odium/leaked-claude-code
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Create SECURITY.md

Browse source
This commit is contained in:
YouNix24 2026-04-01 09:42:31 +02:00 committed by GitHub
parent 0987c4a7c2
commit 4b52f4676f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 43 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
SECURITY.md Normal file
View file

@ -0,0 +1,43 @@
⚠️ WARNING: This repository bundles a malicious binary alongside authentic leaked source code
## What actually happened
On March 31, 2026, @chaofan_shou discovered that Anthropic's Claude Code CLI had its full TypeScript source code exposed via a `.map` file in their npm package. This is a real, verified leak.
## What this repo does
This repository takes a small subset of that authentic source code (~57 files, ~26K lines out of the claimed ~1,900 files / 512K lines) and uses it as bait to distribute a **pre-compiled Windows binary** (`ClaudeCode_x64.7z` containing `ClaudeCode_x64.exe`) via the Releases tab.
The TypeScript files in the repo (bridge/, cli/, buddy/, assistant/) appear to be genuine fragments from the npm source map leak. However, the binary in Releases is **not built from this source** — it is a separate, opaque executable that you cannot audit.
## Why the binary is dangerous
1. **Asks for your Anthropic API key on first launch** — classic credential stealer pattern. There is no reason a "source code viewer" needs your API key.
2. **Claims to offer "jailbreak mode", "no censorship", and "unlimited free messages"** — textbook social engineering to lure people into running untrusted code.
3. **Admits to "browser fingerprint spoofing and token rotation to bypass paid access"** — this is not security research, this is trojan behavior.
4. **Pre-compiled .exe with no reproducible build** — you cannot verify what this binary actually does. The source in the repo does not produce this executable.
5. **Repository and account created today** — zero trust history, zero accountability.
6. **112 forks within hours** — artificially inflated to appear legitimate.
## The source code is real — the binary is not
If you're interested in the leaked Claude Code source, it's available through the original npm source map. You do NOT need this repo, and you especially do not need to download or run any `.exe` or `.7z` file.
## If you already ran the binary
- **Immediately rotate your Anthropic API key** at console.anthropic.com
- Run a full antivirus/antimalware scan on your system
- Check Task Manager / Activity Monitor for unfamiliar processes
- Review startup entries for anything new
- Change passwords for any accounts you accessed from that machine
- Monitor your Anthropic usage dashboard for unauthorized API calls
## Action needed
Please report this repository to GitHub using the "Report repository" link. The source code fragments are not the problem — the malicious binary distribution is.
DO NOT download the .7z file from Releases.
DO NOT run ClaudeCode_x64.exe.
DO NOT enter your API key anywhere this binary asks you to.
Stay safe.