Claude Code 2.1.153 Fixes Gateway Leak and Tightens MCP
We break down a critical credential leak in custom API gateways, where Claude Code mistakenly sent primary Anthropic OAuth credentials to the wrong place. The episode also covers faster git and GitHub plugin loading with skipLfs, plus new safeguards for subagent MCP configs to prevent privilege escalation.
Is this your podcast and want to remove this banner? Click here.
Chapter 1
Fixing a Critical Gateway Credential Leak and Streamlining Plugins
Lachlan Reed
Welcome to the show, everyone! I'm Lachlan Reed, here with James Turner, and mate, we need to talk about Claude Code version 2.1.153. If you are using custom API gateways with Claude, you need to update right now, because there was a serious credential leak in the wild.
James Turner
Yeah, this is a massive deal. [urgently] Essentially, a regression in the previous version meant that if you configured a custom gateway, Claude Code was actually sending your primary Anthropic OAuth credentials directly to that custom gateway, instead of using the gateway's own specific token.
Lachlan Reed
That is absolutely wild. [scoffs] Imagine building a custom proxy to keep things secure, and instead, you're literally hand-delivering your master Anthropic keys to it. This 2.1.153 patch completely shuts that down, isolated routing is back, and it properly scopes the OAuth tokens so they don't wander off.
James Turner
Exactly. And while they were under the hood fixing that security mess, they also dropped a fantastic optimization for git and GitHub plugin sources. They added a new flag called `skipLfs`.
Lachlan Reed
Oh, the Large File Storage bypass! [excited] That is going to save so much bandwidth. If you're cloning or updating a massive repo just to parse some source code, you don't want to waste ten minutes pulling down gigabytes of compiled binary assets or heavy 3D models.
James Turner
Right, it dramatically speeds up local environment setup and update times. [matter-of-fact] But the third major update in 2.1.153 is all about subagent security, specifically how Model Context Protocol, or MCP, configurations are inherited. They've hardened the boundary by enforcing flags like `--strict-mcp-config` and `--bare` when spinning up subagents.
Lachlan Reed
Ah, so if a primary agent launches a subagent to do a specific task, that subagent can't just inherit a loose config and start executing unauthorized local tools. [thoughtfully] It keeps the sandbox tight across those agent boundaries.
James Turner
Precisely. It prevents privilege escalation between the parent agent and the subagent. It's a highly technical release, but v2.1.153 is an absolute must-install for security alone.
Lachlan Reed
Too right, mate. [warmly] Get updating! That's it for this quick update. I'm Lachlan Reed.
James Turner
And I'm James Turner. See ya! [cheerfully] Powered by Jellypod AI.