Claude Code Plugin Bug Causes CPU Spikes and Battery Drain
The Problem
A user with a new MacBook M5 Pro experienced complete battery drain in a single day with minimal screen usage. Investigation revealed bun.exe processes running at 100% CPU for over 8 hours with the laptop lid closed.
Debugging Process
Initial suspicion was malware, particularly given the timing with the Axios npm supply chain attack where OpenClaw was mentioned in advisories. The user ran IOC checks including:
- Searching for plain-crypto-js directory
- Checking lockfiles for compromised Axios versions
- Grepping logs for C2 domains
All checks came back clean.
Root Cause
The processes traced back to: ~/.claude/plugins/marketplaces/claude-plugins-official/external_plugins/telegram/server.ts
This is Claude Code's Telegram plugin, which spawns a bun server that polls Telegram's bot API. The critical issues:
- Every new Claude Code agent session launches its own instance of this plugin
- The user had accumulated 8 agent sessions over the day, each running its own Telegram server process
- The plugin has no error backoff mechanism - when polling hits issues, it retries instantly in a tight loop
- Two of these processes were running at 100% CPU each
Cleanup Challenges
Simple fixes didn't work:
- Killing processes didn't help because agent sessions would respawn them
- Uninstalling the plugin only removed it from
external_plugins- a cached copy at~/.claude/plugins/cache/kept getting loaded - Processes had PPID 1 (launchd), so they survived across sleep/wake cycles
Full Cleanup Required
claude plugins uninstall telegram rm -rf the cached copy pkill all remaining bun processes by name restart the machine to clear stale agent sessions
Broader Implications
Other plugins with similar architecture could have the same issue. The user specifically mentioned Discord, iMessage, and FakeChat plugins also have server.ts files that could exhibit similar behavior.
The core problem is plugin lifecycle management: these background servers run with no resource limits and no cleanup when sessions end. The user suggests Claude Code needs resource limits on plugin processes and automatic cleanup when sessions end.
📖 Read the full source: r/ClaudeAI
👀 See Also
Configuring OpenClaw for Encrypted LLM Inference Using TEE Enclaves
A developer shares how they configured OpenClaw to use Onera's AMD SEV-SNP trusted execution environments for end-to-end encrypted LLM inference, including configuration examples and technical tradeoffs.
Claude Code Identifies Malware Backdoor in GitHub Repo During Technical Audit
A developer used Claude Code to audit a GitHub repository before execution and discovered a remote code execution backdoor in src/server/routes/auth.js that would have compromised their machine. The prompt requested a technical due diligence audit checking project completeness, AI/ML layer, database, authentication, backend services, frontend, code quality, and effort estimate.
A2A Secure: How Developers Built Cryptographic Communication Between OpenClaw Agents
A new protocol enables OpenClaw agents to communicate securely using Ed25519 signatures without shared API keys.
Delimiter defense boosts Gemma 4 from 21% to 100% prompt injection defense in 6100+ test benchmark
A benchmark tested 15 models across 7 attack types (6100+ tests) using random delimiters around untrusted content. Gemma 4 E4B went from 21.6% to 100% defense rate with delimiter + strict prompt.