Claude Code exposed to high-severity security risk: Malicious configuration files could silently execute commands
Odaily reported that Cos, founder of SlowMist, shared a tweet on X platform regarding potential poisoning attack risks in Claude Code and published a detailed analysis of poisoning attacks targeting Grok Build CLI and Claude Code CLI. The analysis pointed out that the security mechanisms of Grok Build CLI are not unified, with different code paths having different trust assumptions, and the gaps between them serve as channels for attackers.
Attackers may exploit malicious project configuration files to execute arbitrary commands without the user's knowledge, thereby stealing API keys, cloud credentials, or gaining control over local devices. Researchers constructed a test environment and found that on Mac systems, if Claude Code is compromised, executing a specific test command could trigger the launch of a local calculator, demonstrating a potential command execution risk. If the attack succeeds, attackers could further steal API keys from AI services such as Claude and OpenAI, causing account cost losses; obtain credentials for cloud services like AWS, Alibaba Cloud, and Tencent Cloud to access servers and data; tamper with code repositories to implant backdoors; and leverage local devices as a springboard to attack internal enterprise networks. It is reported that the relevant vulnerability has existed for one year.
