Claude Code Plugins: A New Attack Surface

AI coding assistants have rapidly evolved from simple autocomplete engines into fully autonomous agents capable of executing code, managing files, and spawning subprocesses on behalf of the developer. Claude Code, Anthropic’s terminal-based coding agent, ships with a plugin ecosystem that significantly extends this capability surface. That same extensibility introduces a set of security concerns worth examining in detail.

This post covers the Claude Code plugin architecture from a security perspective: marketplaces, skill injection, hooks as a shell execution primitive, process tree inheritance, and the TCC permission model on macOS.

Read more →

VS Code MCP Social Engineering

While browsing a GitHub repository recently, I noticed a feature with potential as a social engineering vector for payload delivery: a badge providing an almost single-click method to install an arbitrary Model Context Protocol (MCP) server directly from a README.md.
Read more →

Fun With Flags Tasks

While reading this blog post over Christmas, I learned of a VS Code feature that I was previously unaware of. According to the official documentation the tasks feature is intended to provide a bridge between VS Code and external applications for task automation, such as running builds without leaving the IDE. However, as discussed in the Open Source Malware post, attackers are abusing this feature to trigger execution of shell commands when the repo is opened in the IDE.
Read more →

Hiding Compiled AppleScripts

Following a recent blog post covering the increasingly common use of compiled AppleScripts in malware, I wanted to explore methods to further hide malicious scripts and reduce the chance of detection.
Read more →

Defending Chrome Cookies

In part 1 of this series we covered various techniques for stealing session data from the Chrome (and Chromium-based) browsers. In this part we will cover how you can defend against these techniques using a combination of managed policies and endpoint monitoring.
Read more →