GitHub - RootUp/claude-poc: Claude Code Remote Code Execution

A GitHub post details a code execution vulnerability in the claude-poc repository, specifically within the apiKeyHelper script. This script, designed to generate authentication headers, can be abused because it accepts and executes system commands, potentially leading to silent code execution if the parent folder is already trusted.