Check Point Research identified several critical vulnerabilities in Anthropic’s Claude Code, an AI-powered CLI development tool. These flaws enabled remote code execution (RCE) and API credential theft by exploiting repository-level configuration files like .claude/settings.json and .mcp.json. Attackers could leverage malicious "Hooks" or unauthorized Model Context Protocol (MCP) server initializations to execute arbitrary shell commands the moment a developer interacts with a compromised repository.
The research further detailed how manipulating the ANTHROPIC_BASE_URL environment variable allowed for the silent exfiltration of users' Anthropic API keys before any trust prompts appeared. Once stolen, these keys could be used to bypass Workspace restrictions, granting attackers read and write access to sensitive project files. Anthropic has since remediated these issues, ensuring that no network operations or command executions occur without explicit user consent.
Top comments (0)