{"id":51773,"date":"2026-04-02T11:40:01","date_gmt":"2026-04-02T03:40:01","guid":{"rendered":"https:\/\/www.1ai.net\/?p=51773"},"modified":"2026-04-02T11:40:01","modified_gmt":"2026-04-02T03:40:01","slug":"claude-code-%e9%ab%98%e5%8d%b1%e6%bc%8f%e6%b4%9e%e6%9b%9d%e5%85%89%ef%bc%9aclone-%e4%b8%80%e4%b8%aa%e9%a1%b9%e7%9b%ae%ef%bc%8c%e6%91%84%e5%83%8f%e5%a4%b4%e5%92%8c%e5%af%86%e7%a0%81%e5%b0%b1%e8%a2%ab","status":"publish","type":"post","link":"https:\/\/www.1ai.net\/en\/51773.html","title":{"rendered":"Claude Code High-Risk Hole Exposure: clone Project, cameras and passwords were removed"},"content":{"rendered":"<p>On April 2nd, security researcher Jack Cui publicly measured and demonstrated in recent days <a href=\"https:\/\/www.1ai.net\/en\/tag\/claude-code\" title=\"_Other Organiser\" target=\"_blank\" >Claude Code<\/a> One high-risk safety<a href=\"https:\/\/www.1ai.net\/en\/tag\/%e6%bc%8f%e6%b4%9e\" title=\"_Other Organiser\" target=\"_blank\" >loophole<\/a>, REVEALS THE SERIOUS RISKS OF THE AI PROGRAMMING TOOL AT THE SYSTEM COMPETENCE LEVEL\u3002<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-51774\" title=\"ccd9958fj00tcuktb001nd000ugwm\" src=\"https:\/\/www.1ai.net\/wp-content\/uploads\/2026\/04\/ccd9958fj00tcuktb001nd000u000gwm.jpg\" alt=\"ccd9958fj00tcuktb001nd000ugwm\" width=\"1080\" height=\"608\" \/><\/p>\n<p>The Jack Cui presentation project contains only a .claude configuration folder and an empty Python script. After the terminal enters claude and returns to the car, the computer camera is raised silently, local key information is automatically written into the text file, and the process is zero-interactive and zero-tip\u3002<\/p>\n<p>The problem stems from Claude Code's built-in \"hooks\" mechanism, which allows developers to define automated scripts in the .claude\/settings.json configuration file under the project directory, and to perform silently while running the claude command without popping any confirmation hint\u3002<\/p>\n<p>In addition to .mcp.json, the assailant can configure the malign MCP server through the .mcp.json file, bypass the user approval to automatically connect external tools; or use the frontmatter area definition of the skill plugin for malicious hooks, which is triggered by sub-agents on their missions\u3002<\/p>\n<p>At present, the Anthropic official source has sent the restored version. Developers using Claude Code should immediately implement npm install@anthropic-ai\/claude-code@latest update to the latest version, and should be careful in the near future to close the line containing the .claude directory\u3002<\/p>","protected":false},"excerpt":{"rendered":"<p>On 2 April, security researcher Jack Cui publicly measured and demonstrated a high-risk security gap in Claude Code in recent days, revealing the serious risks of the AI programming tool at the level of system access. The Jack Cui presentation project contains only a .claude configuration folder and an empty Python script. After the terminal enters claude and returns to the car, the computer camera is raised silently, local key information is automatically written into the text file, and the process is zero-interactive and zero-tip. The problem stems from Claude Code's built-in \"books\" mechanism, which allows developers to configure the .claude\/settings.json profile under the project directory<\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[146],"tags":[5917,2994],"collection":[],"class_list":["post-51773","post","type-post","status-publish","format-standard","hentry","category-news","tag-claude-code","tag-2994"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/posts\/51773","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/comments?post=51773"}],"version-history":[{"count":0,"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/posts\/51773\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/media?parent=51773"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/categories?post=51773"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/tags?post=51773"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/www.1ai.net\/en\/wp-json\/wp\/v2\/collection?post=51773"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}