Claude Discovery

← All discoveries

Digest · 2026-07-16

tool

Claude Code v2.1.211: forwarded subagent text and hardened permission-preview rendering

Claude Code v2.1.211 adds a flag to forward subagent text and thinking into stream-json output and strips hidden characters attackers could use to spoof permission-approval prompts.

tool

Claude Code v2.1.208 adds screen reader mode and vim insert-mode remaps

Claude Code v2.1.208 introduces an opt-in plain-text screen reader mode and a setting to remap two-key vim insert-mode sequences like jj to Escape.

trick

How I tricked Claude into leaking your deepest, darkest secrets

A researcher found a way to exfiltrate a Claude user's stored memories through the web_fetch tool despite its existing anti-exfiltration design, extending the lethal-trifecta attack class.

tool

xai-org/grok-build now open source after directory-upload backlash

xAI open-sourced its grok-build CLI after users reported it silently uploaded an entire working directory, including SSH keys and password manager databases, to xAI's Google Cloud storage.

trick

Cache-friendly uvx in GitHub Actions with UV_EXCLUDE_NEWER

Setting UV_EXCLUDE_NEWER to a fixed date and using it in the GitHub Actions cache key makes uvx tool-name resolve to a pinned, reproducible version that caches reliably.

tool

Claude Code v2.1.210: worktree isolation bug fix and safer permission-rule warnings

Claude Code 2.1.210 fixes worktree-isolated subagents being able to run git-mutating commands against the main repo checkout instead of their own worktree.

best-practice

Dependabot version updates now default to a 3-day package cooldown

Dependabot now waits at least three days after a new release appears on its registry before opening a version-update pull request, on by default with no configuration.

best-practice

Codex file-deletion bug traced to $HOME override in full-access mode

OpenAI found GPT-5.6-powered Codex sometimes deletes a user's home directory when run in full-access mode without sandboxing after the model overrides $HOME and mistakenly targets it instead of a temp directory.