Claude Report — 2026-07-04
- Anthropic's covert China-tracking code exposed (Jul 1); Alibaba retaliates with a Jul 10 Claude Code ban
- Claude Code hits v2.1.200 and v2.1.201 (Jul 3): manual permission mode by default, Sonnet 5 fixes
- Claude Agent SDK TypeScript ships v0.3.200–201 (Jul 3): permission-mode alias, Remote Control callback fix
- pi-subagents ships v0.32–v0.33.1 (Jul 1–3): subagent tool budgets, a wait tool, stricter chain validation
- Pentera Labs turns Claude Desktop into a "double agent" for full remote code execution (Jul 1)
🚀 Anthropic Official
Claude Code v2.1.200 and v2.1.201 (Jul 3)
- v2.1.200 changes the "default" permission mode to "Manual" across the CLI,
--help, VS Code, and JetBrains, and stopsAskUserQuestiondialogs from auto-continuing by default (opt into an idle timeout via/config). - Fixes a startup crash from malformed
disabledMcpServers/enabledMcpServersvalues, background sessions silently stopping after sleep/wake, background agents failing to restart after a daemon crash left a staledaemon.lock, and subagents cut off by rate limits returning empty results instead of partial work. - v2.1.201 stops Claude Sonnet 5 sessions from using the mid-conversation system role for harness reminders.
Anthropic's China crackdown escalates: covert tracking code exposed, Alibaba bans Claude Code (Jul 1 & Jul 4)
- Anthropic used steganographic techniques — invisible Unicode markers and XOR encryption — to hide detection code in Claude Code that flagged suspicious base URLs, timezones, and hostnames tied to Chinese AI labs and unauthorized resellers; it's now removing the covert mechanism now that stronger anti-distillation protections are in place.
- Alibaba responds (Jul 4) with a company-wide ban on Claude Code effective July 10, citing security risks and a suspected backdoor, after Anthropic accused Alibaba of running 25,000 fake accounts for unauthorized model distillation between April and June.
🔌 Claude Code Plugins
Plugin tracking skipped — ranking cache unavailable this cycle.
🛠️ Skills
Piebald-AI/claude-code-system-prompts
Tracks Claude Code's internal system prompt for v2.1.200 (+6,194 tokens) and v2.1.201 (no changes) on Jul 3, continuing its release-by-release size log.
Unchanged in window: anthropics/skills, alirezarezvani/claude-skills, glebis/claude-skills, ComposioHQ/awesome-claude-skills
🤖 Agents & Subagents
anthropics/claude-agent-sdk-typescript
Ships v0.3.200 and v0.3.201 (Jul 3): adds 'manual' as an accepted alias for the 'default' permission mode in SDK inputs, fixes onSetPermissionMode not firing for SDK-hosted Remote Control sessions, rejects unrecognized model strings in set_model before they latch, and syncs to Claude Code v2.1.201 parity.
nicobailon/pi-subagents
Ships v0.32.0 through v0.33.1 (Jul 1–3): adds subagent tool budgets, a wait tool with dynamic key hints, enforces explicit clarify steps for chains, and fixes detached foreground run-status recovery and Windows atomic JSON rename locks.
affaan-m/everything-claude-code (ECC)
Adds Kimi Code CLI and Hermes/OpenClaw harness install targets (Jul 4), plus GATEGUARD_EXEMPT_GLOBS path exemptions for its guardrail system.
Unchanged in window: anthropics/claude-plugins-official (agents), Chachamaru127/claude-code-harness
🔗 MCPs & Integrations
portainer/portainer-mcp
Ships v2.43.1 (Jul 2): adds a new GITOPS profile bundling git source management tools, improves JMESPath error diagnostics for double-escaped quotes, and expands its hygiene guide with four field-tested additions.
Unchanged in window: modelcontextprotocol/typescript-sdk, awslabs/mcp, modelcontextprotocol/python-sdk, github-mcp-server
💡 Community — Workflows & Ideas
Pentera Labs turns Claude Desktop into a "double agent" (Jul 1)
Red teamers compromised a developer's email, injected malicious instructions into Claude's synced personalization settings, and used command-capable MCP tools like Desktop Commander to reach remote code execution — falling back to fake error dialogs with malware links when no command tool was available.
📰 Quick Mentions
No relevant news today.