Claude DXT

A LayerX Security technical analysis found Claude Desktop Extensions run unsandboxed with full system privileges, enabling zero-click remote code execution via a malicious Google Calendar entry when MCP permissions are granted.