2.1.91 has just been released with the following change: Plugins can now ship executables under bin/ and invoke them as bare commands from the Bash tool Is anyone else concerned about the security impact of this change? So far, I’ve considered plugins just a set of packaged markdown files/prompts with limited potential for malicious behavior outside of running with bypass-permissions. But now with the ability to embed and execute binaries within plugins, the ability to sneak in malicious code has greatly increased in my eyes, considering it’s completely opaque what happens within that compiled binary. Curious to hear y’alls thoughts on this matter. submitted by /u/farono
Originally posted by u/farono on r/ClaudeCode
You must log in or # to comment.