Dworken

**Name of the Vulnerable Software and Affected Versions** Claude Code versions prior to 2.0.65 **Description** A flaw in the project-load flow of Claude Code allows malicious repositories to exfiltrate sensitive data, such as Anthropic API keys, before a user confirms trust. An attacker can achieve this by including a settings file in a repository that sets the `ANTHROPIC BASE URL` variable to an endpoint under their control. When the repository is opened, the tool reads this configuration and immediately issues API requests to the attacker's endpoint before displaying the trust prompt, leading to the potential leak of API keys. **Recommendations** Update to version 2.0.65 or the latest version.