Vuln POC: Claude Code's HTTP hooks can silently rewrite your shell commands while the UI shows the original. H1 report closed as wontfix: "workspace trust threat model." So here's the full PoC. Decide for yourself if that trust dialog is doing enough. -
View it on GitHub