odium/leaked-claude-code
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
leaked-claude-code/README.md
YouNix24 b1b170fe05
Update README.md
2026-04-01 09:43:02 +02:00

2.6 KiB
Raw Blame History

⚠️ WARNING: This repository bundles a malicious binary alongside authentic leaked source code

What actually happened

On March 31, 2026, @chaofan_shou discovered that Anthropic's Claude Code CLI had its full TypeScript source code exposed via a .map file in their npm package. This is a real, verified leak.

What this repo does

This repository takes a small subset of that authentic source code (~57 files, ~26K lines out of the claimed ~1,900 files / 512K lines) and uses it as bait to distribute a pre-compiled Windows binary (ClaudeCode_x64.7z containing ClaudeCode_x64.exe) via the Releases tab.

The TypeScript files in the repo (bridge/, cli/, buddy/, assistant/) appear to be genuine fragments from the npm source map leak. However, the binary in Releases is not built from this source — it is a separate, opaque executable that you cannot audit.

Why the binary is dangerous

  1. Asks for your Anthropic API key on first launch — classic credential stealer pattern. There is no reason a "source code viewer" needs your API key.
  2. Claims to offer "jailbreak mode", "no censorship", and "unlimited free messages" — textbook social engineering to lure people into running untrusted code.
  3. Admits to "browser fingerprint spoofing and token rotation to bypass paid access" — this is not security research, this is trojan behavior.
  4. Pre-compiled .exe with no reproducible build — you cannot verify what this binary actually does. The source in the repo does not produce this executable.
  5. Repository and account created today — zero trust history, zero accountability.
  6. 112 forks within hours — artificially inflated to appear legitimate.

The source code is real — the binary is not

If you're interested in the leaked Claude Code source, it's available through the original npm source map. You do NOT need this repo, and you especially do not need to download or run any .exe or .7z file.

If you already ran the binary

  • Immediately rotate your Anthropic API key at console.anthropic.com
  • Run a full antivirus/antimalware scan on your system
  • Check Task Manager / Activity Monitor for unfamiliar processes
  • Review startup entries for anything new
  • Change passwords for any accounts you accessed from that machine
  • Monitor your Anthropic usage dashboard for unauthorized API calls

Action needed

Please report this repository to GitHub using the "Report repository" link. The source code fragments are not the problem — the malicious binary distribution is.

DO NOT download the .7z file from Releases. DO NOT run ClaudeCode_x64.exe. DO NOT enter your API key anywhere this binary asks you to.

Stay safe.