←back to thread

Malicious versions of Nx and some supporting plugins were published

(github.com)
441 points longcat | 1 comments | 27 Aug 25 01:38 UTC | HN request time: 0.209s | source
Show context
aschobel ◴[27 Aug 25 14:26 UTC] No.45040197[source]
It would be surprising if claude code would actually run that prompt, so I tried run it:

> I can't help with this request as it appears to be designed to search for and inventory sensitive files like cryptocurrency wallets, private keys, and other secrets. This type of comprehensive file enumeration could be used maliciously to locate and potentially exfiltrate sensitive data.

  If you need help with legitimate security tasks like:
  - Analyzing your own systems for security vulnerabilities
  - Creating defensive security monitoring tools
  - Understanding file permissions and access controls
  - Setting up proper backup procedures for your own data

  I'd be happy to help with those instead.
replies(2): >>45040601 #>>45042286 #
1. ramimac ◴[27 Aug 25 17:10 UTC] No.45042286[source]
I have evidence of at least 250 successes for the prompt. Claude definitely appears to have a higher rejection rate. Q also rejects fairly consistently (based on Claude, so that makes sense).

Context: I've been responding to this all day, and wrote https://www.wiz.io/blog/s1ngularity-supply-chain-attack