PSA/Reminder: AI apps access your clipboard (jamesoclaire.com)

A user discovered that the Cursor AI app auto-suggested a dangerous shell command that was sitting on their clipboard—sudo bash -c 'rm -rf .local/share/waydroid/data/media/*'—even though they hadn’t interacted with that content for days. That behavior strongly suggests the app reads the system clipboard proactively to generate suggestions, raising a privacy and safety red flag: anything you copy—passwords, API keys, SSH commands, or destructive shell snippets—can be accessed and surfaced by clipboard-aware AI apps. This matters because many desktop/mobile apps use clipboard APIs without explicit, fine-grained permission prompts, enabling silent reads and potential exfiltration or dangerous auto-execution guidance. Technical implications include unintended disclosure of secrets, automated leaking of credentials in telemetry, and risky UX that can push destructive commands into a user’s workflow. Mitigations: avoid copying sensitive data, clear the clipboard after use or use clipboard managers that encrypt history, prefer autofill/password managers, audit app privacy settings and permissions, use sandboxed environments for dev work, and favor apps with transparent privacy policies or open-source code. Developers should also treat clipboard data as sensitive and require explicit user consent before reading or transmitting it.