GitHub dependency fake 'Claude co‑authored' commit

Open-source developer Fuma Nama said on May 20 that a malicious dependency update had inserted a fake Claude co-author element into a GitHub-linked automation flow, according to a post on X cited in a social-media briefing. The post pointed readers to a GitHub commit example showing counterfeit authorship metadata attached to a code change. The case drew attention because the added line resembled a real byline format used by Anthropic’s Claude Code in commit messages. Anthropic’s tooling has been the subject of user complaints since 2025 over automatic “Co-Authored-By: Claude” tags in Git history. ### Why did the fake byline stand out to developers? Anthropic’s GitHub issue tracker shows that users had already complained that Claude Code appended “Generated with [Claude Code]” text and a `Co-Authored-By: Claude <noreply@anthropic.com>` line to commits. A May 24, 2025 issue said the byline appeared despite users asking the tool not to add it, while another August 9, 2025 issue described the behavior as automatic self-attribution without user consent. (github.com) That existing behavior made the May 20 report easier to recognize. Because the injected text looked like a familiar Claude Code attribution pattern, developers discussing the example treated it as a provenance problem inside normal version-control records rather than as an obviously fabricated message, according to the briefing based on Fuma Nama’s post. ### What was reportedly changed in the workflow? (github.com) The social briefing says the malicious update targeted a GitHub Actions bot path and modified a continuous-integration action to include counterfeit authorship metadata claiming Claude participation. The report did not describe a model output inside a chat transcript; it described a code-history artifact attached to a commit example on GitHub. GitHub commit metadata matters because co-author lines are parsed and displayed as part of the repository record. (github.com) In this case, the reported change was not that Claude had reviewed the code, but that a dependency update made it appear as if Claude had been a named contributor to the change. ### Has this kind of AI-linked supply-chain problem shown up before? ReversingLabs reported on April 29 that a tainted package was introduced into a crypto trading agent in a Feb. 28 commit “co-authored by Anthropic’s Claude Opus,” and said the dependency allowed attackers to access secrets and crypto wallets. (github.com) The firm described that incident as part of a broader malicious package campaign targeting automated coding workflows. (github.com) Snyk reported in a separate 2025 incident that a flawed GitHub Actions workflow linked to malicious Nx releases was estimated to have been generated by Claude Code, with a later commit modifying the workflow to exfiltrate an npm token. Snyk said malware in that case also attempted to invoke local AI coding agents including Claude, Gemini and Amazon Q with unsafe flags. (reversinglabs.com) ### What does the May 20 example leave unresolved? The May 20 post, as described in the briefing, identified the fake “Claude co-authored” element and linked to a commit example, but the available source material does not establish from public records who published the malicious dependency or whether GitHub or Anthropic took action on that specific repository. The briefing also does not show a public statement from Anthropic about the reported incident. (snyk.io) GitHub users can still review the referenced repository history, commit body and dependency changes in the linked example from Fuma Nama’s May 20 post. Anthropic’s existing GitHub issues on commit attribution remain public, including the May 2025 and August 2025 reports describing automatic Claude bylines. (github.com 1) (github.com 2)