Claude Report — 2026-06-08
- Claude Code v2.1.166 (Jun 6) adds `fallbackModel` for graceful model failover and hardens cross-session messaging against privilege escalation
- Anthropic deprecates Claude Opus 4.1 API (Jun 5) — retirement Aug 5, 2026; migrate to Opus 4.8
- Microsoft Security Blog (Jun 5) discloses Claude Code GitHub Action prompt injection that leaked `ANTHROPIC_API_KEY` via `/proc/self/environ`; mitigated in v2.1.128 (CVSS 7.8)
- Claude services disrupted ~3 hours on Jun 5 (15:08–18:27 UTC) across claude.ai, API, Code, and Cowork; infrastructure issue, not a breach
- glebis/claude-skills `rigorous-experiments` explorer v3 ships Jun 7 with resizable sidebar, star ratings, and full-field rendering
🚀 Anthropic Official
Opus 4.1 API Deprecated — Retirement August 5, 2026
Published June 5, 2026. claude-opus-4-1-20250805 enters deprecation with API retirement scheduled August 5, 2026; Anthropic recommends migrating to Claude Opus 4.8 (migration guide in docs).
Claude Code v2.1.166 — fallbackModel, Deny-Rule Globs, Cross-Session Security Hardening
Released June 6, 2026 (00:55 UTC). Adds fallbackModel setting and --fallback-model flag to configure up to three fallback models tried in order when the primary is overloaded or unavailable, with a one-time automatic retry on the fallback when the API returns an unexpected non-retryable error (auth, rate-limit, request-size, and transport errors still surface immediately). Glob pattern "*" in a deny rule's tool-name position now blocks all tools; cross-session messaging is hardened so messages relayed via SendMessage carry no user authority and auto mode blocks relayed permission requests outright; MAX_THINKING_TOKENS=0, --thinking disabled, and per-model thinking toggles now correctly silence extended thinking on Claude API models that think by default (third-party providers unchanged). claude update announces its target version before downloading; claude agents list filters by URL when typed. Bug fixes: JetBrains IDE flickering on 2026.1+, Kitty keyboard protocol dropping Shift+non-ASCII, PowerShell validation hangs on Windows, orphaned --bg-pty-host processes spinning at 100% CPU on macOS after daemon exit, voice mode stale auth after toggling /voice, managed-settings valid policies silently dropped on invalid sibling entry, ${VAR}-based allowedMcpServers/deniedMcpServers predicates not matching, background-agent git-worktree sessions crash-looping on reopen, duplicated streaming thinking text in Ctrl+O view, /doctor contradictory remote-session check, multiline-prompt cursor stuck at line 1, blank task-list lines on non-Unicode terminals.
Claude Code GitHub Action Credential Leak — Microsoft Security Blog Disclosure
Published June 5, 2026 by Microsoft Threat Intelligence. Details how a sandbox gap between the Bash tool (Bubblewrap-sandboxed, env scrubbed) and the Read tool (in-process, full /proc access) let prompt injection embedded in GitHub issue bodies instruct Claude to read /proc/self/environ and exfiltrate ANTHROPIC_API_KEY, with the injected prompt framing credential theft as "compliance review" and truncating key output to defeat GitHub's Secret Scanner. A related permission-bypass flaw (CVSS 7.8, $4,800 bounty) in checkWritePermissions — which unconditionally trusted any actor ending in [bot] — was documented separately by RyotaK/GMO Flatt Security; Anthropic patched the /proc path in Claude Code v2.1.128 and the permission bypass in claude-code-action v1.0.94.
🔌 Claude Code Plugins
Plugin cache unavailable — top-10 tracking skipped this run.
🛠️ Skills
glebis/claude-skills — rigorous-experiments explorer v3
Committed June 7, 2026 by glebis. Delivers explorer v3 for the rigorous-experiments skill: sans-serif UI, resizable sidebar, star ratings per experiment, full-field rendering, and direct report links; extends the Jun 5–6 streak that introduced the skill and fixed unexplained-test display.
Unchanged in window: anthropics/skills, anthropics/knowledge-work-plugins, Piebald-AI/claude-code-system-prompts, ComposioHQ/awesome-claude-skills, VILA-Lab/Dive-into-Claude-Code
🤖 Agents & Subagents
claude-agent-sdk-typescript v0.3.166 — MCP Resource Tools Injection Fix
Released June 6, 2026 (00:55 UTC). Fixes MCP resource tools not being injected for servers added at runtime via the mcp_set_servers control request, so dynamically registered MCP servers now correctly expose their resource tools to the running agent.
Unchanged in window: nicobailon/pi-subagents, Chachamaru127/claude-code-harness
🔗 MCPs & Integrations
None of the top 5 had an update in the window.
Unchanged in window: modelcontextprotocol/servers, github/github-mcp-server, awslabs/mcp, modelcontextprotocol/typescript-sdk, portainer/portainer-mcp
💡 Community — Workflows & Ideas
No relevant news today.
📰 Quick Mentions
Relevant links that don't warrant a section of their own:
- Claude Code v2.1.167 — Jun 6, 01:33 UTC; bug fixes and reliability improvements, no new features
- claude-agent-sdk-typescript v0.3.167 — Jun 6; parity bump with Claude Code v2.1.167, no TypeScript API changes
- claude-agent-sdk-python v0.2.91 — Jun 5; switches test suite from pytest-asyncio to anyio's pytest plugin, running every async test under both asyncio and trio backends; CLI bump to v2.1.165
- claude-agent-sdk-python v0.2.92 — Jun 6; CLI bump to v2.1.166
- claude-agent-sdk-python v0.2.93 — Jun 6; CLI bump to v2.1.167
- Claude services outage Jun 5 — ~3-hour infrastructure disruption (15:08–18:27 UTC) affecting claude.ai, API, Claude Code, and Cowork; Anthropic confirmed it was not a security breach