
48311366,
48310326,
48310301,
48314624,
48310267,
48311157,
48313622,
48313608,
48311318,
48311574,
48311168,
48315741,
48313804,
48311815,
48315367,
48312097,
48314398,
48313976
],
"time": 1779973320,
"type": "story",
"score": 192,
"title": "Show HN: Continue? Y/N: A 60-second game about AI agent permission fatigue",
"descendants": 93
}source_raw_snapshot
{
"id": "752fa5b9-d250-4d70-897a-bacb69b8d1c4",
"daily_ranking_item_id": "ac051f4f-e784-4114-85ba-50236610c56a",
"source": "hacker_news",
"external_id": "48308376",
"fetched_at": "2026-05-28T22:01:23.716Z",
"story_raw": {
"by": "Wirbelwind",
"id": 48308376,
"url": "https://llmgame.scalex.dev",
"kids": [
48311215,
48312382,
48313561,
48311085,
48313478,
48315039,
48314708,
48310698,
48310712,
48311036,
48310574,
48312537,
48313442,
48315343,
48310539,
48314477,
48312328,
48310375,
48311115,
48311809,
48311854,
48313553,
48315905,
48315544,
48313008,
48311512,
48311195,
48313125,
48315267,
48310435,
48311044,
48310919,
48308636,
48311366,
48310326,
48310301,
48314624,
48310267,
48311157,
48313622,
48313608,
48311318,
48311574,
48311168,
48315741,
48313804,
48311815,
48315367,
48312097,
48314398,
48313976
],
"time": 1779973320,
"type": "story",
"score": 192,
"title": "Show HN: Continue? Y/N: A 60-second game about AI agent permission fatigue",
"descendants": 93
},
"stats_raw": {
"time": 1779973320,
"score": 192,
"descendants": 93
},
"aux_raw": {
"external_url": "https://llmgame.scalex.dev",
"hn_comment_url": "https://news.ycombinator.com/item?id=48308376",
"normalized_text": null,
"external_article": {
"title": "Continue? Y/N",
"excerpt": null,
"final_url": "https://llmgame.scalex.dev/",
"fetched_at": "2026-05-28T22:01:17.822Z",
"description": "A 30-second game about LLM permission fatigue. How carefully do you really read AI commands?"
},
"selected_comments": [
{
"id": 48311215,
"raw": {
"by": "xg15",
"id": 48311215,
"kids": [
48314380,
48314687
],
"text": "This is amazing!<p>Currently you can "cheat" by simply denying all requests as quickly as possible. This will give you the "security-conscious engineer" badge <i>and</i> a perfect score in terms of how many requests were processed. (You will get the "overblock" notification, but it's somewhat tucked away at the bottom and the screen still looks as if you won)<p>I also tried to play as the hustle4lyfe move fast and break things engineer and simply approved as many requests as quickly as possible - turns out, the "malicious command" popups actually slow you down. Mean!",
"time": 1779985447,
"type": "comment",
"parent": 48308376
},
"body": "This is amazing! Currently you can \"cheat\" by simply denying all requests as quickly as possible. This will give you the \"security-conscious engineer\" badge and a perfect score in terms of how many requests were processed. (You will get the \"overblock\" notification, but it's somewhat tucked away at the bottom and the screen still looks as if you won) I also tried to play as the hustle4lyfe move fast and break things engineer and simply approved as many requests as quickly as possible - turns out, the \"malicious command\" popups actually slow you down. Mean!",
"is_op": false,
"author": "xg15",
"raw_body": "This is amazing!<p>Currently you can "cheat" by simply denying all requests as quickly as possible. This will give you the "security-conscious engineer" badge <i>and</i> a perfect score in terms of how many requests were processed. (You will get the "overblock" notification, but it's somewhat tucked away at the bottom and the screen still looks as if you won)<p>I also tried to play as the hustle4lyfe move fast and break things engineer and simply approved as many requests as quickly as possible - turns out, the "malicious command" popups actually slow you down. Mean!",
"created_at": 1779985447,
"reply_count": 2
},
{
"id": 48312382,
"raw": {
"by": "spurgelaurels",
"id": 48312382,
"kids": [
48312728,
48312718
],
"text": "Fun game, but it showed the lack of security hygiene employed by the game writer. It said `cat ~/.zshrc` was bad because it would share tokens and secrets, but I would never put secrets into my shell rc.",
"time": 1779989250,
"type": "comment",
"parent": 48308376
},
"body": "Fun game, but it showed the lack of security hygiene employed by the game writer. It said `cat ~/.zshrc` was bad because it would share tokens and secrets, but I would never put secrets into my shell rc.",
"is_op": false,
"author": "spurgelaurels",
"raw_body": "Fun game, but it showed the lack of security hygiene employed by the game writer. It said `cat ~/.zshrc` was bad because it would share tokens and secrets, but I would never put secrets into my shell rc.",
"created_at": 1779989250,
"reply_count": 2
},
{
"id": 48313561,
"raw": {
"by": "socksy",
"id": 48313561,
"kids": [
48314655
],
"text": "Weird to make reading zshrc supposed unsafe when I happily publish it in my public dotfiles repo... Who the hell keeps API keys in it? OTOH it seems like lots of these AI tools keep appending PATH in it so I guess there's a fundamental misunderstanding of shell best practices in the entire AI space...<p>Additionally, killing the results of `lsof` is _not_ safe - if, say, you have the web page open in firefox, or a client subshell in the agent itself, then boom, there goes firefox and the agent.",
"time": 1779993835,
"type": "comment",
"parent": 48308376
},
"body": "Weird to make reading zshrc supposed unsafe when I happily publish it in my public dotfiles repo... Who the hell keeps API keys in it? OTOH it seems like lots of these AI tools keep appending PATH in it so I guess there's a fundamental misunderstanding of shell best practices in the entire AI space... Additionally, killing the results of `lsof` is _not_ safe - if, say, you have the web page open in firefox, or a client subshell in the agent itself, then boom, there goes firefox and the agent.",
"is_op": false,
"author": "socksy",
"raw_body": "Weird to make reading zshrc supposed unsafe when I happily publish it in my public dotfiles repo... Who the hell keeps API keys in it? OTOH it seems like lots of these AI tools keep appending PATH in it so I guess there's a fundamental misunderstanding of shell best practices in the entire AI space...<p>Additionally, killing the results of `lsof` is _not_ safe - if, say, you have the web page open in firefox, or a client subshell in the agent itself, then boom, there goes firefox and the agent.",
"created_at": 1779993835,
"reply_count": 1
},
{
"id": 48311085,
"raw": {
"by": "axod",
"id": 48311085,
"text": "Fun little game, but I think the questions jump context so much it's a little unrepresentative. It might be better to group things into "packs", which have more real-world representative structure to them.\nFor example, lots of "editing something.js" file permission requests, and then an "npm publish" is far more normal, and it's more of a risk, if you're used to pressing Y lots and then suddenly out of the blue...",
"time": 1779985002,
"type": "comment",
"parent": 48308376
},
"body": "Fun little game, but I think the questions jump context so much it's a little unrepresentative. It might be better to group things into \"packs\", which have more real-world representative structure to them. For example, lots of \"editing something.js\" file permission requests, and then an \"npm publish\" is far more normal, and it's more of a risk, if you're used to pressing Y lots and then suddenly out of the blue...",
"is_op": false,
"author": "axod",
"raw_body": "Fun little game, but I think the questions jump context so much it's a little unrepresentative. It might be better to group things into "packs", which have more real-world representative structure to them.\nFor example, lots of "editing something.js" file permission requests, and then an "npm publish" is far more normal, and it's more of a risk, if you're used to pressing Y lots and then suddenly out of the blue...",
"created_at": 1779985002,
"reply_count": 0
},
{
"id": 48313478,
"raw": {
"by": "orsorna",
"id": 48313478,
"text": "About three quarters of the "bad" choices are things that not only do I not care about leaking but things that an employer would not punish you for doing, even if it led to a production incident.",
"time": 1779993491,
"type": "comment",
"parent": 48308376
},
"body": "About three quarters of the \"bad\" choices are things that not only do I not care about leaking but things that an employer would not punish you for doing, even if it led to a production incident.",
"is_op": false,
"author": "orsorna",
"raw_body": "About three quarters of the "bad" choices are things that not only do I not care about leaking but things that an employer would not punish you for doing, even if it led to a production incident.",
"created_at": 1779993491,
"reply_count": 0
}
],
"presentation_fields": {
"title": "Show HN: Continue? Y/N: A 60-second game about AI agent permission fatigue",
"tagline": "llmgame.scalex.dev",
"website_url": "https://llmgame.scalex.dev",
"canonical_url": "https://news.ycombinator.com/item?id=48308376"
},
"external_url_hostname": "llmgame.scalex.dev",
"selected_comments_raw": [
{
"by": "xg15",
"id": 48311215,
"kids": [
48314380,
48314687
],
"text": "This is amazing!<p>Currently you can "cheat" by simply denying all requests as quickly as possible. This will give you the "security-conscious engineer" badge <i>and</i> a perfect score in terms of how many requests were processed. (You will get the "overblock" notification, but it's somewhat tucked away at the bottom and the screen still looks as if you won)<p>I also tried to play as the hustle4lyfe move fast and break things engineer and simply approved as many requests as quickly as possible - turns out, the "malicious command" popups actually slow you down. Mean!",
"time": 1779985447,
"type": "comment",
"parent": 48308376
},
{
"by": "spurgelaurels",
"id": 48312382,
"kids": [
48312728,
48312718
],
"text": "Fun game, but it showed the lack of security hygiene employed by the game writer. It said `cat ~/.zshrc` was bad because it would share tokens and secrets, but I would never put secrets into my shell rc.",
"time": 1779989250,
"type": "comment",
"parent": 48308376
},
{
"by": "socksy",
"id": 48313561,
"kids": [
48314655
],
"text": "Weird to make reading zshrc supposed unsafe when I happily publish it in my public dotfiles repo... Who the hell keeps API keys in it? OTOH it seems like lots of these AI tools keep appending PATH in it so I guess there's a fundamental misunderstanding of shell best practices in the entire AI space...<p>Additionally, killing the results of `lsof` is _not_ safe - if, say, you have the web page open in firefox, or a client subshell in the agent itself, then boom, there goes firefox and the agent.",
"time": 1779993835,
"type": "comment",
"parent": 48308376
},
{
"by": "axod",
"id": 48311085,
"text": "Fun little game, but I think the questions jump context so much it's a little unrepresentative. It might be better to group things into "packs", which have more real-world representative structure to them.\nFor example, lots of "editing something.js" file permission requests, and then an "npm publish" is far more normal, and it's more of a risk, if you're used to pressing Y lots and then suddenly out of the blue...",
"time": 1779985002,
"type": "comment",
"parent": 48308376
},
{
"by": "orsorna",
"id": 48313478,
"text": "About three quarters of the "bad" choices are things that not only do I not care about leaking but things that an employer would not punish you for doing, even if it led to a production incident.",
"time": 1779993491,
"type": "comment",
"parent": 48308376
}
]
},
"selection_meta": {
"discussion_depth": "top_comments_v1",
"external_article": {
"status": "ok",
"final_url": "https://llmgame.scalex.dev/",
"status_code": 200,
"content_type": "text/html; charset=utf-8",
"failure_reason": null
},
"snapshot_version": "hn_story_v3",
"selected_comments_count": 5,
"external_article_resolved": true,
"text_normalization_applied": false
},
"created_at": "2026-05-28T22:01:23.956Z",
"updated_at": "2026-05-28T22:01:23.956Z"
}