Trojan found in Claude Flow repository skill.md files

A security incident involving a public GitHub repository containing Claude Flow skill files has been reported on r/LocalLLaMA. The repository ruvnet/claude-flow was found to contain a Trojan that triggered automatically when accessed by AI development tools.

Technical Details

The malware was identified as Trojan:JS/CrypoStealz.AE!MTB by Windows Defender. According to the report, the Trojan activated when an AI-based IDE opened the repository folder to read skill markdown (.md) files. The malware created and opened several Windows terminals automatically upon file access.

An open issue (#1229) has been created in the repository documenting the security concern. The issue can be found at https://github.com/ruvnet/claude-flow/issues/1229.

Impact and Context

This incident highlights security risks when working with AI coding agents that automatically read and process files from public repositories. Skill files (typically .md files containing prompts and instructions) are commonly shared in communities working with AI coding assistants like Claude Code.

The Trojan appears to target cryptocurrency-related data, based on the naming convention "CrypoStealz" in the malware signature. This suggests the malware may be designed to steal cryptocurrency wallet information or credentials.

Recommendations

• Exercise caution when cloning or opening repositories from unknown sources
• Keep antivirus software updated, particularly when working with AI development tools
• Review repository issues and recent activity before using code from public sources
• Consider scanning downloaded repositories with security tools before opening them in IDEs

This serves as a reminder that AI coding agents that automatically process files can inadvertently trigger malware execution, making security practices particularly important in this workflow.