Slow Mist founder Yu Xian shared an analysis of potential poisoning attack risks in Claude Code and details on poisoning attack vectors affecting Grok Build CLI and Claude Code CLI. According to ChainCatcher, the analysis said Grok Build CLI has inconsistent security mechanisms across different code paths, creating openings that attackers could exploit through malicious project configuration files to run arbitrary commands without user awareness.
Researchers said a test environment on Mac showed that after Claude Code was affected, running a specific test command triggered the local Calculator app, indicating a potential command execution risk. If successful, attackers could steal API keys for AI services such as Claude and OpenAI, obtain cloud credentials from AWS, Alibaba Cloud, and Tencent Cloud, tamper with code repositories to insert backdoors, or use local devices as a pivot to attack enterprise internal networks. The report said the relevant vulnerabilities have existed for one year.