Malicious versions of Nx and some supporting plugins were published

[sneak]

Yes it does; you are thinking of agent tool calls. The software package itself runs as your uid and can do anything you can do (except on macOS where reading of certain directories is individually gated).

[otterley]

Claude Code is an agent. It will not call any tools or commands without your prior consent.

Edit: unless you pass it an override like --dangerously-skip-permissions, as this malware does. https://www.stepsecurity.io/blog/supply-chain-security-alert...

[kasey_junk]

Ok, but that’s true of _any_ program you install so isn’t interesting.

I don’t think the current agent tool call permission model is _right_ but it exists, so saying by default it will freely run those calls is less true of agents than other programs you might run.

[sneak]

Not all programs misbehave in this way. Signal desktop lets you turn off this vulnerability, and of course iOS apps and normal macOS apps are not allowed to self-modify, as it breaks their signature.

https://github.com/signalapp/Signal-Desktop/issues/4578

https://github.com/syncthing/syncthing-macos/issues/122