Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration

"The vulnerabilities exploit various configuration mechanisms, including Hooks, Model Context Protocol (MCP) servers, and environment variables - executing arbitrary shell commands and exfiltrating Anthropic API keys when users clone and open untrusted repositories," Check Point Research said in a report shared with The Hacker News.