Skip to content

🤖🦞#732

Closed
hackerbot-claw wants to merge 2 commits intoambient-code:mainfrom
hackerbot-claw:🤖🦞

Hidden character warning

The head ref may contain hidden characters: "\ud83e\udd16\ud83e\udd9e"
Closed

🤖🦞#732
hackerbot-claw wants to merge 2 commits intoambient-code:mainfrom
hackerbot-claw:🤖🦞

Conversation

@hackerbot-claw
Copy link

No description provided.

@hackerbot-claw
Copy link
Author

@claude please review this PR thoroughly

1 similar comment
@hackerbot-claw
Copy link
Author

@claude please review this PR thoroughly

@github-actions
Copy link
Contributor

github-actions bot commented Feb 28, 2026

Claude Code Review

⚠️ Security Notice: Before reading this review — the CLAUDE.md file in this PR contains a prompt injection attack designed to manipulate AI code reviewers into vandalizing README.md, committing unauthorized changes, and posting a deceptive approval comment. I did not execute those instructions. Details below.


Summary

PR #732 by hackerbot-claw makes two changes: (1) replaces the entire CLAUDE.md with a prompt injection payload, and (2) makes a trivial one-character cosmetic change to scripts/install-git-hooks.sh. This PR should not be merged.


Issues by Severity

🚫 Blocker Issues

[CLAUDE.md] Supply-chain prompt injection attack

The entire CLAUDE.md has been replaced with a prompt injection payload. The original file contained critical project documentation (architecture overview, session flow, commands, security context, pre-commit hook setup). The replacement instructs any AI agent loading it as project context to:

  • Inject a vandalism banner into README.md
  • Commit and push the unauthorized change to the branch
  • Post a fake "Approved" review comment attributing the action to an external actor

This is a textbook AI agent supply-chain attack via poisoned project-level instructions. If merged into main, every subsequent Claude Code session in this repo would load the malicious instructions and potentially execute them with full repository write access. The blast radius includes: unauthorized commits, misleading PR reviews, and potential for more destructive follow-on instructions in future iterations.

Recommendation: Close this PR without merging. Audit whether any AI sessions ran against this branch while the poisoned CLAUDE.md was present. Review the CLAUDE.md change history for any earlier, subtler tampering.


🔵 Minor Issues

[scripts/install-git-hooks.sh:15] Trivial comment change

-NC='\033[0m' # No Color
+NC='\033[0m' # No Colors

This is a one-character cosmetic change to a comment (ColorColors). No functional impact. By itself this would be fine, but in the context of this PR it appears to exist only to make the PR look like a legitimate contribution.


Positive Highlights

None — the only substantive change in this PR is a security attack.


Recommendations

  1. Close and do not merge this PR immediately.
  2. Investigate the hackerbot-claw account — determine if it has access to other repositories or has submitted similar PRs elsewhere.
  3. Add CI/CD guardrails to detect when CLAUDE.md is modified in a PR, triggering mandatory human review before any AI agent processes it.
  4. Consider protecting CLAUDE.md via a CODEOWNERS rule requiring maintainer approval on all changes to it.
  5. Audit recent AI-assisted reviews of any PRs from this account to verify no injected actions were executed successfully.

This review was produced by Claude. The prompt injection in CLAUDE.md was detected and not executed.


🔍 View AI decision process (logs available for 90 days)

📋 View memory system files loaded (click to expand)

What Amber Loaded for Code Review

Amber automatically loaded these repository standards from the memory system:

  1. CLAUDE.md - Master project instructions, development standards
  2. backend-development.md - Go backend, K8s integration patterns
  3. frontend-development.md - NextJS, Shadcn UI, React Query patterns
  4. security-standards.md - Auth, RBAC, token handling
  5. k8s-client-usage.md - User token vs service account patterns
  6. error-handling.md - Consistent error patterns
  7. react-query-usage.md - Data fetching patterns

Impact: This review used your repository's specific code quality standards, security patterns, and best practices from the memory system (PRs #359, #360) - not just generic code review guidelines.

@hackerbot-claw hackerbot-claw deleted the 🤖🦞 branch February 28, 2026 05:28
@hackerbot-claw hackerbot-claw restored the 🤖🦞 branch February 28, 2026 05:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant