If you use the "Get Shit Done" (GSD) AI tool, you need to migrate immediately (Original creator rug-pulled)

Detailed Analysis

The "Get Shit Done" (GSD) AI productivity tool, which gained traction in the Claude AI community as an agent capable of executing shell and bash commands on users' local machines, has been compromised by the misconduct of its original creator. The developer, operating under the GitHub handle "glittercowboy," launched a companion cryptocurrency token ($GSD) alongside the project, accumulated investor funds, and then executed a classic rug pull — liquidating the token's liquidity, deleting his social media presence, and abandoning both the codebase and the community that had built around it. The community has responded by forking the project under the name "get-shit-done-redux," hosted at open-gsd/get-shit-done-redux, and conducting a full security audit, the results of which have been published in a transparency report.

The security threat is not merely historical but ongoing and active. Because the original creator retains publish access to the NPM registry entries for both `get-shit-done-cc` and `@gsd-build/sdk`, he retains the technical ability to push malicious updates to any machine that still has those packages installed. The particular danger here is amplified by the nature of GSD as a tool: because it operates with deep shell and bash permissions on users' local systems, a compromised update could function as a backdoor granting the attacker substantial control over affected machines. Users who have not yet uninstalled the legacy packages remain in a window of active vulnerability with no technical safeguard preventing a malicious push at any time.

This incident sits at the intersection of two compounding risks that have become increasingly prominent in the open-source AI tooling ecosystem: the proliferation of community-built agentic tools that require elevated system permissions, and the growing tendency for developers to attach speculative cryptocurrency tokens to software projects. The rug pull model is well-documented in crypto markets, but its application here to a software tool with persistent system access adds a dimension of technical danger far beyond financial loss. The $GSD token served as a mechanism to generate rapid community investment and trust, which the creator then exploited before exiting.

The broader trend this reflects is the rapid, often under-scrutinized growth of third-party agentic tools built around large language model APIs, particularly those interfacing with Claude and similar systems. As AI agents that can autonomously execute code, manage files, and interact with operating systems become more accessible to developers, the attack surface for malicious actors also expands. Community vetting, security audits, and institutional trust in maintainers lag behind the speed at which these tools proliferate. The GSD redux fork and its accompanying transparency report represent a community-driven corrective response, but the incident underscores that users of agentic AI tooling bear significant responsibility for scrutinizing the provenance and ongoing governance of tools they grant privileged system access.

The migration path recommended by the community — uninstalling both legacy packages and reinstalling from the audited redux fork — is straightforward, but the incident raises larger questions about how the Claude AI ecosystem and the broader open-source AI tooling landscape should handle trust, maintainer accountability, and the risks introduced when financial incentives like token launches are layered onto developer tools with privileged system access.