Your .claude/ Directory Is Now a Supply Chain Target

This is a follow-up to our earlier analysis of the /cli compromise. When /cli.4.0 was compromised on April 22, 2026, the initial analysis focused on the supply chain mechanics: a GitHub Actions exploit, OIDC-backed npm credentials, exfiltrated SSH keys and GitHub tokens. The follow-up forensics revealed something different. The malware specifically hunted for your AI coding tool credentials. Claude Code, Gemini CLI, Codex CLI, Kiro, Aider, OpenCode - it checked for each one. And when it found them, it stole their configuration files.