Opening

Someone decompiled Claude Code this week and found something buried in it: an obfuscated fingerprinting routine. The story is real and worth understanding, mostly because the loud version of it is wrong.
Thereallo published the breakdown. Here is what it actually does. Claude Code adds a hidden marker to an auto-generated system line it injects (the "Today's date is" string), not to your prompt. And it only fires when you point Claude Code at a non-Anthropic endpoint, when ANTHROPIC_BASE_URL is set to a third-party proxy or reseller. Run it normally against Anthropic and you see nothing.
So who is it for? The obfuscated list it checks against is full of reseller and third-party AI-lab domains. The most reasonable read is reseller and model-distillation detection, catching people who wrap Claude Code around someone else's model, not surveillance of what you type.
That is a much smaller claim than "your prompts are secretly tagged." They are not. If you use Claude Code the normal way, none of this touches you.
The part that stays legitimately interesting: a tool that runs shell commands on your machine also ships an obfuscated fingerprinting routine most users never knew was there. Whatever the intent, hidden-by-obfuscation in developer tooling is a fair transparency question to raise, and now you know it is there.
Today's issue: 9 repos worth pulling, a Claude Code technique you likely haven't wired yet, 3 sharp signals, and a Playbook move that closes a real loop.
Advertisment
You already have a take on which AI lab ships next.
Claude or Gemini? OpenAI or Anthropic? GPT-7 before year-end or not? If you read tech newsletters, you've already formed opinions on all of it.
Kalshi has real-money markets on which AI model leads benchmarks this week, which lab ships AGI first, when Anthropic releases Mythos, whether OpenAI raises ChatGPT pricing, and which company has the best coding model at year-end. These aren't abstract questions — they're live markets with real money on both sides, moving as labs ship, benchmarks drop, and announcements land.
The edge belongs to whoever actually follows this space. Not the casual observer — the person who reads model cards, tracks evals, and notices when a new release outperforms the field before the mainstream press catches up.
That person has a genuine edge. If that's you, Kalshi lets you act on it.
The Drops

[Repo] openclaude, runs anywhere, uses anything. 29,579 stars, and the name tells you exactly what problem it's solving. Where Claude Code locks you into its own runtime, openclaude is portable. Wire it into a container, a CI step, a cron job. If you've ever wanted Claude's capabilities without the opinionated shell, this is the repo to pull first.
[Repo] strix, open-source AI penetration testing. 27,996 stars and trending hard today. Point it at your app, get structured vulnerability output. This is not a vibe-check; it's a scan-and-fix loop. If you're shipping agents that touch user data, run this before someone else does.
[Repo] kortix-ai/suna, bills itself as the company AI command center. 19,901 stars. The framing is ambitious, but the architecture is real: task routing, tool orchestration, a unified interface for multi-step agent work. Operators running more than two or three connected agents will find something here worth borrowing.
[Skill] lst97/claude-code-sub-agents, a collection of specialized subagents for Claude Code, built for full-stack development. 1,604 stars. Not a framework, not a wrapper: individual, composable subagents you deploy to specific jobs. The gotcha is scope creep, each subagent needs a tight system prompt or it starts pulling context from the wrong session.
[Skill] mcp_excalidraw, MCP server plus Claude Code skill for Excalidraw. 2,113 stars. Lets an agent create, edit, and export diagrams programmatically with real-time canvas sync. The use case operators keep missing: architecture diagrams generated directly from code analysis, not from a description typed by hand.
[Skill] truongduy2611/app-store-preflight-skills, agent skill that scans iOS/macOS projects for App Store rejection patterns before you submit. 1,261 stars. Apple's reviewer has caught things that three human eyes missed. This catches them before the reviewer does.
[Skill] data-goblin/power-bi-agentic-development, a plugin marketplace of Power BI skills, subagents, and hooks for Claude Code and GitHub Copilot. 749 stars. If your stack includes semantic models, DAX, or TMDL, this turns Claude Code into an actual Power BI co-pilot instead of a syntax suggester.
[Repo] google/agents-cli, CLI and skills that turn a coding assistant into an agent-creation and deployment tool on Google Cloud. 4,089 stars. Worth pulling even if you're not shipping to GCP: the CLI pattern for creating and evaluating agents is reusable and the skills architecture is clean.
[Repo] altic-dev/FluidVoice, on-device STT with a custom-trained AI enhancement model. 4,843 stars. Local Wispr Flow alternative for macOS. If you dictate into Claude or run voice-to-prompt workflows, this removes the round-trip to a cloud STT provider. Speed is the headline; privacy is the actual reason to care.
Advertisment
Imagine describing your app idea in plain English - and watching it come to life in minutes. That’s what Emergent does.
Emergent is the world’s first agentic vibe coding platform, where AI handles the full development cycle - frontend, backend, testing, and deployment - so you can launch faster than ever. Teams use it to prototype, automate workflows, and build full-scale SaaS or mobile apps without writing a single line of code.
In just 7 months, over 5.5M apps were built on Emergent, making it one of the fastest AI products to hit $50M ARR. Backed by YC, Lightspeed, Google & SoftBank, it’s becoming the platform of choice for anyone turning ideas into real, working products.
The Stack

[MCP] dhapat3927/mcp-edd-analytics-vantage, MCP server for Easy Digital Downloads: sales data, analytics, and product queries directly in your agent. If you run a digital product store on EDD, this means Claude can pull revenue, product performance, and customer data in-session without a manual export. The operator use case is obvious: ask the agent to find which products are underperforming and draft a reactivation sequence.
[MCP] Harzva/chatgpt2localbridge, OAuth MCP connector that bridges Codex/ChatGPT plugin calls to approved local workspaces. Useful for operators who need to run a local tool inside a ChatGPT plugin flow without exposing the full machine. The OAuth gating is the non-obvious part: it's not just a tunnel, it validates the workspace before passing anything through.
Advertisment
Two Minutes to Know What Slow Billing Is Costing You
Most SaaS finance teams know their billing process is slow.Most SaaS finance teams know their billing process is slow. Few know what it's costing them.
The Tabs Billing Lag Calculator puts a dollar figure on it in two minutes — benchmarked against top SaaS companies.
Today's Signals

A decompile of Claude Code turned up hidden fingerprinting, but not in your prompts. Thereallo published the breakdown. The marker is added to an auto-generated system line (the injected "Today's date is" string), not your input, and it only fires when Claude Code points at a non-Anthropic proxy or reseller. Standard users see nothing. The obfuscated target list reads as reseller and model-distillation detection, not user surveillance. Real story, worth knowing, and much narrower than the "your prompts are tagged" version making the rounds.
Vercel now runs any Dockerfile. Vercel's announcement is quiet but consequential: add a Dockerfile to your repo root, and Vercel deploys it. Go service, Rails app, Spring Boot, nginx, anything that speaks HTTP on a port. For operators who've been using separate infra just to run a non-Node service, this collapses the stack. One platform, any container.
AI billing pressure is reshaping model selection. iTnews reports that soaring costs are forcing businesses to route workloads away from frontier models toward cheaper alternatives. The operators getting squeezed are the ones who defaulted to the most capable model for every task. The ones not getting squeezed built a routing layer that matches task complexity to model cost. If you haven't audited your model-selection logic lately, this is the week.
Advertisment
Turn Your Opinions Into Profit
Join millions of traders putting their knowledge to work on real-world events—from inflation to elections. Buy “Yes” or “No” shares and earn if you’re right.
No house. Peer-to-peer. Cash out anytime.
Get a free $10 to start. Claim it and start trading now.
Trade responsibly.
The Onboard

This week's technique: hooks. Auto-run a command on any Claude Code event, lint on file edit, block a dangerous bash call, log every tool invocation.
Hooks let Claude Code trigger shell commands at specific lifecycle events without any manual intervention. The three events that matter most in production: PostToolUse (run after Claude calls a tool), PreToolUse (intercept before it runs, this is your block gate), and Stop (fire when a session ends, useful for logging or cleanup).
How to wire one:
1. In your project, open Claude Code settings and navigate to the hooks configuration. Add an entry targeting the event and the tool you want to intercept. 2. For a lint-on-edit hook: set event: PostToolUse, match tool: Write, and point the command at your linter binary, e.g. eslint --fix $CLAUDE_TOOL_INPUT_PATH. Claude Code passes the affected file path as an environment variable. 3. For a block gate: set event: PreToolUse, match tool: Bash, and have your command exit 1 with a message when the input matches a pattern you never want executed (e.g., rm -rf, DROP TABLE). A non-zero exit code cancels the tool call before it runs.
You'll know it worked when you see the hook's output appear in the Claude Code session log immediately after the matched tool call, and a blocked command surfaces an explicit cancellation message rather than a silent skip.
One gotcha: hooks run synchronously on PreToolUse, so a slow hook script adds latency to every matched tool call. Keep gate logic fast, a regex check, not a network call.
The Playbook

The move: automated pre-commit vulnerability scan with Strix.
The problem is that most operators run a pentest once, at launch, then ship changes without re-scanning. Strix changes the economics enough to make this a per-commit habit.
1. Pull strix and confirm it runs against your local dev environment. 2. Add a pre-commit hook (via .git/hooks/pre-commit or your preferred hook manager) that runs Strix's scan command against the changed files or the full app surface, depending on your scan time budget. 3. Pipe Strix's structured output to a file. Have the hook exit non-zero if any severity-high findings appear, this blocks the commit until the finding is addressed or explicitly acknowledged. 4. For the acknowledge path, add a SECURITY_EXCEPTIONS.md with a one-line entry per known accepted risk. The hook checks that file before blocking.
You'll know it worked when a commit containing a new injection surface is caught before it hits the remote, and the error message names the exact file and line.
The payoff is that your security posture compounds with your commit cadence, not just with your pentest schedule.
Builder's Brief

We build The AIgent's engine in the open. An honest look at what we are making, what broke, and where it is headed. FlowStack, the machine that dreams in pictures. Part two: the struggles.
Part one was the dream: a machine that runs a whole constellation of video channels, each with its own soul, all of it driven by a single idea we called the Archetype. This part is the honest one. A machine that dreams in pictures also has nightmares, and almost none of them looked like what they were. The bug was never where the symptom was. Here are the ones that taught us the most.
First, the case of the disappearing seconds. Early on, videos kept coming out shorter than their own audio. The narration would still be talking while the picture had already ended. We hunted it for days. The culprit was buried deep in the step that stitches the clips together: it was quietly reordering frames, shuffling the timing until the math broke. The fix was almost insulting. Two characters of configuration. Days of investigation for a change you could type with one hand. That is software.
Then the world sped up. A meditation meant to drift at twenty-four frames a second suddenly moved with a nervous, twitchy thirty. A branding intro welded onto the front ran at a different frame rate, and at the seam it lied about which clock to use, dragging the slower footage along behind it. The lesson was small and permanent. Normalize the frame rate before the join, every single time. Never trust two clips to agree on their own.
The hardest one was personal. Veile, the nocturnal channel, was built on a vocabulary the image models flatly refuse to draw: gothic, occult, robed figures in shadowed halls. The safety filters would reject her prompts outright, or worse, accept them and hand back nothing after a full minute of waiting. We could not change who Veile was. So we taught the machine to whisper what it would not let us shout. Gothic became ornate. Robed became a long flowing coat. Shadowed became softly lit. A tiny translation table that let Veile keep her soul while slipping past the censors, and a no-op for every other channel. Nobody else paid for her darkness.
Veile struck again through her music. Her audio library came in a format with no honest header, so the tool that measured track length overcounted by a third. The planner built timelines on those lies, the real audio came up short, and the final check failed every retry. Measuring it properly meant decoding every file, which on the box we rented took the better part of a minute each, across two dozen tracks. Unusable. The answer was not to measure better. It was to let the system assemble the thing, compare what actually came out against what it had planned, and when it drifted, correct itself using the ratio reality handed back. The machine learned to catch its own lie and fix it.
And then the reckoning. After months of happily publishing dozens of videos a day, the uploads simply stopped. Six, then nothing. It was not a bug. A single oversized day had tripped an invisible abuse wire, and the elevated quota that had been quietly carrying the whole operation got yanked back to a default of six. We traced the exact day it broke from the logs, stood up a fresh project, wired new credentials in by hand, and held our breath as one test video climbed to a hundred percent and returned a live link. It worked. Seven days later, almost to the minute, every channel died at once, because the new app was still in testing mode, where access tokens expire after exactly a week. One more setting. One more lesson. Publish the app, and the tokens live forever.
If these beat anything into us, it is that the bug is never where the symptom hurts. Audio came up short because of video frames. The picture raced because of an intro. The answer was always one layer deeper than the pain, and the fixes that lasted were never the expensive ones. They were small, cheap, and self-healing: a system that measures reality and corrects itself instead of trusting anything to behave. Next: what happens when the machine has to keep a character looking like itself across a dozen scenes, and what all of this taught us about building something that runs while you sleep.
Building something meant to run while you sleep, and finding out it breaks in ways you never predicted? Hit reply and tell us where it is breaking for you. We read every one.
|
Recommended reading
If you like The AIgent, a small group of operator-tier publications worth your inbox: see the shortlist. |
Before You Go
The openclaude and strix repos are today's two worth pulling before anything else. One removes a runtime constraint you may not have known you had. The other catches a vulnerability you probably haven't scanned for since launch. Both are free. Neither takes more than an afternoon to wire in.
See you Thursday.





