While Claude Code works, it displays a small animated line — "Baking…", "Discombobulating…" — that hundreds of thousands of developers stare at for hours every day. Andrew McCalip looked at that line and saw an empty billboard. On June 11, 2026, he launched Kickbacks: an extension that auctions the spinner off, renders a sponsored line in place of the waiting verbs, and pays 50% of the revenue to the developer watching it. The tagline: "Get paid for waiting."
The launch tweet passed 5.5 million views in 24 hours. Two competitors appeared within 48 hours. And yet the whole edifice rests on a fact nobody can ignore: Kickbacks is built on Anthropic's land, with no lease — four months after Anthropic paid for a Super Bowl campaign declaring "Ads are coming to AI. But not to Claude."
We read the extension's bundle line by line — not the press release. Here is what is actually inside, what it is worth, and why this story is 2026's best case study in opportunistic products.
The founder: a builder who knows how to manufacture noise
Andrew McCalip is not an unknown. In August 2023, this Varda Space Industries engineer (in-orbit manufacturing) became internet-famous by attempting the first US replication of LK-99, the supposed Korean room-temperature superconductor — synthesis livestreamed on Twitch, progress documented on Twitter, a levitating sample sent to USC for analysis. The replication was never confirmed, but the persona was launched: an "engineering as content" profile, able to turn a technical project into a global serial in days.
Since then: Project Bob (a 14-foot autonomous drone boat attempting to circumnavigate the globe via Starlink, still under way) and ShiftKeys, Inc. — the company behind an OS-level AI assistant triggered by pressing both Shift keys, and the legal entity under which Kickbacks lives. A telling detail: at launch, McCalip's personal site listed seven projects… and Kickbacks was not one of them. He did not submit any of the Hacker News threads himself, and never replied in them. The official channel is his personal X account. Kickbacks looks less like a company product than a play — fast, brazen, perfectly timed.
The pitch: turning wait time into ad inventory
The Kickbacks landing page at launch — screenshot taken June 13, 2026, kickbacks.ai
The announced model is simple. Advertisers bid on the slot through an open order book. The unit of sale is a "block" of 1,000 five-second impressions. The user displaying the ads keeps 50% of the revenue, credited per impression and per click — a click being worth 50 impressions. Hourly and daily caps limit earnings, and a remote kill switch can shut down the whole fleet.
The reality at launch is more modest, and it matters: as of June 12, payouts were not open (the Stripe Connect integration was "almost done", no date given), and there were no real advertisers — the visible ad, Firecrawl, is a house placeholder used to bootstrap the inventory. Earnings accumulate on a counter but cannot be withdrawn. First tester report on Hacker News: about 3 hours of use, 407 impressions, $4.43. Another user claims $10 in 2 hours — self-reported numbers, to be taken as such, against a Claude subscription that can cost $200 a month.
One ecosystem signal deserves attention, though: less than 30 hours after launch, a third-party developer had already built a data terminal for ad buyers — order-book tracking, block burndown, bid pricing against the volume-weighted average. His (unverified) metrics: roughly 943 impressions served per minute, top bid at $111, serving floor at $31. When speculative tooling appears around your market within a day, the market exists — at least as an object of curiosity.
Under the hood: what the code says
We decompiled and read the extension bundle. First amusing finding: the product was called Vibe Ads before its rebrand. The code still carries the name everywhere — files stored under ~/.vibe-ads/, /* VIBE-ADS-START */ markers, internal commands prefixed vibe-ads.*.
Technically, the extension attacks two surfaces of very unequal sturdiness.
The solid path: the terminal, via official settings
For the CLI, Kickbacks tampers with nothing: it edits your ~/.claude/settings.json to inject two fields documented by Anthropic. spinnerVerbs replaces the spinner verbs with the sponsored line. statusLine points to a script that renders the clickable ad in the status bar. A genuinely nice touch: if you already had a custom status line, the extension saves it and chains it — your original display keeps running, the ad stacks on top, and restoration is clean. This is good engineering, built on official features.
The fragile path: patching Anthropic's extension
For the VS Code and Cursor panel, however, Kickbacks directly modifies the bundle of Anthropic's official extension. Byte-exact backup of the original file, locating the verbs array inside the minified code, injecting a block that renders the ad in the spinner. And above all: the Claude Code webview ships with a strict Content Security Policy that forbids any network connection. So that its ad can talk to its local telemetry server, Kickbacks loosens that CSP — and their own developers' comments admit the relaxation stays in place even after the extension is deactivated. It is only truly removed on explicit uninstall.
The counting system is also surprisingly careful: a local server receives impression and visibility events, an ad must stay on screen at least 5 seconds to be credited, and an idle detector watches the modification time of Claude Code's transcript file — 90 seconds without a write and counting stops. A watchdog even distinguishes "the user is working but our ads stopped rendering" (self-heal) from "the user went to lunch" (do nothing). We have seen Series A-funded products with less rigorous telemetry.
The three problems security never forgives
1. Persistently weakening a security barrier. Relaxing the CSP of a third party's product, and leaving it relaxed after deactivation, weakens a protection Anthropic designed for its users — without their informed consent.
2. Unsigned auto-update every 90 seconds. The extension polls an update server every 90 seconds and can install updates outside the marketplace, with no signature verification. This was the dominant point in the Hacker News discussions: if that server is compromised, it becomes a malware distribution channel to the entire installed base. A textbook supply-chain risk, created deliberately to keep up with Claude Code's relentless release pace.
3. Modifying another vendor's product without permission. A gray zone with respect to Microsoft's marketplace rules, and direct exposure to Anthropic's terms of service. The code is published read-only under a proprietary ShiftKeys license with anti-reverse-engineering clauses — source-available, not open source.
The reception: viral on X, a flop on Hacker News
The geography of the buzz is instructive, because it contradicts intuition.
| Channel | Result (first 48 hours) |
|---|---|
| Launch tweet | 5,527,308 views, 11,623 likes, 707 quote-tweets |
| Main HN thread | 15 points, 7 comments |
| Second HN thread | 14 points, 2 comments |
| Official "Show HN" | 2 points, 0 comments |
| GitHub repo | ~160 stars, never trended |
Five and a half million views on one side; a two-point Show HN on the other. The broad tech audience loves the spectacle; the community that would actually install the extension stayed cold — and when it spoke, it was to point at the unsigned auto-update. The product is talked about far beyond the circle of its potential users. That has been McCalip's signature since LK-99.
Two competitors in 48 hours — one of them astroturfing itself
The niche filled at record speed. IdleAds.dev, launched on Hacker News on June 12 by a founder introducing himself as "Abhi", promises a 70% revenue share (with a stated goal of 90%) and claims a technically cleaner approach: server-side impression verification, no editor patching. Its launch got 1 point on HN. The delicious detail: the comment "try IdleAds.dev, it pays 70%" posted in the Kickbacks thread came from the same username as the founder — who had not disclosed his affiliation. First-degree astroturfing, in a market 24 hours old.
Idlen (idlen.io) plays a different game: a fully anonymous team, but a much wider surface — extensions for VS Code, Cursor and Windsurf, plus browser extensions targeting ChatGPT, Claude, Perplexity and Gemini, with real install links on the marketplaces. One thing worth noting: to target ads, Idlen reads your projects' dependency files. When an anonymous product asks for that level of access to your workspace, the trust question changes shape.
The precedent that says it all: npm, August 2019
This story has happened before, almost beat for beat. On August 19, 2019, Feross Aboukhadijeh — the respected maintainer of StandardJS — quietly launched funding: a package that printed a sponsor message in the terminal on every install. Two sponsors, Linode and LogRocket. No tracking, easy to silence. The goal: funding open source.
The backlash was immediate and brutal. "Adware is malware, categorically," went Hacker News. The fear: that "npm install would become a long trail of banner ads". Two dedicated ad blockers were built within the week. Linode pulled its ad under pressure. After about a week, Feross shut the whole thing down — total raised: about $2,000. By the end of August, npm Inc ruled unilaterally: packages displaying ads were banned from the platform. And in November, npm shipped its own official alternative, the npm fund command.
The prophetic quote dates from August 2019, and it is Feross's own: "terminal ads seem like they have a limited lifetime" — because the platform can close the channel whenever it wants. Seven years later, Kickbacks is replaying the same script, on the same stage, with an even more powerful landlord.
Anthropic: the window is wide open — but the landlord already said no
This is the central paradox of the case, and it is documented on both sides.
On one side, no visible countermeasure. As of June 12, 2026 (Claude Code v2.1.175), the official changelog mentions no ads, no spinner restriction, no webview hardening. Better: Anthropic actively maintains the very surfaces Kickbacks exploits — a May 2026 fix repaired the spinnerVerbs setting, and the status line keeps gaining capabilities. The window is not ajar: it is wide open, and the owner is repainting the frame.
On the other side, doctrine and precedent. In February 2026, Anthropic ran a Super Bowl campaign whose slogan leaves no room for interpretation: "Ads are coming to AI. But not to Claude." — backed by an official position: a business model built on subscriptions and enterprise contracts, and ads in AI conversations deemed "incongruous". Kickbacks' timing answers OpenAI's, which had been testing ads in ChatGPT since January. And on enforcement, the precedent exists: that same February, the third-party harness OpenCode removed support for Claude accounts in a commit explicitly citing "anthropic legal requests". When Anthropic wants to close a door in its ecosystem, it does not push an update — it sends a letter.
The real risk for Kickbacks is therefore not the technical nerf, the release race its webview path has already entered. It is the day Anthropic decides either to forbid it — or, the crueler scenario, to sell that slot itself, the way npm answered terminal ads by shipping npm fund. A product built on someone else's land, with no lease, never gets to negotiate its notice period.
Our take: four lessons beyond the anecdote
What follows is our analysis.
1. Execution speed has become the default competitive advantage. Kickbacks turned a trivial observation — millions of developers stare at a spinner — into a functioning market with an order book in weeks, and its clones arrived within 48 hours. In the AI tooling economy, the window between "obvious idea" and "saturated niche" is measured in days. If you wait for certainty, you arrive after the astroturfers.
2. Distribution does not validate the product. 5.5 million views and 160 GitHub stars tell two incompatible stories. Buzz measures the quality of the spectacle, not adoption. For a web project or a digital offer, the only number that matters is users who install, return and pay — everything else is organic reach on a divisive topic.
3. Never build your core value on a surface you do not control. That is the npm 2019 lesson, the OpenCode lesson, and it will probably be the Kickbacks lesson. An opportunistic integration can be an excellent acquisition channel; it is a disaster as a foundation. When we design a digital presence — site, conversion funnel, content — we build it on owned assets: your domain, your audience, your data. Platforms are to be crossed, not inhabited.
4. Advertising is a craft, and context is king. Put on the advertiser's hat for a moment: the Claude Code spinner offers enormous attention but zero intent. The developer staring at that line is waiting for a generation to finish — not shopping for a vendor; the impression happens to them. That is the exact opposite of the channels we run daily for our clients: a Google Ads campaign captures declared intent at the precise moment it is expressed in a search, a Social Ads campaign builds and targets an audience with end-to-end conversion tracking. Before putting a euro on exotic inventory because it is trending, ask the three questions that decide everything: who is watching, in what state of mind, and what gets measured afterwards?
We are on both sides of this story: we build digital presences on assets you own, and we design and run advertising campaigns that pay off because they sit in the right place, in front of the right audience, with clean measurement of the return. Want to assess how much your project depends on a third-party platform — or launch a campaign built on intent rather than spectacle? Tell us about your situation: we reply within 48 hours with a concrete read.
