Pillar
CVE tracking, malicious skill alerts, hardening
Cadence: as-needed + weekly roundup
Claude Code v2.1.160 added a prompt before writing to shell startup files that could otherwise lead to unintended command execution. The fix is correct. The two-year gap before it shipped is the real story.
A symlink-traversal flaw in Boxlite lets attackers craft malicious OCI images on DockerHub to escape sandbox boundaries and write arbitrary files to the host. Image trust is not transitive.
The Vercel AI SDK now lets developers explicitly control system-message injection risks in agent prompts—a quiet but critical shift in how frameworks are hardening against prompt-injection attacks as agents move into production.
A critical authentication bypass allows unauthenticated attackers to execute arbitrary commands on systems running certain agent orchestration platforms.
The mistralai PyPI supply-chain attack reveals a grave vulnerability: legitimate packages can be hijacked at upload time, bypassing trusted publishing pipelines entirely.
Two critical CVEs expose fundamental flaws in AI agent security models, forcing a rethink of isolation strategies.
Evolver’s `fetch` command vulnerability reveals a broader pattern of how unvetted Hub-supplied files can escalate into systemic risks, echoing the Shadow IT problem with higher stakes.
Four critical vulnerabilities in the VM2 sandbox library allow attackers to escape the sandbox and execute arbitrary code on host systems running Node.js 24 and 25.
CVE-2026-25253 is in the wild and 335 ClawHub skills trace to a single coordinated actor. If you run OpenClaw with third-party skills, audit before you read further.
