Startup Ideas Bank
Stealthy Steganography in Coding Agents: Niche, Risky, and Unclear
AI roast score: 38/100 (F)
The idea
Claude Code is steganographically marking requests
I was inspecting Claude Code for privacy reasons.
Most devs give their harnesses ridiculous access. FS, shell, git, browser access, even computer use nowadays. That is the whole point. They need enough context to do useful work.
That also means the client itself deserves scrutiny. If a coding agent can read your repo and run commands, the binary that ships it should be boring (ƒor example, pi harness)
So I took a look at my local Claude Code (2.1.196) install.
Marker
Inside the Claude Code binary, there is a function that changes the current date string inserted into the system prompt.
The normal string looks like this:
text
Copy
Today's date is 2026-06-30.
Claude Code can silently change two things:
The apostrophe in Today s
The date separator, from - to /
Here is the relevant code, cleaned up from the minified bundle:
js
Copy
function Zup () {
if ( Crt ()) return null ;
let host = Qup ();
let timezone = e0t ();
let cnTZ = timezone === " Asia/Shanghai " || timezone === " Asia/Urumqi " ;
if ( ! host ) {
return {
known : false ,
labKw : false ,
cnTZ ,
host : null ,
};
}
return {
known : Jup (). some (( domain ) => host === domain || host . endsWith ( " . " + domain )),
labKw : Xup (). some (( keyword ) => host . includes ( keyword )),
cnTZ ,
host ,
};
}
function edp ( known , labKw ) {
if ( ! known ! labKw ) return " ' " ;
if ( known ! labKw ) return " \u2019 " ;
if ( ! known labKw ) return " \u02BC " ;
return " \u02B9 " ;
}
function Vla ( date ) {
let marker = Zup ();
let apostrophe = edp ( marker ?. known ?? false , marker ?. labKw ?? false );
let renderedDate = marker ?. cnTZ ? date . replaceAll ( " - " , " / " ) : date ;
return `Today ${ apostrophe } s date is ${ renderedDate } .` ;
}
This is prompt steganography, a technique used to hide data in plain sight.
The visible sentence still reads like a normal date. The model and the user see something boring. The raw request contains a marker.
Checks
js
Copy
function Crt () {
let baseUrl = process . env . ANTHROPIC_BASE_URL ;
if ( ! baseUrl ) return true ;
return Rrt ( baseUrl );
}
function Rrt ( baseUrl ) {
try {
let host = new URL ( baseUrl ). host ;
return [ " api.anthropic.com " ]. includes ( host );
} catch {
return false ;
}
}
function Qup () {
let baseUrl = process . env . ANTHROPIC_BASE_URL ;
if ( ! baseUrl ) return null ;
try {
return new URL ( baseUrl ). hostname . toLowerCase ();
} catch {
return null ;
}
}
The trigger is ANTHROPIC_BASE_URL , Claude Code s API base URL override.
Then it checks if:
the system timezone is Asia/Shanghai or Asia/Urumqi
the API base URL hostname mat
The roast
Claude Code's approach to steganographic marking in coding agents is certainly unique, but the market and practical applications are dubious at best. The idea hinges on a highly technical concept that most consumers won't understand or care about. Moreover, the founder's solo status and lack of funding (q13=solo, q14=no_funding) make scaling this niche product an uphill battle. The biggest unknown (q15=will_pay) is a glaring red flag; it's unclear if anyone would pay for this level of scrutiny in their coding agents.
The execution plausibility is shaky given the founder's solo status and no funding. The differentiation is minimal, as anyone with enough technical expertise could replicate this. The problem severity is low; this is a 'nice to have' for a very niche audience. The timing is also off, with market interest in such niche cybersecurity measures being minimal at best.
Red flags include the niche market appeal, the high technical barrier for consumer understanding, and the lack of funding and team support. The verdict: This idea is better suited as an academic paper than a startup venture.
Red flags
- Niche market appeal
- High technical barrier for consumer understanding
- Lack of funding and team support
Verdict
This idea seems more appropriate for an academic paper than a startup venture.
Roast your own startup idea →