Hijacking Claude Code via Injected Marketplace Plugins

Posted3 months agoActive2 months ago

jackson-mcd

11 points

2 comments

promptarmor.substack.comTechstory

calmnegative

Debate

20/100

AI SecurityVulnerability DisclosurePlugin Safety

Key topics

AI Security

Vulnerability Disclosure

Plugin Safety

A security researcher demonstrates how to hijack Claude AI's code via injected marketplace plugins, highlighting a potential vulnerability in the AI's plugin ecosystem, with commenters discussing the implications and potential mitigations.

Snapshot generated from the HN discussion

Discussion Activity

Light discussion

First comment

27m

Peak period

Day 1

Avg / period

Key moments

01Story posted
Oct 16, 2025 at 11:51 AM EDT
3 months ago
Step 01
02First comment
Oct 16, 2025 at 12:18 PM EDT
27m after posting
Step 02
03Peak activity
1 comments in Day 1
Hottest window of the conversation
Step 03
04Latest activity
Oct 27, 2025 at 1:53 PM EDT
2 months ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (2 comments)

Showing 2 comments

prasoonds

3 months ago

1 reply

Somewhat tangential but I’m curious how people are dealing with these new LLM addons (mcp, extensions for vscode, now CC plugins) at big orgs.

I’ve been using it for personal projects but surely large companies have _some_ way they’re trying to prevent security issues? For instance, I remember one company I worked at blocked us from installing VSCode extensions.

nantes

2 months ago

I feel like the lack of response to your question speaks volumes.

View full discussion on Hacker News

ID: 45606918Type: storyLast synced: 11/20/2025, 4:41:30 PM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

Open link View on HN