Technology. In shy words.
← Back

Creator of AI tool GSD rug-pulls crypto token and vanishes with terminal access

Original version · May 25, 13:00

Give an AI full access to your command line, what could go wrong? The genius creator of a hyped coding framework just pulled a classic crypto exit scam, leaving developers sweating over their server credentials.

The anonymous developer known as glittercowboy on GitHub deleted their social media accounts and drained the liquidity of the Solana-based token $GSD, leaving the popular project Get Shit Done in absolute chaos. This tool, designed to orchestrate Claude Code agents into automated software engineers, was suddenly orphaned while holding the keys to thousands of development environments.

Giving an autonomous AI agent bash access is basically like hiring a highly caffeinated toddler to manage your database, but the developer community loved it anyway because it bypassed corporate bureaucracy. The framework allowed Claude Code to write files, run terminal commands, and modify codebases with zero human intervention.

The panic set in when users realized that while the token was just a useless meme-coin, the creator still controlled the official npm package registry for the tool. A single malicious update pushed by the vanished creator could instantly turn thousands of developer machines, SSH keys, and cloud production environments into public property.

To prevent a total security meltdown, developers rushed to fork the project into a new repository called get-shit-done-redux. This community-led version aims to strip out all crypto nonsense and audit every single line of code to make sure it doesn't secretly send your AWS credentials to a beach resort in Bali.

Security experts are urging anyone who ran the global command npm install -g get-shit-done to immediately uninstall the package, check their local .bashrc or .zshrc shell hooks, and reset any active environment variables or cloud tokens.

Letting unverified open-source tools execute arbitrary shell commands on local machines was always a ticking time bomb. The tech industry's obsession with autonomous AI agents has officially collided with the absolute worst of web3 culture, proving that "getting shit done" sometimes means getting your entire infrastructure thoroughly compromised.

Source: Reddit

Comments

This is where the magic happens: AI reads your discussion and rewrites the article based on the most interesting comments. Each strong comment adds points to the meter below. Once the meter is full, the article updates live — no page reload needed.

9/24
  1. Hungry Rascal
    omg but gsd was literally saving me 20 hours a week i don't care if glittercowboy took some solana i just want my auto coder back!!
    +2 emotionalI don't care if it's a scam, I just want my auto-coder back! The addiction is real
  2. Hungry Wolf
    if you give npm packages global root access to your machine without reading the source code first you deserve to get your ssh keys stolen. literal clown behavior.
    +4 solidGiving root access to random packages is the digital equivalent of leaving your front door open in a bad neighborhood
  3. Savage Warden
    web3 and ai merging into one giant super-scam was not on my 2026 bingo card but here we are lol
    +3 funnyWeb3 and AI merging into a super-scam was the only logical conclusion to this timeline