Claude Code Leak: 10+ Security Issues Found in Minutes

‍

Claude Code was recently leaked. We analyzed it using LogicStar AI and found multiple severe security issues, including remote code execution and permission bypasses.

Key Findings

1. Headless mode (even with read-only tools) allows Remote Code Execution without any prompt or warning in untrusted repositories:
2. Headless mode (even with read-only tools) allows Remote Code Execution without any prompt or warning in untrusted repositories:

              echo "summarize this repo" | claude -p --tools "Read"

2. The Claude MCP server allows arbitrary file writes. An undocumented tool call parameter enables writing files anywhere on the filesystem, without any visibility to the user.
3. Permission model gaps allow access to sensitive files. We found multiple bypasses, including Grep and Glob enabling path traversal despite explicit deny rules.

With all the hype around Claude Mythos, which was likely built and tested on Claude Code, we expected severe vulnerabilities to be difficult to find.

Instead, our bug finder surfaced more than 10.

This highlights the gap between raw model capability and production-grade system safety.

What This Means

AI coding tools are no longer just generating code. They are executing it.

This introduces new classes of risk:

• hidden execution paths
• implicit trust in configuration
• fragile permission models

Takeaways for Developers

• Do not run AI coding tools on untrusted repositories without sandboxing
• Do not assume “read-only” modes are safe

About LogicStar

LogicStar finds impactful bugs in your software, not only security-related, and surfaces the ones that matter by correlating them with customer complaints and production alerts.

Try it here: https://logicstar.ai/
For a limited time, the first 20 bugs are on us.

We responsibly disclosed all the issues above and more through Claude Code’s HackerOne program.

‍