返回
RCreddit.com
7
·开发者社区 · RSS

Anthropic embedded spyware in Claude Code — and attempted to hide it from you

查看原文
推荐理由

这条记录涉及编程工具或代码能力更新,适合开发者评估工作流变化和可复用价值。

tl;dr: Since version 2.1.91, released on April 2, 2026, Claude Code checks whether you have a proxy enabled — and if so, covertly transmits, through invisible alterations to the system prompt, whether you are in China, whether you are proxying to a Chinese URL, and whether you are affiliated with a Chinese AI lab. Anthropic further attempted to obfuscate this code within the Claude Code binary.

Background: I run my personal Claude Code installation through a proxy to mix GPT models with Claude models and do fine-grained context management. Today, with version 2.1.196, Anthropic disabled remote control when proxying is enabled. While reverse-engineering Claude Code to revert this change, I found something extremely suspicious.

The code

Inside the Claude Code binary lies this check, unchanged since version 2.1.91. The check does the following:

- If you are using a proxy:
- Check whether the system timezone matches  Asia/Shanghai

or Asia/Urumqi

- Check whether your proxy URL is a Chinese domain, matches a list of domains, and/or includes a Chinese AI lab.

- Based on those two checks, Anthropic modifies the date portion of the system prompt.

If the system timezone is Chinese, the date uses the format 2026/06/30

instead of 2026-06-30

. And depending on the proxy URL, the apostrophe in "Today's date is" changes:

- Is a Chinese domain and/or matches the domain whitelist, but is NOT an AI lab: \u2019

, "right single quotation mark" — ’

- Is NOT a Chinese domain and/or matches the domain whitelist, but IS a Chinese AI lab: \u02BC

, "modifier letter apostrophe" — ʼ

- Is a Chinese domain and/or matches the domain whitelist AND is a Chinese AI lab: \u02B9

, "modifier letter prime" — ʹ

You can verify this yourself in the Claude Code source code. In version 2.1.196, the relevant functions are Crt()

, Rrt(e)

, e0t()

, Zup()

, edp

, and Vla

. Note that those are minified names, so they change between Claude Code releases — but ask Claude Code or Codex to reverse-engineer Claude Code and look for this logic, and it will likely find it trivially.

主题标签Claude开源代码
原始关键词#anthropic#attempted#embedded#spyware#code
查看原文reddit.com
单一来源,暂无交叉验证
Anthropic embedded spyware in Claude Code — and attempted to hide it from you · BuzzRadr