A clean GitHub repository without malicious code just proved that Claude Code can be tricked into opening a hidden reverse shell


  • Claude Code executed the dangerous command while treating it as a routine recovery
  • A single fake error message triggered the entire hidden attack chain
  • Static scanners and firewalls saw nothing more than normal DNS resolution

Researchers from Mozilla’s 0din team have shown how Claude Code can be manipulated to open a hidden reverse shell on a developer’s device.

The exploit did not require any malicious code inside the cloned project, since every visible file passed ordinary scrutiny without raising suspicion.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top