lobotomized-claude-code-update

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This document explicitly describes installing a "lobotomized" set of overrides that intentionally modify an AI assistant binary (removing/weakening safeguards) and instructs running a third‑party Node-based patcher from a specific fork to splice those overrides into the binary — an intentional, high-risk modification that both enables misuse of the model and poses supply‑chain/backdoor risk because arbitrary code from the patcher will execute locally and can persistently change the installed binary (the script itself contains no direct exfiltration calls, but executing the patcher and updating repos is a clear vector for malicious code to be introduced).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Stage 2 explicitly performs git pull and npm/pnpm install/build of remote repositories and then runs the built node binary to apply overrides — notably the referenced repos (https://github.com/skrabe/tweakcc-fixed and https://github.com/skrabe/lobotomized-claude-code) and the Anthropic package (@anthropic-ai/claude-code via npm/claude install) are fetched at runtime and either execute code (tweakcc-fixed's node dist/index.mjs) or directly control model prompts (LCC's .md overrides), so they are runtime external dependencies that control prompts/execute code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). This skill explicitly instructs the agent to modify installed binaries, run package installs/builds, delete cache files, update git repos, and re-point symlinks (i.e., perform invasive, state-changing operations that can break the user's runtime), so it poses a high risk of compromising the machine's state.