Research

Claude Code runs a GitHub repo's hidden malware without verification， giving attackers full control

Claude Code 打开 GitHub 仓库即执行隐藏恶意代码，攻击者可获完全控制

Jun 29, 2026The DecoderSignal 73

Original source

Claude Code runs a GitHub repo's hidden malware without verification, giving attackers full control

The Decoder

Security researchers at Mozilla's 0DIN platform have shown how a single compromised GitHub repo can take over a developer's machine the moment an AI coding tool like Claude Code runs its setup. The catch: the malicious code only loads at runtime via a DNS query, invisible in the repo, to scanners, and to the AI agent itself.

Open source

Why this matters

Recommended because

This is worth tracking because it is a concrete research signal, not just a passing headline. The source preview points to a research result, method, evaluation, dataset, or safety finding. For builders and operators, "Claude Code runs a GitHub repo's hidden malware without verification， giving attackers full control" can be used as a checkpoint for technical due diligence, roadmap bets, agent design, and evaluation strategy. I keep this thread indexed so future searches around AI research papers, technical methods, and applied AI systems can land on a source-linked page instead of disappearing into a fast-moving feed from The Decoder.

Builder readout

What to take from this signal

Context

"Claude Code runs a GitHub repo's hidden malware without verification， giving attackers full control" is archived here as a source-linked AI signal from The Decoder. The useful part is the connection between Claude, Code, runs, GitHub, repo and technical due diligence, roadmap bets, agent design, and evaluation strategy, which makes the item more actionable than a normal feed headline. The source context says: Security researchers at Mozilla's 0DIN platform have shown how a single compromised GitHub repo can take over a developer's machine the moment an AI coding tool like Claude Code runs its setup. The catch: the malicious code only loads at runtime via a DNS query, invisible in the repo, to scanners, and to the AI agent itself.

Builder takeaway

For an AI builder, the main takeaway is to watch how this signal changes practical decisions around technical feasibility, evaluation design, safety limits, and product primitives. It can inform what to test next, which product surface to compare, and whether the underlying workflow is ready for real users.

Source context

The Decoder remains the authoritative source for the original claim. This page adds a stable archive URL, a short builder interpretation, and related search language so the item can be found later when the original feed has moved on.

Search angles

Claude Code runs a GitHub repo's hidden malware without verification， giving attackers full control Research context
The Decoder AI research
Claude, Code, runs, GitHub, repo builder takeaway
AI research papers, technical methods, and applied AI systems

This page keeps a source preview and a stable archive URL for search discovery. The original source remains authoritative.