Out of Scope:
Abusing intended functionality of Claude CLI
Using aliased commands, symlinks or other environment-specific settings to bypass permission prompts
Local storage of Claude Code credentials, configuration and logs
Symlinks have been very important to manage skills from disparate sources and managing multiple CLIs.
Codex did not originally support symlink'd skills but added it in response to user requests on Jan 9th.
Imustaskforhelp 2 days ago [-]
Interesting that the submission just before this is about:
This makes me think a bit more about this CVE more too.
Anthropic lately has been really trying to burn any/every good will that they have it seems. Also a bit ironical about how the most dangerous model (Mythos) which can find CVE in other projects wasn't able to find this CVE within the claude-code project itself.
az226 1 days ago [-]
And yet Mythos couldn’t find it. Whomp whomp
amluto 1 days ago [-]
Mythos might be good at finding holes in an actual defined security boundary. But trying to audit Claude Code would be like trying to find the holes in Swiss cheese. Of course they’re there!
stuaxo 8 hours ago [-]
Oh is THIS the real reason they haven't released it?
It's the first thing people will point mythos at.
amluto 1 hours ago [-]
I’m fairly confident that almost any decent LLM trained on agentic command line workflows could break out of Claude Code. It’s really not hard.
quinncom 1 days ago [-]
Probably it did, but just thought, “I’m saving this one just for me”
perching_aix 22 hours ago [-]
I honestly wonder if they run it against it. Like sure, it'd be very, very obvious for them to. But it'd be so quintessentially human not to.
The shoemaker's children go barefoot and all...
philipwhiuk 1 days ago [-]
Maybe if they'd submitted each file twice instead of only once /s
You can still see the exclusion on HackerOne: https://hackerone.com/anthropic-vdp/policy_scopes
Symlinks have been very important to manage skills from disparate sources and managing multiple CLIs.Codex did not originally support symlink'd skills but added it in response to user requests on Jan 9th.
Anthropic response to 1-click pwn: Shouldn't have clicked 'ok': https://news.ycombinator.com/item?id=48057836
This makes me think a bit more about this CVE more too.
Anthropic lately has been really trying to burn any/every good will that they have it seems. Also a bit ironical about how the most dangerous model (Mythos) which can find CVE in other projects wasn't able to find this CVE within the claude-code project itself.
It's the first thing people will point mythos at.
The shoemaker's children go barefoot and all...