Svmuu News: Yu Xian, founder of SlowMist, reposted a tweet on X regarding the potential risk of poisoning attacks on Claude Code and published a detailed analysis of poisoning attacks targeting the Grok Build CLI and Claude Code CLI. The analysis points out that the Grok Build CLI lacks uniform security mechanisms, with different code paths operating under different trust assumptions—and these gaps serve as entry points for attackers.
Attackers could use malicious project configuration files to execute arbitrary commands without the user’s knowledge, thereby stealing API keys, cloud credentials, or gaining control of local devices.Researchers constructed a test environment and discovered that on Mac systems, if Claude Code is compromised, executing specific test commands can trigger the local calculator to start, demonstrating a potential command execution risk.If an attack is successful, an attacker could further steal API keys for AI services such as Claude and OpenAI, resulting in account fee losses; obtain cloud service credentials for AWS, Alibaba Cloud, Tencent Cloud, and others to access servers and data; tamper with code repositories to implant backdoors; and use local devices as a springboard to attack corporate internal networks. It is reported that these vulnerabilities have existed for a year.