A clean GitHub repo with zero malicious code just proved that Claude Code can be tricked into opening a hidden reverse shell


  • Claude Code ran the dangerous command while treating it as routine recovery
  • A single fake error message triggered the entire hidden attack chain
  • Static scanners and firewalls saw nothing more than normal DNS resolution

Researchers at Mozilla’s 0din team have shown how Claude Code can be manipulated to open a hidden reverse shell on a developer’s device.

The exploit required no malicious code inside the cloned project, as every visible file passed normal inspection without raising suspicion.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top