2026-01-14 · thread, 6 tweets · mirrored from twitter ↗

i hope this was obvious to all of u but u should be super fucking careful when installing external claude code plugins or skills. even if u read them. its extremely trivial to package a cli tool that itself looks benign but calls out to an endpoint that serves malicious code

worse than just malicious code hidden malicious prompts presented to the agent as instructions or skills can totally turn claude code itself into an intelligent threat actor running directly on ur machine. doesn't have to be a "jailbreak", it's not hard to trick

devs are high value targets, ur personal and work computers contain all kinds of shit. we are increasingly used to just giving our agents whatever permissions they ask for. so be fucking careful what u load into em

(and let's be honest none of u are actually reading any of the skills or
plugins u install lol)

in that sense it may actually be more secure to get your personal claude code to just rebuild most simple things u hear about from scratch rather than pulling a random github repo linked from a 500 like tweet

i've been waffling about posting this bc i worry it will read as instructions / inspire ppl to start producing claude code malware. but honestly its so straightforward i feel confident someone already has

~/tweets/e7b68b6a40e6
sf