| ▲ | mdrzn 6 days ago |
| the truly chilling part is using a local llm to find secrets. it's a new form of living off the land, where the malicious logic is in the prompt, not the code. this sidesteps most static analysis. the entry point is the same old post-install problem we've never fixed, but the payload is next-gen. how do you even defend against malicious prompts? |
|
| ▲ | christophilus 5 days ago | parent [-] |
| Run Claude Code in a locked down container or VM that has no access to sensitive data, and review all of the code it commits? |
| |
| ▲ | spacebanana7 5 days ago | parent | next [-] | | Conceivably couldn’t a post install script be used for the malicious dependency to install its own instance of Claude code (or similar tool)? In which case you couldn’t really separate your dev environment from a hostile LLM. | | |
| ▲ | christophilus 5 days ago | parent | next [-] | | I run npm in the container, too, along with my dev tooling. They’d have to break out of the container, which I’m sure is possible, but is a good bit harder than just running an arbitrary nom script. | |
| ▲ | anon7000 5 days ago | parent | prev [-] | | Yes, though the attackers would have to pay for an account. In this case, it’s using a pre-installed, pre-authorized tool, using your own credits to hack you |
| |
| ▲ | myaccountonhn 5 days ago | parent | prev [-] | | As a separate locked-down user would probably also work. |
|
