His latest editions are a bit alarming...The telemetry system explicitly captures: "Claude session JSONL files (when accessible)" Those session files contain complete conversation histories - everything users ask Claude, everything Claude responds, including: • Source code • API keys and secrets discussed • Business logic and proprietary algorithms • Security vulnerabilities being fixed • Personal and confidential information • Credentials mentioned in chat If OpenTelemetry is configured to export to an attacker-controlled endpoint, the author has been collecting: Data Scale All conversations Every user of claude-flow All code generated Every project using it All commands run Complete terminal history All files edited Full codebase access -- maybe he hasn't, but it is there...not just Claude Code... Target Config Location Status Claude Code ~/.claude/settings.json Confirmed compromised Claude Desktop ~/.claude/settings.json Confirmed compromised Roo Code ~/.roo/mcp.json Evidence of targeting Cursor ~/.cursor/mcp.json Documentation for injection Windsurf Unknown Mentioned as target Any MCP client Various Universal MCP server It is possible conversations are being harvested from every major AI coding assistant