marketing-shibata50/claude-code-ultimate-guide
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

release: v3.27.6 - Sonnet 4.6 default + 200K vs 1M context guide

Browse source 
- Pricing table: Sonnet 4.6 now default (Feb 2026)
- New section: 200K vs 1M context decision guide (MRCR bench, cost table, use cases)
- threat-db.yaml v2.1.0: CVE-2026-23744, Slopsquatting T009, OWASP Agentic AI Top 10

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Florian BRUNIAUX 2026-02-18 09:33:55 +01:00
parent 4b15bdb137
commit c3da456d3a
8 changed files with 173 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

12
CHANGELOG.md
View file

@ -4,6 +4,18 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
## [3.27.6] - 2026-02-18
### Added
- New subsection "200K vs 1M Context: Performance, Cost & Use Cases" in pricing section (MRCR benchmark table, cost-per-session table, decision guide, key facts)
- `machine-readable/reference.yaml`: 5 new entries for Sonnet 4.6 + context window comparison
### Changed
- Pricing table: Sonnet 4.6 now listed as default model (replaced Sonnet 4.5)
- Context Management section: updated to mention 1M beta with link to comparison subsection
- `threat-db.yaml` v2.1.0: added CVE-2026-23744 (MCPJam RCE), hightower6eu publisher (314+ malicious skills), Slopsquatting technique T009, Mcpwn scanner, OWASP Agentic AI Top 10 2026, new sources (VirusTotal, SentinelOne, Immersive Labs, arXiv)
- `cheatsheet.pdf`: updated binary
## [3.27.5] - 2026-02-17
### Documentation

4
README.md
View file

@ -6,7 +6,7 @@
<p align="center">
<a href="https://github.com/FlorianBruniaux/claude-code-ultimate-guide/stargazers"><img src="https://img.shields.io/github/stars/FlorianBruniaux/claude-code-ultimate-guide?style=for-the-badge" alt="Stars"/></a>
<a href="./CHANGELOG.md"><img src="https://img.shields.io/badge/Updated-Feb_17,_2026_·_v3.27.5-brightgreen?style=for-the-badge" alt="Last Update"/></a>
<a href="./CHANGELOG.md"><img src="https://img.shields.io/badge/Updated-Feb_18,_2026_·_v3.27.6-brightgreen?style=for-the-badge" alt="Last Update"/></a>
<a href="./quiz/"><img src="https://img.shields.io/badge/Quiz-274_questions-orange?style=for-the-badge" alt="Quiz"/></a>
<a href="./examples/"><img src="https://img.shields.io/badge/Templates-116-green?style=for-the-badge" alt="Templates"/></a>
<a href="./guide/security-hardening.md"><img src="https://img.shields.io/badge/🛡_Threat_DB-18_CVEs_·_341_malicious_skills-red?style=for-the-badge" alt="Threat Database"/></a>
@ -757,7 +757,7 @@ See [CONTRIBUTING.md](./CONTRIBUTING.md) for guidelines.
---
*Version 3.27.5 | Updated daily · Feb 17, 2026 | Crafted with Claude*
*Version 3.27.6 | Updated daily · Feb 18, 2026 | Crafted with Claude*
<!-- SEO Keywords -->
<!-- claude code, claude code tutorial, anthropic cli, ai coding assistant, claude code mcp,

2
VERSION
View file

@ -1 +1 @@
3.27.5
3.27.6

BIN
cheatsheet.pdf
View file

Binary file not shown.

101
examples/commands/resources/threat-db.yaml
View file

@ -2,8 +2,8 @@
# For use with /security-check and /security-audit commands
# Manually maintained — update after new security advisories
version: "2.0.0"
updated: "2026-02-11"
version: "2.1.0"
updated: "2026-02-17"
sources:
- name: "Snyk ToxicSkills"
url: "https://snyk.io/blog/toxicskills-malicious-ai-agent-skills-clawhub/"
@ -47,6 +47,24 @@ sources:
- name: "SAFE-MCP Framework"
url: "https://www.safemcp.org"
date: "2026-01"
- name: "VirusTotal - OpenClaw Malicious Skills"
url: "https://blog.virustotal.com/2026/02/from-automation-to-infection-how.html"
date: "2026-02-02"
- name: "arXiv - Malicious Agent Skills Empirical Study"
url: "https://www.arxiv.org/abs/2602.06547"
date: "2026-02-06"
- name: "SentinelOne - xcode-mcp-server CVE-2026-2178"
url: "https://www.sentinelone.com/vulnerability-database/cve-2026-2178/"
date: "2026-02-13"
- name: "Immersive Labs - CVE-2026-23744 MCPJam RCE"
url: "https://community.immersivelabs.com/blog/the-human-connection-blog/new-cti-lab-cve-2026-23744-mcpjam-rce-offensive/3882"
date: "2026-01-21"
- name: "Aikido - Hallucinated npx Commands in Skills"
url: "https://www.aikido.dev/blog/agent-skills-spreading-hallucinated-npx-commands"
date: "2026-01-21"
- name: "OWASP Top 10 for Agentic AI Security Risks 2026"
url: "https://www.startupdefense.io/blog/owasp-top-10-agentic-ai-security-risks-2026"
date: "2026-02-16"
# ═══════════════════════════════════════════════════════════════
# MALICIOUS AUTHORS (confirmed by security researchers)
@ -69,6 +87,11 @@ malicious_authors:
source: "Snyk ToxicSkills"
risk: "critical"
notes: "Mixed prompt-injection + exfil; GitHub repo aztr0nutzs/NET_NiNjA.v1.2 hosts additional weaponized skills"
# VirusTotal confirmed — single publisher, 314+ skills, 100% malicious
- name: "hightower6eu"
source: "VirusTotal OpenClaw Analysis"
risk: "critical"
notes: "Single malicious publisher responsible for 314+ OpenClaw skills; all confirmed malicious by VirusTotal scan; malware disguised as productivity/utility tools"
# ═══════════════════════════════════════════════════════════════
# MALICIOUS SKILLS (confirmed by researchers)
@ -670,6 +693,34 @@ cve_database:
fixed_in: "0.1.28"
mitigation: "Update to >= 0.1.28"
# --- MCPJam Inspector ---
- id: "CVE-2026-23744"
component: "MCPJam Inspector"
severity: "critical"
description: "RCE via crafted HTTP request that triggers automatic MCP server installation; allows remote attacker to execute arbitrary code on developer machine"
source: "Immersive Labs / CVE-2026-23744"
fixed_in: "1.4.3"
mitigation: "Update MCPJam Inspector to >= 1.4.3; restrict to localhost; do not expose MCPJam to untrusted networks"
notes: "Affects local-first MCP dev platform; versions <= 1.4.2 vulnerable"
# --- xcode-mcp-server ---
- id: "CVE-2026-2178"
component: "xcode-mcp-server (r-huijts)"
severity: "high"
description: "Command injection in registerXcodeTools function via unsanitized args argument passed to exec(); allows RCE or data exfiltration"
source: "SentinelOne"
fixed_in: "after commit f3419f00117aa9949e326f78cc940166c88f18cb"
mitigation: "Update to latest commit post-f3419f00; avoid passing user-controlled input to exec(); switch to execFile() with argument arrays"
# --- MCP Salesforce Connector ---
- id: "CVE-2026-25650"
component: "MCP Salesforce Connector"
severity: "medium"
description: "Arbitrary attribute access — prior to 0.1.10, attacker can access arbitrary object attributes via crafted MCP requests, potentially exposing sensitive Salesforce data"
source: "NVD"
fixed_in: "0.1.10"
mitigation: "Update MCP Salesforce Connector to >= 0.1.10; enforce attribute allowlists"
# ═══════════════════════════════════════════════════════════════
# MINIMUM SAFE VERSIONS (quick reference for scanning)
# ═══════════════════════════════════════════════════════════════
@ -684,6 +735,8 @@ minimum_safe_versions:
"mcp-package-docs": "0.1.28"
"cursor": "1.3.9"
"claude-code": "2.1.34"
"mcpjam-inspector": "1.4.3"
"mcp-salesforce-connector": "0.1.10"
# ═══════════════════════════════════════════════════════════════
# IOCs (Indicators of Compromise)
@ -1055,6 +1108,15 @@ attack_techniques:
campaigns: ["ClawHavoc", "ToxicSkills"]
mitigation: "Block agent access to .env, .aws, .ssh directories; use pre-execution hooks"
- id: "T009"
name: "Slopsquatting / Hallucinated Package Injection"
description: "Malicious skills spread hallucinated or fabricated package names (e.g. via npx commands) that resolve to attacker-controlled packages on npm/PyPI when executed"
examples:
- "Skills with setup instructions referencing nonexistent npm packages that typosquat legitimate tools"
- "AI-generated skill content propagating hallucinated npx commands that install malicious packages"
source: "Aikido Security (2026-01-21)"
mitigation: "Verify every package reference in SKILL.md before executing setup instructions; use package lockfiles; pin all dependencies to known-good checksums"
# ═══════════════════════════════════════════════════════════════
# SCANNING TOOLS
# ═══════════════════════════════════════════════════════════════
@ -1138,6 +1200,36 @@ scanning_tools:
limitations:
- "ClawHub/OpenClaw specific"
- name: "Mcpwn"
vendor: "community"
type: "cli"
url: "https://hackers-arise.com/artificial-intelligence-in-cybersecurity-part-9-how-to-test-mcp-servers-for-security-vulnerabilities/"
capabilities:
- "Dedicated MCP vulnerability scanner"
- "Detects RCE via command injection in MCP servers"
- "Path traversal weakness detection"
- "Prompt injection risk identification"
- "Quick scan mode focused on RCE surface"
- "Supports custom Python and Node.js MCP servers"
limitations:
- "Newer/community tool — smaller detection database than mcp-scan"
- "Less coverage of skills.sh / ClawHub skill scanning"
- name: "Mend SAST MCP"
vendor: "Mend.io"
type: "mcp-server"
url: "https://appsecsanta.com/mend-sast"
capabilities:
- "Commercial SAST with MCP server integration"
- "Real-time static analysis on AI-generated code via IDE"
- "Software composition analysis (SCA) for dependencies"
- "Integrates with Cursor, VS Code, Claude Code, Windsurf"
- "mend-code-security-assistant tool: SAST scans"
- "mend-dependencies-assistant tool: SCA checks"
limitations:
- "Commercial product — requires Mend.io subscription"
- "Code scanning focus — does not scan SKILL.md or MCP configs directly"
# ═══════════════════════════════════════════════════════════════
# DEFENSIVE FRAMEWORKS & BLOCKLISTS
# ═══════════════════════════════════════════════════════════════
@ -1170,3 +1262,8 @@ defensive_resources:
exposed_servers: 1000
no_auth: true
risk_examples: ["Kubernetes clusters", "CRM access", "WhatsApp messaging", "arbitrary shell"]
- name: "OWASP Top 10 for Agentic AI Security Risks 2026"
url: "https://www.startupdefense.io/blog/owasp-top-10-agentic-ai-security-risks-2026"
type: "framework"
description: "Community-maintained OWASP-style Top 10 listing for agentic AI systems; covers Agent Goal Hijacking (#1), Supply Chain compromise, Tool Poisoning, Prompt Injection, Memory Poisoning, and more. Updated 2026-02-16."

4
guide/cheatsheet.md
View file

@ -12,7 +12,7 @@ tags: [cheatsheet, reference]
**Written with**: Claude (Anthropic)
**Version**: 3.27.5 | **Last Updated**: February 2026
**Version**: 3.27.6 | **Last Updated**: February 2026
---
@ -544,4 +544,4 @@ where.exe claude; claude doctor; claude mcp list
**Author**: Florian BRUNIAUX | [@Méthode Aristote](https://methode-aristote.fr) | Written with Claude
*Last updated: February 2026 | Version 3.27.5*
*Last updated: February 2026 | Version 3.27.6*

49
guide/ultimate-guide.md
View file

@ -16,7 +16,7 @@ tags: [guide, reference, workflows, agents, hooks, mcp, security]
**Last updated**: January 2026
**Version**: 3.27.5
**Version**: 3.27.6
---
@ -1738,11 +1738,12 @@ Claude Code isn't free - you're using API credits. Understanding costs helps opt
#### Pricing Model (as of February 2026)
Claude Code uses **Claude Sonnet 4.5** by default:
Claude Code uses **Claude Sonnet 4.6** by default (as of Feb 2026):
| Model | Input (per 1M tokens) | Output (per 1M tokens) | Context Window | Notes |
|-------|----------------------|------------------------|----------------|-------|
| **Sonnet 4.5** | $3.00 | $15.00 | 200K tokens | Default model |
| **Sonnet 4.6** | $3.00 | $15.00 | 200K tokens | Default model (Feb 2026) |
| Sonnet 4.5 | $3.00 | $15.00 | 200K tokens | Legacy (same price) |
| Opus 4.6 (standard) | $5.00 | $25.00 | 200K tokens | Released Feb 2026 |
| Opus 4.6 (1M context beta) | $10.00 | $37.50 | 1M tokens | Requests >200K context |
| Opus 4.6 (fast mode) | $30.00 | $150.00 | 200K tokens | 2.5x faster, 6x price |
@ -1750,6 +1751,42 @@ Claude Code uses **Claude Sonnet 4.5** by default:
**Reality check**: A typical 1-hour session costs **$0.10 - $0.50** depending on usage patterns.
#### 200K vs 1M Context: Performance, Cost & Use Cases
The 1M context window (beta, API only) is a significant capability jump — but it's not always the right choice.
**Retrieval accuracy at scale (MRCR v2 8-needle benchmark)**
| Model | 256K accuracy | 1M accuracy | Source |
|-------|--------------|-------------|--------|
| Opus 4.6 | 93% | 76% | Anthropic blog (Feb 2026) |
| Sonnet 4.5 | — | 18.5% | Anthropic blog |
| Sonnet 4.6 | Not yet published | Not yet published | — |
Note: Opus 4.6 retains strong accuracy at 1M (76%), while Sonnet 4.5 degrades sharply. Sonnet 4.6 MRCR scores have not yet been published by Anthropic.
**Cost per session (approximate)**
| Session type | ~Tokens in | ~Tokens out | Sonnet 4.6 | Opus 4.6 |
|---|---|---|---|---|
| Bug fix / PR review | 50K | 5K | ~$0.23 | ~$0.38 |
| Module refactoring | 150K | 20K | ~$0.75 | ~$1.25 |
| Full service analysis (1M beta) | 500K | 50K | ~$2.25 | ~$8.75 |
**When to use which**
| Scenario | Recommendation |
|----------|---------------|
| Bug fix, PR review, daily coding | Sonnet 4.6 @ 200K — fast and cheap |
| Cross-module refactoring, large codebase | Sonnet 4.6 @ 1M beta — volume without premium |
| Architecture analysis, Agent Teams, complex reasoning | Opus 4.6 @ 1M beta — accuracy matters |
**Key facts**
- Opus 4.6 max output: **128K tokens**; Sonnet 4.6 max output: **64K tokens**
- 1M context ≈ 30,000 lines of code / 750,000 words
- 1M context is **beta** (API only, requires `anthropic-beta: interleaved-thinking-2025-05-14` header)
- Opus 4.6 pricing doubles above 200K; no premium tier announced yet for Sonnet 4.6
#### What Costs the Most?
| Action | Tokens Consumed | Estimated Cost |
@ -3632,7 +3669,7 @@ User: "Actually, here's what I need: [refined instruction with specifics]"
### Context Management
Claude Code operates within a ~200K token context window:
Claude Code operates within a **200K token context window** (1M beta available via API — see [200K vs 1M comparison](line 1751)):
| Component | Approximate Size |
|-----------|------------------|
@ -4292,7 +4329,7 @@ The `.claude/` folder is your project's Claude Code directory for memory, settin
| Personal preferences | `CLAUDE.md` | ❌ Gitignore |
| Personal permissions | `settings.local.json` | ❌ Gitignore |
### 3.27.5 Version Control & Backup
### 3.27.6 Version Control & Backup
**Problem**: Without version control, losing your Claude Code configuration means hours of manual reconfiguration across agents, skills, hooks, and MCP servers.
@ -19597,4 +19634,4 @@ We'll evaluate and add it to this section if it meets quality criteria.
**Contributions**: Issues and PRs welcome.
**Last updated**: January 2026 | **Version**: 3.27.5
**Last updated**: January 2026 | **Version**: 3.27.6

22
machine-readable/reference.yaml
View file

@ -3,7 +3,7 @@
# Source: guide/ultimate-guide.md
# Purpose: Condensed index for LLMs to quickly answer user questions about Claude Code
version: "3.27.5"
version: "3.27.6"
updated: "2026-02-17"
# ════════════════════════════════════════════════════════════════
@ -186,7 +186,7 @@ deep_dive:
third_party_toad: "https://github.com/batrachianai/toad"
third_party_conductor: "https://docs.conductor.build"
# Configuration Management & Backup (Added 2026-02-02)
config_management_guide: "guide/ultimate-guide.md:4085" # Section 3.27.5
config_management_guide: "guide/ultimate-guide.md:4085" # Section 3.27.6
config_hierarchy: "guide/ultimate-guide.md:4095" # Global → Project → Local precedence
config_git_strategy_project: "guide/ultimate-guide.md:4110" # What to commit in .claude/
config_git_strategy_global: "guide/ultimate-guide.md:4133" # Version control ~/.claude/
@ -276,6 +276,12 @@ deep_dive:
fast_mode_api: 10051 # API breaking changes section
fast_mode_pricing: 1722 # Pricing table
fast_mode_behavior: "2.5x faster, 6x price, same Opus 4.6 model"
# Sonnet 4.6 + 1M Context (Feb 2026) - Added 2026-02-18
sonnet_4_6_default: 1741 # Pricing table, Sonnet 4.6 now default
context_200k_vs_1m: 1751 # Decision guide: 200K vs 1M context window
context_200k_vs_1m_perf: "Opus 4.6: 93% @ 256K, 76% @ 1M (MRCR v2). Sonnet 4.6 scores not yet published."
context_200k_vs_1m_cost: "Sonnet 4.6: ~$0.23 bug fix, ~$0.75 module refactor, ~$2.25 full 1M session"
context_1m_beta_requirement: "API only, requires anthropic-beta header. Opus: pricing doubles >200K."
# Debug Command (v2.1.30+) - Added 2026-02-09
debug_command: 16280 # /debug in commands table
debug_purpose: "Systematic troubleshooting and error investigation"
@ -1205,7 +1211,7 @@ ecosystem:
- "Cross-links modified → Update all 4 repos"
history:
- date: "2026-01-20"
event: "Code Landing sync v3.27.5, 66 templates, cross-links"
event: "Code Landing sync v3.27.6, 66 templates, cross-links"
commit: "5b5ce62"
- date: "2026-01-20"
event: "Cowork Landing fix (paths, README, UI badges)"
@ -1217,7 +1223,7 @@ ecosystem:
onboarding_matrix_meta:
version: "2.0.0"
last_updated: "2026-02-05"
aligned_with_guide: "3.27.5"
aligned_with_guide: "3.27.6"
changelog:
- version: "2.0.0"
date: "2026-02-05"
@ -1245,7 +1251,7 @@ onboarding_matrix:
core: [rules, sandbox_native_guide, commands]
time_budget: "5 min"
topics_max: 3
note: "SECURITY FIRST - sandbox before commands (v3.27.5 critical fix)"
note: "SECURITY FIRST - sandbox before commands (v3.27.6 critical fix)"
beginner_15min:
core: [rules, sandbox_native_guide, workflow, essential_commands]
@ -1330,7 +1336,7 @@ onboarding_matrix:
- default: agent_validation_checklist
time_budget: "60 min"
topics_max: 6
note: "Dual-instance pattern for quality workflows (v3.27.5)"
note: "Dual-instance pattern for quality workflows (v3.27.6)"
learn_security:
intermediate_30min:
@ -1341,7 +1347,7 @@ onboarding_matrix:
- default: permission_modes
time_budget: "30 min"
topics_max: 4
note: "NEW goal (v3.27.5) - Security-focused learning path"
note: "NEW goal (v3.27.6) - Security-focused learning path"
power_60min:
core: [sandbox_native_guide, mcp_secrets_management, security_hardening]
@ -1366,7 +1372,7 @@ onboarding_matrix:
core: [rules, sandbox_native_guide, workflow, essential_commands, context_management, plan_mode]
time_budget: "60 min"
topics_max: 6
note: "Security foundation + core workflow (v3.27.5 sandbox added)"
note: "Security foundation + core workflow (v3.27.6 sandbox added)"
intermediate_120min:
core: [plan_mode, agents, skills, config_hierarchy, git_mcp_guide, hooks, mcp_servers]