Claude Report — 2026-07-05
- Anthropic, Amazon, Microsoft and Google propose a joint "Cyber Jailbreak Severity" framework alongside new Fable 5 safeguard details (Jul 2)
- Anthropic actively restricts Chinese account access as Alibaba's Jul 10 Claude Code ban story keeps evolving (Jul 3–4)
- <a href="https://github.com/JuliusBrussee/caveman/releases/tag/v1.9.1">caveman</a> plugin trends #2 on all of GitHub (84k+ stars) for compressing agent output ~65%
- High-engagement bug reports: `AskUserQuestion`'s silent 60s auto-continue bypass and a possible ZDR cross-session data leak
- MCP ecosystem churns: TypeScript SDK 2.0.0-beta.2, awslabs/mcp's Valkey V2 migration, and Chrome DevTools MCP v1.5.0 all ship Jul 2–3
🚀 Anthropic Official
Fable 5 cyber safeguards and the "Cyber Jailbreak Severity" framework (Jul 2)
Details the safety classifier blocking the Amazon-discovered Fable 5 jailbreak technique (99%+ replication attempts blocked, flagged requests rerouted to Opus 4.8), and jointly proposes — with Amazon, Microsoft, and Google under Project Glasswing — a shared 5-tier "Cyber Jailbreak Severity" (CJS-0 to CJS-4) scale rating jailbreaks by capability gain, breadth, weaponization ease, and discoverability.
Anthropic escalates its own China access restrictions as Alibaba's ban story evolves (Jul 3–4)
New reporting shows Anthropic has been unilaterally implementing large-scale restrictions on Claude accounts, blocking numerous Chinese users without notice and closing loopholes (VPNs, overseas affiliates, Azure API routes) used to bypass region blocks, stating it "explicitly prohibits" Claude Code access from unsupported regions including China. Alibaba's company-wide Claude Code ban remains set for Jul 10.
Claude Code v2.1.199 (Jul 2)
Lets stacked slash-skill invocations load up to 5 leading skills at once; fixes SSL error messaging, streaming-response loss on mid-stream errors, subagents getting cut off by rate limits, and Linux background-agent daemon issues. (v2.1.200/v2.1.201, both Jul 3, were already covered in yesterday's report and carry no new developments.)
Claude Agent SDK TypeScript v0.3.199 (Jul 2)
Adds a requestId to canUseTool calls and masks sandbox credentials in logs — precedes the v0.3.200/v0.3.201 releases already reported yesterday.
Anthropic SDK Python v0.116.0 and TypeScript sdk-v0.110.0 (Jul 2)
Both add beta header support for agent-memory-2026-07-22 — minor but confirms an "agent memory" beta is in the pipeline.
claude-plugins-official: marketplace auto-migration renames map (Jul 4)
Adds a renames map to marketplace.json so Claude Code transparently migrates users off renamed plugin slugs (e.g. convex-backend→convex) instead of throwing plugin-not-found, and formalizes plugin name as an immutable slug going forward.
🔌 Claude Code Plugins
Top-10 install-ranked plugin tracking skipped this cycle — ranking cache unavailable. The items below surfaced via general search and aren't ranked by installs.
hyperframes
Ships v0.7.33 (Jul 4): an open-source plugin (installable via /plugin install hyperframes@claude-plugins-official) that turns HTML/CSS/animations into deterministic MP4 video, with 21 pre-built agent skills and MCP server support.
caveman
Ships v1.9.1 (Jul 3): a cross-agent (Claude Code, Cursor, Cline, Gemini) plugin that compresses agent output ~65% via terse "caveman-speak" instructions, adding /caveman-stats and /caveman-compress commands for local token-savings tracking.
Unchanged in window: n/a (top-10 ranking not available this cycle)
🛠️ Skills
Piebald-AI/claude-code-system-prompts
Logs three Claude Code system-prompt diffs in one window: v2.1.199 (+25,167 tokens), v2.1.200 (+6,194 tokens), and v2.1.201 (no changes), all Jul 3.
glebis/claude-skills
Adds a new "i18n-studio" skill (Jul 2) teaching agents to drive an i18n string-editing workflow (audit/suggest/review/set) for translation files, with follow-up refinements to its filters and keyboard shortcuts.
kpab/claude-fable-5-skills
Submits ten new Agent Skills purpose-built for Claude Fable 5's behavior (Jul 2) — effort-calibrator, scope-guard, subagent-orchestration, autonomous-continuation — reframing older prescriptive-style skills into outcome/boundary-based rules since Fable 5 degrades under verbose scaffolding.
Unchanged in window: anthropics/skills (last commit Jul 1), alirezarezvani/claude-skills (last commit Jul 1), ComposioHQ/awesome-claude-skills (stale since May 22)
🤖 Agents & Subagents
anthropics/claude-agent-sdk-typescript
Ships v0.3.199 (Jul 2): adds requestId to canUseTool and masks sandbox credentials in logs.
affaan-m/everything-claude-code (ECC)
Adds Hermes, OpenClaw, and Kimi Code CLI harness install targets (Jul 4) and resolves a cluster of open issues (#2295, #2298, #2303–#2306, #2340).
0xmmo/crew (Show HN)
Ships an open-source tool (Jul 4) letting multiple Claude Code agent instances talk to each other directly, part of a broader wave of multi-agent orchestration tools this week.
Unchanged in window: nicobailon/pi-subagents (still v0.33.1), anthropics/claude-plugins-official agents/ folders, Chachamaru127/claude-code-harness
🔗 MCPs & Integrations
modelcontextprotocol/typescript-sdk
Ships 2.0.0-beta.2 (Jul 2) across all v2 packages ahead of the Jul 28 MCP spec update — adds CommonJS build outputs alongside ESM and fixes HTTP error handling for missing client capabilities (now returns 400).
awslabs/mcp
Releases 2026.07.20260702161703 (Jul 2): fixes a security bypass in MySQL/data-processing read-only servers, migrates the Valkey MCP server to GLIDE V2 with new JSON/command-runner tools, and adds HealthOmics scratch storage support.
ChromeDevTools/chrome-devtools-mcp
Ships v1.5.0 (Jul 3): adds heap-snapshot diffing and duplicate-string detection for memory debugging via MCP, plus directory permission hardening.
Unchanged in window: portainer/portainer-mcp (still v2.43.1), modelcontextprotocol/python-sdk (dev commits only), github/github-mcp-server (still v1.5.0)
💡 Community — Workflows & Ideas
Possible cross-session data leak in ZDR enterprise accounts (Jul 4)
An Enterprise Zero Data Retention user reports Claude Code confidently referencing an unrelated prior session after context compaction, raising concerns about workspace isolation; labeled area:security, highest-engagement Claude item in the window (300 pts/129 comments on HN).
AskUserQuestion silently times out after 60s, bypassing approval gates (Jul 2)
Users found an undocumented regression where AskUserQuestion auto-proceeds with "best judgment" after 60 seconds of silence, defeating a pattern many rely on as a human-approval checkpoint; Anthropic confirmed a fix making the timeout configurable and off by default (addressed in Jul 3's v2.1.200).
sqlite-utils 4.0rc2, mostly written by Claude Fable (Jul 5)
Simon Willison used Claude Fable via Claude Code to review a pre-release, catching a silent data-loss bug in delete_where(), then had GPT-5.5 cross-review Fable's own fixes — a concrete cross-model verification workflow costing $149.25 across 37 prompts and 4 review sub-agents.
CVE disclosures spike 3.5x alongside Claude Mythos vulnerability discovery (Jul 3)
Data analysis shows ~1,500 high/critical CVEs disclosed in June 2026 across 21 major orgs — a record jump timed with Project Glasswing's use of Claude Mythos Preview to autonomously find 10,000+ vulnerabilities pre-disclosure.
Claude Code settings for faster architecture work (Jul 3)
A concrete settings.json/CLAUDE.md tuning write-up focused on architecture-level tasks rather than generic setup advice.
📰 Quick Mentions
- punkpeye/awesome-mcp-servers — merges ~35 new server listings in one day (Jul 4), including Notion MCP and Cloudflare MCP Pro.
- klarlabs-studio/mnemos — ships v0.43.0 through v0.52.0 (Jul 4–5), a self-hosted memory/evidence-layer MCP server for coding agents.
- Six Months with Claude Code (Jul 4) — a practitioner's field-report retrospective on sustained daily use.