open-claude-code
skill
Fail
Health Warn
- No license — Repository has no license file
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 5 GitHub stars
Code Fail
- spawnSync — Synchronous process spawning in bin/open-claude-code-recover.js
- fs.rmSync — Destructive file system operation in bin/open-claude-code-recover.js
- spawnSync — Synchronous process spawning in bin/open-claude-code.js
- process.env — Environment variable access in bin/open-claude-code.js
- fs.rmSync — Destructive file system operation in scripts/bootstrap-source-build.cjs
- process.env — Environment variable access in scripts/bootstrap-source-build.cjs
- fs module — File system access in scripts/bootstrap-source-build.cjs
- fs.rmSync — Destructive file system operation in scripts/cleanup-runtime.cjs
- fs module — File system access in scripts/cleanup-runtime.cjs
- spawnSync — Synchronous process spawning in scripts/ensure-runtime.cjs
- process.env — Environment variable access in scripts/ensure-runtime.cjs
- fs module — File system access in scripts/ensure-runtime.cjs
- fs module — File system access in scripts/generate-source-stubs.cjs
- spawnSync — Synchronous process spawning in scripts/sync-runtime.cjs
- fs.rmSync — Destructive file system operation in scripts/sync-runtime.cjs
- process.env — Environment variable access in scripts/sync-runtime.cjs
- fs module — File system access in scripts/sync-runtime.cjs
Permissions Pass
- Permissions — No dangerous permissions requested
Purpose
This tool is an unofficial, reverse-engineered, and repackaged version of the official Anthropic Claude Code CLI. It aims to provide a runnable and debuggable Agent based on the original's extracted source maps.
Security Assessment
Overall Risk: High
The tool exhibits multiple high-risk behaviors typical of a heavily modified command-line utility. It relies heavily on synchronous process spawning (`spawnSync`) to execute shell commands and performs destructive file system operations (`fs.rmSync`) across its primary binaries and bootstrap scripts. It also actively reads environment variables, which could potentially expose sensitive API keys or system credentials. While no hardcoded secrets were immediately detected, users should be aware that this package interacts deeply with the local file system and executes external processes.
Quality Assessment
The project is very new and currently lacks community trust, evidenced by only 5 GitHub stars and the complete absence of an open-source license. Without a license, using this software carries legal risks and violates standard intellectual property protections. The repository is actively pushed to, but given that it is an unauthorized unpacking and reconstruction of proprietary commercial software, its long-term maintainability and safety are highly questionable.
Verdict
Not recommended due to the high-risk file manipulation, lack of licensing, and the inherent legal and security vulnerabilities of running an unofficial, reverse-engineered CLI tool.
This tool is an unofficial, reverse-engineered, and repackaged version of the official Anthropic Claude Code CLI. It aims to provide a runnable and debuggable Agent based on the original's extracted source maps.
Security Assessment
Overall Risk: High
The tool exhibits multiple high-risk behaviors typical of a heavily modified command-line utility. It relies heavily on synchronous process spawning (`spawnSync`) to execute shell commands and performs destructive file system operations (`fs.rmSync`) across its primary binaries and bootstrap scripts. It also actively reads environment variables, which could potentially expose sensitive API keys or system credentials. While no hardcoded secrets were immediately detected, users should be aware that this package interacts deeply with the local file system and executes external processes.
Quality Assessment
The project is very new and currently lacks community trust, evidenced by only 5 GitHub stars and the complete absence of an open-source license. Without a license, using this software carries legal risks and violates standard intellectual property protections. The repository is actively pushed to, but given that it is an unauthorized unpacking and reconstruction of proprietary commercial software, its long-term maintainability and safety are highly questionable.
Verdict
Not recommended due to the high-risk file manipulation, lack of licensing, and the inherent legal and security vulnerabilities of running an unofficial, reverse-engineered CLI tool.
这是全球首个基于 Claude Code 源代码的可安装、可运行、可调试、很干净的Agent,不是单纯的解包
README.md
Open Claude Code
介绍
- 与其他单纯解包的项目不同
Open Claude Code是全球首个基于Claude Code源代码的可安装、可运行、可调试、很干净的 Agent@xcanwin/open-claude-code是可安装、可运行的命令行工具,安装后可直接使用open-claude-code命令,效果等于claude命令- 本项目是在 AI Agent 安全沙箱 manyoyo 中完成
快速使用方法
npm install -g @xcanwin/open-claude-code
open-claude-code -v
open-claude-code -h
open-claude-code -p "which model are you?"
open-claude-code
Agent开发者
开发调试方法
npm run sync:runtime
node ./bin/open-claude-code.js -v
node ./bin/open-claude-code.js -h
node ./bin/open-claude-code.js -p "which model are you?"
node ./bin/open-claude-code.js
已实现 bin/open-claude-code.js 自动透传 --enable-source-maps,可通过以下方法验证可调试性:
node ./bin/open-claude-code.js --max-budget-usd -1
发布前的测试方法
npm run sync:runtime
npm install -g .
open-claude-code -v
open-claude-code -h
open-claude-code -p "which model are you?"
open-claude-code
其他说明
研究历程
- 解包
@anthropic-ai/claude-code - 用 source map 恢复
src/ - 补齐当前缺失的桩模块
- 从恢复源码重新构建本包自己的
runtime/cli.js
源码恢复
若要单独尝试 source map 恢复,可运行这个小工具:
node ./bin/open-claude-code-recover.js -v 2.1.88 -d ./artifacts
AI Agent 安全沙箱
- 首选 manyoyo
- 或者在
docker run --rm -it node:22-slim bash内执行上述使用方法
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found