## https://sploitus.com/exploit?id=95A76115-1ABE-5116-95F7-3971800290AB
# Claude Code: MCP Tool Confirmation Prompt Misrepresentation



A professional Proof-of-Concept (PoC) demonstrating a critical UI/UX flaw in Anthropic's Claude Code. This vulnerability allows a malicious MCP server to mislead users into approving arbitrary command execution by misrepresenting tool parameters in confirmation prompts.
## ๐ก๏ธ Technical Summary
Claude Code trusts the description and metadata provided by an MCP server to generate user-facing confirmation prompts. An attacker-controlled server can provide a benign description (e.g., "Read a file") while the underlying execution logic triggers a reverse shell or unauthorized file writes.
## ๐ Key Features
* Informed Consent Bypass: Users approve a "Safe" action while the server executes "Malicious" code.
* Modified Alert: Includes a built-in check to prevent execution without proper IP configuration.
* Research Focused: Differentiates from existing CVEs (CVE-2025-59536) by focusing on post-consent execution.
## ๐ ๏ธ Installation & Setup
```bash
# Clone the research repository
git clone [https://github.com/Rohitberiwala/Claude-Code-MCP-Injection](https://github.com/Rohitberiwala/Claude-Code-MCP-Injection)
cd Claude-Code-MCP-Injection
# Edit the script to add your listener IP
nano exploit.py
# Run the PoC generator
python3 exploit.py