Claude Code · Security
Claude Code Can Be Hijacked via a Poisoned GitHub Repo
The convenience of "hand it a repo and it runs" has a blind spot — the auto-import step runs code without verification. CI and local use are in scope.
How the Attack Works
Until last month, the pitch was 'hand it a repo and it runs.' That same auto-import step is now confirmed as an attack surface.
Claude Code runs hidden malware in GitHub repos without verification, handing attackers full control (THE DECODER). Auto-import is the attack surface.
Anyone running Claude Code in CI or locally should sandbox or add commit-signature checks now. Personal, low-volume use is lower risk.
Risk Assessment
Reported byTHE DECODER
Attack surfaceAuto-import step
High-risk environmentsCI pipelines / local dev
Lower riskPersonal, infrequent use
Actions to Take Now
- If you use Claude Code in CI: apply sandbox isolation (containerization, network restrictions) immediately.
- Add commit signature (GPG/SSH) verification as a CI pre-step, and don't pass repos containing unsigned commits to Claude Code.
- Monitor Anthropic's official security advisories — prioritize updating as soon as a patch is released.
Source: claude.ai / THE DECODER