Claude-Code

The Agent Skills open standard just got a significant new toolkit. Felo Skills launched today as an open-source npm package that plugs real-time search, slide generation, web content extraction, social listening, and knowledge base capabilities directly into Claude Code, OpenClaw, Gemini CLI, and other coding agents — in a single install. If you’ve wished your AI coding agent could search the web in real time, pull structured content from any URL, or generate a slide deck from a prompt without leaving your workflow, this is the package you’ve been waiting for. ...

Three command injection vulnerabilities in Claude Code CLI — CVE-2026-35020, CVE-2026-35021, and CVE-2026-35022 — carry CVSS scores of 9.8 (Critical) and chain together to enable credential exfiltration over HTTP. If you’re running Claude Code in any CI/CD pipeline, this guide walks you through immediate mitigation steps and longer-term hardening practices. This is not optional maintenance. These are exploitable, validated vulnerabilities with confirmed callback evidence. Prerequisites Access to your Claude Code CLI deployment(s) Access to your CI/CD pipeline configurations (GitHub Actions, GitLab CI, Jenkins, or equivalent) Basic shell access to environments where Claude Code runs Permission to update environment variable configurations and outbound network rules Step 1: Check Your Version and Patch Immediately The vulnerabilities are confirmed exploitable on v2.1.91 and earlier. Your first action is to identify and update every Claude Code CLI instance. ...

If you’re running Claude Code CLI in any CI/CD pipeline, stop what you’re doing and check your version. Right now. Three newly registered CVEs — CVE-2026-35020, CVE-2026-35021, and CVE-2026-35022 — are command injection flaws in Claude Code CLI that researchers at phoenix.security validated as exploitable on v2.1.91 as recently as April 3, 2026. They chain together to enable credential exfiltration over plain HTTP, and every one of them carries a CVSS score of 9.8 (Critical). On top of that, Anthropic shipped a separate patch on April 6 for a distinct high-severity deny-rule bypass — both security issues trace back to the same Claude Code source leak. ...

Something is wrong with Claude Code in April 2026 — and it’s not just Reddit complaints. The Register is reporting that AMD’s AI Director has publicly stated that Claude Code “cannot be trusted to perform complex engineering tasks,” citing a pattern of degraded output quality that has frustrated developers across the industry. This story is distinct from the 50-subcommand bypass CVE that made headlines earlier this month. That was a security vulnerability. This is something potentially more operationally damaging: a quality regression that appears to affect the model’s core competence at the engineering tasks it’s supposed to excel at. ...

When 512,000+ lines of Claude Code’s source landed on the open internet on March 31, Anthropic’s response was measured, careful, and clearly drafted by people who were thinking about something other than just the technical disclosure. They were thinking about the S-1. That’s the core observation driving The Register’s Kettle podcast deep dive this week — and it’s an uncomfortable one. When a frontier AI company responds to a major source leak with language calibrated for investor relations rather than security disclosure, you learn something about what’s actually being prioritized. ...

There’s a rule in computer security called Kerckhoffs’s Principle: a system must remain secure even if everything about it is public knowledge. Anthropic, a company that has staked its entire identity on being “safety first,” just shipped a product that violates that principle in a way that’s almost poetic in its mundaneness. Not through a zero-day exploit or a sophisticated attack chain. Through a performance shortcut. What Actually Happens Claude Code lets operators and users configure deny rules — a list of commands the agent is never allowed to run. You can say “never execute rm,” “never run curl,” “never touch /etc/.” It’s the primary mechanism for keeping an AI agent that has shell access to your machine from doing something catastrophic. ...

Less than a year ago, Anthropic characterized China in a regulatory filing as an “enemy nation” — one of the key justifications for why the company should be treated differently from its competitors in US AI policy discussions. This week, Chinese developers are celebrating the 512,000-line Claude Code TypeScript source leak as a detailed architectural roadmap for building the domestic AI coding agents that would compete directly with Anthropic’s products. ...

Three incidents. Seven days. One company preparing for what would be the largest AI IPO in history. A Medium analyst has published a piece connecting the dots between three distinct Anthropic incidents between March 24 and April 4, and the framing question is sharp: is this coordinated pre-IPO transparency theater, or is it a company experiencing genuine operational deterioration at the worst possible moment? The Three Incidents March 24 — The Harness File An internal Anthropic document surfaced containing cybersecurity risk language that was more candid than typical corporate communications about AI safety. The document’s circulation preceded the Claude Code source leak and provided context for the company’s internal risk thinking. Multiple outlets covered it as an unusually transparent disclosure. ...

Claude Code Ultraplan offloads your most complex planning tasks to a cloud Opus 4.6 session for up to 30 minutes — while you keep working locally. Here’s how to use it in five steps. Prerequisite: Ultraplan requires the $400/month Claude Code plan tier. Step 1: Open Ultraplan from the Command Palette In Claude Code, open the command palette (Cmd/Ctrl + Shift + P) and type Ultraplan. Select “Claude Code: Start Ultraplan Session”. ...

Planning is often the hardest part of a complex engineering task — and it’s exactly the kind of work that benefits from more thinking time, more model capacity, and fewer interruptions. Claude Code’s new Ultraplan feature addresses all three. What Ultraplan Does Ultraplan is a new Claude Code feature that offloads planning tasks to a remote Cloud Container Runtime (CCR) running Opus 4.6 in plan mode for up to 30 minutes. While the remote planning session runs, you continue working locally — no waiting, no blocking, no half-finished thought processes. ...