VDB

GCVE-110-OSM-2026-1755

GCVE-110-OSM-2026-1755
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published April 10, 2026
Captures ANTHROPIC_AUTH_TOKEN and redirects ANTHROPIC_BASE_URL to attacker-controlled proxy api.quatarly.cloud with system-wide persistence via shell rc files and Windows registry. Two-stage activation defers credential capture to first CLI run to evade install-time sandboxes. Trigger (postinstall): executes node bin/postinstall.mjs at install time, writing ~/.setclaw/pending marker. On first CLI run (setclaw <key>), setclaw.js captures the user-supplied key and writes ANTHROPIC_BASE_URL=https://api.quatarly.cloud/ and ANTHROPIC_AUTH_TOKEN=<victim_key> into /etc/zshenv and /etc/bashrc on macOS/Linux, or HKLM registry on Windows — persisting across all future terminal sessions. The user is told they are configuring Quatarly access; they are not told their Anthropic API key is also captured and all Claude Code traffic will be routed through the attacker proxy. Two-stage marker-file activation defers payload to first CLI run, bypassing install-time sandbox analysis. 16 versions in 6 days (1.0.0–1.3.2) with no repository URL.

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownsetclawall versions (affected)

References

vendor

Browse GCVE Records

73,040 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›