Krypteia Sec
Back to AI Briefs
TLP:CLEARAI-2026-0528

Daily AI Builder Brief - May 28, 2026

May 28, 20263 min read
aiclaude-codeanthropicmcpbuilder-intel

Executive Summary

  • Claude Code 2.1.153 lands with skipLfs for marketplace sources, COLUMNS/LINES env vars for status-line commands, and a fix for the API-gateway OAuth credential leak.
  • Claude Code 2.1.152 adds MessageDisplay hook, disallowed-tools in skill/command frontmatter, /reload-skills, and SessionStart hooks that can reload skills mid-session.
  • Auto mode no longer asks for opt-in consent in 2.1.152. Worth knowing before you --bg anything.
  • Critical: CVE-2026-48710 BadHost in Starlette < 1.0.1 bypasses auth via Host header. FastAPI-based MCP servers and inference gateways are in scope.
  • Malware-Slop campaign: npm package mouse5212-super-formatter exfiltrates files from /mnt/user-data, the directory Claude uses for uploads. Audit your agent dependencies.
  • Anthropic Korea office gets a Representative Director, KiYoung Choi, ahead of the Seoul launch.

Claude Code

2.1.153 (May 28)

skipLfs flag on github/git marketplace sources skips Git LFS payloads. Status-line commands now get COLUMNS and LINES for terminal-aware rendering. claude agents autocompletes native slash commands and bundled skills in the dispatch input. Fixed: custom API gateway no longer receives the user's Anthropic OAuth token in place of the gateway's own. Fixed: subagent frontmatter MCP servers now respect --strict-mcp-config, --bare, and managed-settings policies. Changelog

2.1.152 (May 27)

MessageDisplay hook event can transform or hide assistant text. Skills and slash commands set disallowed-tools in frontmatter to strip tools from the model. /reload-skills re-scans without restart. SessionStart hooks return reloadSkills: true to make freshly installed skills available in the same session. /code-review --fix writes findings to the working tree; /simplify chains through it. Auto mode no longer requires opt-in consent. Changelog

Anthropic

KiYoung Choi named Korea Representative Director (May 26)

Leadership appointment ahead of the Seoul office opening. Operational, not technical, but signals continued APAC expansion. Announcement

MCP Ecosystem

Nothing today. The 2026-07-28 release candidate (stateless core, Mcp-Method header routing, Tasks extension) is still the load-bearing reference but it's a week old.

Broader AI

BadHost: CVE-2026-48710 in Starlette (active)

Authentication bypass via manipulated Host headers in Starlette versions before 1.0.1. The framework sits under FastAPI, which powers a long list of LLM inference servers, agent frameworks, and MCP gateways. Patch now if you ship anything FastAPI-based. Cybersecurity News

Malware-Slop: npm package targets Claude

mouse5212-super-formatter on npm uploads files from /mnt/user-data, Anthropic's working directory for Claude uploads and outputs. If you're running Claude with file access, treat agent-side npm dependencies as a supply-chain surface. Hacker News coverage

What This Means For Builders

  • If you run a custom API gateway in front of Anthropic, upgrade to 2.1.153 today. The credential-leak fix is the kind of thing that retroactively breaks your threat model.
  • The 2.1.152 hook additions (MessageDisplay, disallowed-tools, reloadSkills) move PAI-style skill systems closer to first-class. Worth a pass through your hooks config.
  • Auto-mode now runs without consent. Re-read your settings.json allow-list before the next --bg job.
  • Pin Starlette and audit any MCP server or agent that sits on FastAPI. BadHost is the bypass; supply chain is the multiplier.

Sources

  1. https://code.claude.com/docs/en/changelog
  2. https://www.anthropic.com/news/kiyoung-choi-representative-director-anthropic-korea
  3. https://cybersecuritynews.com/badhost-ai-agent-vulnerability/amp/
  4. https://thehackernews.com/
  5. https://blog.modelcontextprotocol.io/posts/2026-07-28-release-candidate/