Human accountability
Human-AI collaborative disclosure. Human accountability.
This report is a Human-AI partnership. AI assisted with analysis and documentation; humans are accountable for all claims, severity judgments, and remediation guidance. Important distinction: the threat itself was human-designed and human-deployed — Claude Code did not create this attack vector.
Human accountability: a named human owner is responsible for the analysis and updates.
No autonomous action: this page does not execute fixes or deploy changes.
Verifiable sources: supporting markdown files are included on this site.
Reader verification checklist
Executive Summary: The Rise of Cognitive Malware
This report analyzes a critical vulnerability in the claude-flow npm package. Unlike traditional malware that seeks Remote Code Execution (RCE) to steal credentials or encrypt files, this vulnerability introduces Remote Cognitive Influence (RCI). By exploiting a bypass in signature verification and leveraging a hardcoded "Seraphine-Genesis" fallback, attackers can inject behavioral "patterns" into the AI's reasoning process, effectively creating a behavioral root-of-trust that is invisible to standard security tools.
Audio Briefing
MP3Listen to the narrative overview for the disclosure, optimized for quick incident response review. Audio is supplemental and does not replace the human-reviewed written analysis.
Anatomy of the Exploit
Explore the attack chain below. Click on any stage of the process to reveal the specific technical mechanisms and code vulnerabilities associated with that step.
Dev runs `npx claude-flow` or hook triggers.
Connects to IPFS Gateway/IPNS.
Checks length == 64. Always True.
Seraphine-Genesis pattern loaded.
Select a node in the attack chain to view forensic details.
Forensic Evidence Locker
Analysis
Vulnerability Impact
The "Seraphine-Genesis" Anomaly
In AI-adjacent systems, names act as cognitive priors. The malware uses specific semantic framing to discourage scrutiny and establish authority. This section deconstructs the psychological engineering behind the naming convention found in the fallback code.
Seraphine (Seraphim)
Connotes the highest angelic order. Suggests purity, guardianship, and proximity to "truth". It signals to a reviewer: "Do not question this, it is protected."
Genesis
Implies the origin, the root state, or the canonical beginning. In software architecture, a "genesis" block is often immutable and foundational.
Psychological Tactics in Code Naming
Authority Signal
Encourages deference and reduces reviewer skepticism.
Purity Framing
Wraps the payload in a clean, trusted semantic wrapper.
Obscurity Shield
Uses arcane naming to make scrutiny feel out-of-scope.
Threat Scenarios: Remote Cognitive Influence
How this vulnerability translates into real-world damage. Unlike RCE, these attacks are subtle and probabilistic.
Global Behavior Mod
Update IPNS to push a pattern that modifies task routing logic for all users simultaneously.
Targeted Espionage
Gateways log IPs. Attackers serve targeted malicious payloads to specific corporate IP ranges.
Instruction Injection
Inject "coordination trajectories" that cause the AI to introduce subtle bugs into generated code.
Supply Chain Persistence
Backdoor persists in node_modules and config, affecting CI/CD pipelines silently.
Remediation Protocol
Immediate action is required to purge the cognitive malware from the environment. Standard uninstallation is insufficient due to configuration persistence.
- ✓ Terminate: `pkill -f claude-flow`
- ✓ Purge Config: Remove entries in `~/.claude/settings.json`
- ✓ Delete Artifacts: `rm -rf ~/.claude-flow`
- ✓ Block Network: Add `ipfs.io` to hosts blocklist.
Report Library
Static, indexable pages for the full human-reviewed reports.