Catalog-Driven Reference

Rule Reference

This is the primary browsing surface for shipped lintai rules. The goal is fast scanning first, then deep rule context once you open a page.

Lane-first browsingThe directory is grouped by public lane first so the product model is visible immediately.

Human-authored proseExamples, caveats, and remediation live in checked-in Markdown.

Provider stays secondaryProvider identity is still visible, but no longer drives the main browsing experience.

Start With These

These are the current highest-signal community-facing rules based on the latest external validation work. SEC340 and SEC329 are the clearest quiet-default story; SEC324 and SEC352 remain strong sidecar controls:

• SEC340: Claude hook commands launching external packages dynamically at runtime
• SEC329: committed mcp.json entries launching external packages dynamically at runtime
• SEC352: unscoped Bash grants in AI-native frontmatter as a governance least-privilege control
• SEC324: unpinned third-party GitHub Actions

Reading The Catalog

• recommended means quiet practical default coverage

• preview means broader contextual review outside the default

• threat-review means explicit malicious, secret-bearing, or spyware-like review

• supply-chain means reproducibility, provenance, and dependency hardening review

• compat means config, schema, and policy contract review

• governance means shared authority and workflow policy review

• guidance means advice-oriented guidance and maintainability review

• advisory means installed-package advisory review

• security is a strong exploit, secret, or unsafe-execution signal

• hardening is a least-privilege, provenance, or hygiene signal

• quality is a contract or config correctness signal

• audit is a heuristic or triage-oriented signal

Public Lane

Recommended

2 rules

Quiet practical default findings most teams should start with.

SEC329MCP config: dynamic package launchMCP config launches an external package dynamically at runtimesecurityjsonlintai-ai-security

SEC340Claude hook: dynamic package launchClaude hook launches an external package dynamically at runtimesecurityclaude_settingslintai-ai-security

Public Lane

Preview

1 rules

Broader contextual review outside the quiet default.

SEC308Config: suspicious remote endpointConfiguration points at a suspicious remote endpointauditjsonlintai-ai-security

Public Lane

Threat Review

140 rules

Explicit malicious, secret-bearing, or spyware-like review.

SEC101HTML comment: dangerous instructionsHidden HTML comment contains dangerous agent instructionsauditmarkdownlintai-ai-security

SEC102Markdown: remote execution instructionMarkdown contains remote download-and-execute instruction outside code blocksauditmarkdownlintai-ai-security

SEC103HTML comment: remote execution instructionHidden HTML comment contains remote download-and-execute instructionauditmarkdownlintai-ai-security

SEC104Markdown: base64 executable payloadMarkdown contains a base64-decoded executable payload outside code blocksauditmarkdownlintai-ai-security

SEC105Markdown: parent-directory file accessMarkdown instructions reference parent-directory traversal for file accessauditmarkdownlintai-ai-security

SEC201Hook script: remote code executionHook script downloads remote code and executes itsecurityhooklintai-ai-security

SEC202Hook script: secret exfiltrationHook script appears to exfiltrate secrets through a network callsecurityhooklintai-ai-security

SEC203Hook script: insecure HTTP secret sendHook script sends secret material to an insecure http:// endpointsecurityhooklintai-ai-security

SEC204Hook script: TLS verification disabledHook script disables TLS or certificate verification for a network callsecurityhooklintai-ai-security

SEC205Hook script: hardcoded auth in network callHook script embeds static authentication material in a network callsecurityhooklintai-ai-security

SEC206Hook script: base64 payload executionHook script decodes a base64 payload and executes itsecurityhooklintai-ai-security

SEC301MCP config: shell trampolineMCP configuration shells out through sh -c or bash -csecurityjsonlintai-ai-security

SEC305Config: hardcoded auth materialConfiguration embeds static authentication material in a connection or auth valuesecurityjsonlintai-ai-security

SEC306JSON config: hidden override instructionsJSON configuration description contains override-style hidden instructionsauditjsonlintai-ai-security

SEC309Config: literal secrets in configConfiguration commits literal secret material in env, auth, or header valuessecurityjsonlintai-ai-security

SEC310Config: metadata or private-network hostConfiguration endpoint targets a metadata or private-network host literalsecurityjsonlintai-ai-security

SEC312Markdown: private key materialMarkdown contains committed private key materialsecuritymarkdownlintai-ai-security

SEC313Shell example: remote content piped to shellFenced shell example pipes remote content directly into a shellauditmarkdownlintai-ai-security

SEC321server.json remotes: literal auth headerserver.json remotes header commits literal authentication materialsecurityserver_jsonlintai-ai-security

SEC335AI markdown: metadata-service accessAI-native markdown contains a direct cloud metadata-service access exampleauditmarkdownlintai-ai-security

SEC338MCP config: sensitive host bind mountMCP configuration launches Docker with a bind mount of sensitive host materialsecurityjsonlintai-ai-security

SEC339MCP config: privileged Docker flagsMCP configuration launches Docker with a host-escape or privileged runtime flagsecurityjsonlintai-ai-security

SEC349AI markdown: privileged Docker patternAI-native markdown Docker example uses a host-escape or privileged runtime patternauditmarkdownlintai-ai-security

SEC350Instruction markdown: untrusted content promotedInstruction markdown promotes untrusted external content to developer/system-level instructionsauditmarkdownlintai-ai-security

SEC351AI instruction: disables user approvalAI-native instruction explicitly disables user approval or confirmationauditmarkdownlintai-ai-security

SEC422MCP config: sudo commandMCP configuration launches the server through `sudo`securityjsonlintai-ai-security

SEC446MCP config: sudo first argumentMCP configuration passes `sudo` as the first launch argumentsecurityjsonlintai-ai-security

SEC633Hook script: destructive root deletionHook script attempts destructive root deletionsecurityhooklintai-ai-security

SEC634Hook script: password file accessHook script accesses a sensitive system password filesecurityhooklintai-ai-security

SEC635Hook script: shell profile writeHook script writes to a shell profile startup filesecurityhooklintai-ai-security

SEC636Hook script: authorized_keys writeHook script writes to SSH authorized_keyssecurityhooklintai-ai-security

SEC637MCP config: destructive root deletionMCP configuration command attempts destructive root deletionsecurityjsonlintai-ai-security

SEC638MCP config: password file accessMCP configuration command accesses a sensitive system password filesecurityjsonlintai-ai-security

SEC639MCP config: shell profile writeMCP configuration command writes to a shell profile startup filesecurityjsonlintai-ai-security

SEC640MCP config: authorized_keys writeMCP configuration command writes to SSH authorized_keyssecurityjsonlintai-ai-security

SEC641Claude settings: command hook root deletionClaude settings command hook attempts destructive root deletionsecurityclaude_settingslintai-ai-security

SEC642Claude settings: command hook password file accessClaude settings command hook accesses a sensitive system password filesecurityclaude_settingslintai-ai-security

SEC643Claude settings: command hook shell profile writeClaude settings command hook writes to a shell profile startup filesecurityclaude_settingslintai-ai-security

SEC644Claude settings: command hook authorized_keys writeClaude settings command hook writes to SSH authorized_keyssecurityclaude_settingslintai-ai-security

SEC645Plugin hook: destructive root deletionPlugin hook command attempts destructive root deletionsecurityjsonlintai-ai-security

SEC646Plugin hook: password file accessPlugin hook command accesses a sensitive system password filesecurityjsonlintai-ai-security

SEC647Plugin hook: shell profile writePlugin hook command writes to a shell profile startup filesecurityjsonlintai-ai-security

SEC648Plugin hook: authorized_keys writePlugin hook command writes to SSH authorized_keyssecurityjsonlintai-ai-security

SEC649Hook script: cron persistenceHook script manipulates cron persistencesecurityhooklintai-ai-security

SEC650Hook script: systemd persistenceHook script registers a systemd service or unit for persistencesecurityhooklintai-ai-security

SEC651Hook script: launchd persistenceHook script registers a launchd plist for persistencesecurityhooklintai-ai-security

SEC652MCP config: cron persistenceMCP configuration command manipulates cron persistencesecurityjsonlintai-ai-security

SEC653MCP config: systemd persistenceMCP configuration command registers a systemd service or unit for persistencesecurityjsonlintai-ai-security

SEC654MCP config: launchd persistenceMCP configuration command registers a launchd plist for persistencesecurityjsonlintai-ai-security

SEC655Claude settings: command hook cron persistenceClaude settings command hook manipulates cron persistencesecurityclaude_settingslintai-ai-security

SEC656Claude settings: command hook systemd persistenceClaude settings command hook registers a systemd service or unit for persistencesecurityclaude_settingslintai-ai-security

SEC657Claude settings: command hook launchd persistenceClaude settings command hook registers a launchd plist for persistencesecurityclaude_settingslintai-ai-security

SEC658Plugin hook: cron persistencePlugin hook command manipulates cron persistencesecurityjsonlintai-ai-security

SEC659Plugin hook: systemd persistencePlugin hook command registers a systemd service or unit for persistencesecurityjsonlintai-ai-security

SEC660Plugin hook: launchd persistencePlugin hook command registers a launchd plist for persistencesecurityjsonlintai-ai-security

SEC661Hook script: insecure chmodHook script performs an insecure permission changesecurityhooklintai-ai-security

SEC662Hook script: setuid or setgid manipulationHook script manipulates setuid or setgid permissionssecurityhooklintai-ai-security

SEC663Hook script: Linux capability manipulationHook script manipulates Linux capabilitiessecurityhooklintai-ai-security

SEC664MCP config: insecure chmodMCP configuration command performs an insecure permission changesecurityjsonlintai-ai-security

SEC665MCP config: setuid or setgid manipulationMCP configuration command manipulates setuid or setgid permissionssecurityjsonlintai-ai-security

SEC666MCP config: Linux capability manipulationMCP configuration command manipulates Linux capabilitiessecurityjsonlintai-ai-security

SEC667Claude settings: command hook insecure chmodClaude settings command hook performs an insecure permission changesecurityclaude_settingslintai-ai-security

SEC668Claude settings: command hook setuid or setgid manipulationClaude settings command hook manipulates setuid or setgid permissionssecurityclaude_settingslintai-ai-security

SEC669Claude settings: command hook Linux capability manipulationClaude settings command hook manipulates Linux capabilitiessecurityclaude_settingslintai-ai-security

SEC670Plugin hook: insecure chmodPlugin hook command performs an insecure permission changesecurityjsonlintai-ai-security

SEC671Plugin hook: setuid or setgid manipulationPlugin hook command manipulates setuid or setgid permissionssecurityjsonlintai-ai-security

SEC672Plugin hook: Linux capability manipulationPlugin hook command manipulates Linux capabilitiessecurityjsonlintai-ai-security

SEC673Hook script: webhook secret exfiltrationHook script posts secret material to a webhook endpointsecurityhooklintai-ai-security

SEC674MCP config: secret exfiltrationMCP configuration command appears to send secret material over the networksecurityjsonlintai-ai-security

SEC675MCP config: insecure HTTP secret sendMCP configuration command sends secret material to an insecure http:// endpointsecurityjsonlintai-ai-security

SEC676MCP config: webhook secret exfiltrationMCP configuration command posts secret material to a webhook endpointsecurityjsonlintai-ai-security

SEC677Claude settings: secret exfiltration hookClaude settings command hook appears to send secret material over the networksecurityclaude_settingslintai-ai-security

SEC678Claude settings: insecure HTTP secret sendClaude settings command hook sends secret material to an insecure http:// endpointsecurityclaude_settingslintai-ai-security

SEC679Claude settings: webhook secret exfiltrationClaude settings command hook posts secret material to a webhook endpointsecurityclaude_settingslintai-ai-security

SEC680Plugin hook: secret exfiltrationPlugin hook command appears to send secret material over the networksecurityjsonlintai-ai-security

SEC681Plugin hook: insecure HTTP secret sendPlugin hook command sends secret material to an insecure http:// endpointsecurityjsonlintai-ai-security

SEC682Plugin hook: webhook secret exfiltrationPlugin hook command posts secret material to a webhook endpointsecurityjsonlintai-ai-security

SEC683Hook script: sensitive file exfiltrationHook script transfers a sensitive credential file to a remote destinationsecurityhooklintai-ai-security

SEC684MCP config: sensitive file exfiltrationMCP configuration command transfers a sensitive credential file to a remote destinationsecurityjsonlintai-ai-security

SEC685Claude settings: sensitive file exfiltration hookClaude settings command hook transfers a sensitive credential file to a remote destinationsecurityclaude_settingslintai-ai-security

SEC686Plugin hook: sensitive file exfiltrationPlugin hook command transfers a sensitive credential file to a remote destinationsecurityjsonlintai-ai-security

SEC687Hook script: clipboard readHook script reads local clipboard contentssecurityhooklintai-ai-security

SEC688Hook script: browser credential store accessHook script accesses browser credential or cookie storessecurityhooklintai-ai-security

SEC689MCP config: clipboard readMCP configuration command reads local clipboard contentssecurityjsonlintai-ai-security

SEC690MCP config: browser credential store accessMCP configuration command accesses browser credential or cookie storessecurityjsonlintai-ai-security

SEC691Claude settings: clipboard read hookClaude settings command hook reads local clipboard contentssecurityclaude_settingslintai-ai-security

SEC692Claude settings: browser credential store access hookClaude settings command hook accesses browser credential or cookie storessecurityclaude_settingslintai-ai-security

SEC693Plugin hook: clipboard readPlugin hook command reads local clipboard contentssecurityjsonlintai-ai-security

SEC694Plugin hook: browser credential store accessPlugin hook command accesses browser credential or cookie storessecurityjsonlintai-ai-security

SEC695Hook script: clipboard exfiltrationHook script exfiltrates clipboard contents over the networksecurityhooklintai-ai-security

SEC696Hook script: browser credential store exfiltrationHook script exfiltrates browser credential or cookie store datasecurityhooklintai-ai-security

SEC697MCP config: clipboard exfiltrationMCP configuration command exfiltrates clipboard contents over the networksecurityjsonlintai-ai-security

SEC698MCP config: browser credential store exfiltrationMCP configuration command exfiltrates browser credential or cookie store datasecurityjsonlintai-ai-security

SEC699Claude settings: clipboard exfiltration hookClaude settings command hook exfiltrates clipboard contents over the networksecurityclaude_settingslintai-ai-security

SEC700Claude settings: browser credential store exfiltration hookClaude settings command hook exfiltrates browser credential or cookie store datasecurityclaude_settingslintai-ai-security

SEC701Plugin hook: clipboard exfiltrationPlugin hook command exfiltrates clipboard contents over the networksecurityjsonlintai-ai-security

SEC702Plugin hook: browser credential store exfiltrationPlugin hook command exfiltrates browser credential or cookie store datasecurityjsonlintai-ai-security

SEC703Hook script: screen captureHook script captures a screenshot or desktop imagesecurityhooklintai-ai-security

SEC704Hook script: screen capture exfiltrationHook script captures and exfiltrates a screenshot or desktop imagesecurityhooklintai-ai-security

SEC705MCP config: screen captureMCP configuration command captures a screenshot or desktop imagesecurityjsonlintai-ai-security

SEC706MCP config: screen capture exfiltrationMCP configuration command captures and exfiltrates a screenshot or desktop imagesecurityjsonlintai-ai-security

SEC707Claude settings: screen capture hookClaude settings command hook captures a screenshot or desktop imagesecurityclaude_settingslintai-ai-security

SEC708Claude settings: screen capture exfiltration hookClaude settings command hook captures and exfiltrates a screenshot or desktop imagesecurityclaude_settingslintai-ai-security

SEC709Plugin hook: screen capturePlugin hook command captures a screenshot or desktop imagesecurityjsonlintai-ai-security

SEC710Plugin hook: screen capture exfiltrationPlugin hook command captures and exfiltrates a screenshot or desktop imagesecurityjsonlintai-ai-security

SEC711Hook script: camera captureHook script captures a camera image or webcam streamsecurityhooklintai-ai-security

SEC712Hook script: microphone captureHook script records microphone or audio inputsecurityhooklintai-ai-security

SEC713Hook script: camera capture exfiltrationHook script captures and exfiltrates camera or webcam datasecurityhooklintai-ai-security

SEC714Hook script: microphone capture exfiltrationHook script records and exfiltrates microphone or audio inputsecurityhooklintai-ai-security

SEC715MCP config: camera captureMCP configuration command captures a webcam or camera imagesecurityjsonlintai-ai-security

SEC716MCP config: microphone captureMCP configuration command captures microphone audiosecurityjsonlintai-ai-security

SEC717MCP config: camera capture exfiltrationMCP configuration command captures and exfiltrates webcam or camera datasecurityjsonlintai-ai-security

SEC718MCP config: microphone capture exfiltrationMCP configuration command captures and exfiltrates microphone audiosecurityjsonlintai-ai-security

SEC719Claude settings: camera capture hookClaude settings command hook captures a webcam or camera imagesecurityclaude_settingslintai-ai-security

SEC720Claude settings: microphone capture hookClaude settings command hook captures microphone audiosecurityclaude_settingslintai-ai-security

SEC721Claude settings: camera capture exfiltration hookClaude settings command hook captures and exfiltrates webcam or camera datasecurityclaude_settingslintai-ai-security

SEC722Claude settings: microphone capture exfiltration hookClaude settings command hook captures and exfiltrates microphone audiosecurityclaude_settingslintai-ai-security

SEC723Plugin hook: camera capturePlugin hook command captures a webcam or camera imagesecurityjsonlintai-ai-security

SEC724Plugin hook: microphone capturePlugin hook command captures microphone audiosecurityjsonlintai-ai-security

SEC725Plugin hook: camera capture exfiltrationPlugin hook command captures and exfiltrates webcam or camera datasecurityjsonlintai-ai-security

SEC726Plugin hook: microphone capture exfiltrationPlugin hook command captures and exfiltrates microphone audiosecurityjsonlintai-ai-security

SEC727Hook script: keylogger captureHook script captures keystrokes or keyboard inputsecurityhooklintai-ai-security

SEC728Hook script: keylogger exfiltrationHook script captures and exfiltrates keystrokes or keyboard inputsecurityhooklintai-ai-security

SEC729MCP config: keylogger captureMCP configuration command captures keystrokes or keyboard inputsecurityjsonlintai-ai-security

SEC730MCP config: keylogger exfiltrationMCP configuration command captures and exfiltrates keystrokes or keyboard inputsecurityjsonlintai-ai-security

SEC731Claude settings: keylogger capture hookClaude settings command hook captures keystrokes or keyboard inputsecurityclaude_settingslintai-ai-security

SEC732Claude settings: keylogger exfiltration hookClaude settings command hook captures and exfiltrates keystrokes or keyboard inputsecurityclaude_settingslintai-ai-security

SEC733Plugin hook: keylogger capturePlugin hook command captures keystrokes or keyboard inputsecurityjsonlintai-ai-security

SEC734Plugin hook: keylogger exfiltrationPlugin hook command captures and exfiltrates keystrokes or keyboard inputsecurityjsonlintai-ai-security

SEC735Hook script: environment dumpHook script dumps environment variables or shell statesecurityhooklintai-ai-security

SEC736Hook script: environment dump exfiltrationHook script dumps and exfiltrates environment variables or shell statesecurityhooklintai-ai-security

SEC737MCP config: environment dumpMCP configuration command dumps environment variables or shell statesecurityjsonlintai-ai-security

SEC738MCP config: environment dump exfiltrationMCP configuration command dumps and exfiltrates environment variables or shell statesecurityjsonlintai-ai-security

SEC739Claude settings: environment dump hookClaude settings command hook dumps environment variables or shell statesecurityclaude_settingslintai-ai-security

SEC740Claude settings: environment dump exfiltration hookClaude settings command hook dumps and exfiltrates environment variables or shell statesecurityclaude_settingslintai-ai-security

SEC741Plugin hook: environment dumpPlugin hook command dumps environment variables or shell statesecurityjsonlintai-ai-security

SEC742Plugin hook: environment dump exfiltrationPlugin hook command dumps and exfiltrates environment variables or shell statesecurityjsonlintai-ai-security

SEC748Docker Compose: privileged service runtimeDocker Compose service enables privileged container runtime or host namespace accesssecuritydocker-composelintai-ai-security

SEC754Devcontainer: host-side initializeCommandDevcontainer config defines a host-side initializeCommandsecuritydevcontainerlintai-ai-security

SEC755Devcontainer: sensitive local bind mountDevcontainer config bind-mounts sensitive local host materialsecuritydevcontainerlintai-ai-security

Public Lane

Supply Chain

52 rules

Reproducibility, provenance, and dependency hardening review.

SEC302Config: insecure HTTP endpointConfiguration contains an insecure http:// endpointhardeningjsonlintai-ai-security

SEC304Config: TLS verification disabledConfiguration disables TLS or certificate verificationhardeningjsonlintai-ai-security

SEC319server.json remotes: insecure or private URLserver.json remotes entry uses an insecure or non-public remote URLhardeningserver_jsonlintai-ai-security

SEC324GitHub Actions: unpinned third-party actionGitHub Actions workflow uses a third-party action that is not pinned to a full commit SHAhardeninggithub_workflowlintai-ai-security

SEC325GitHub Actions: untrusted expression in runGitHub Actions workflow interpolates untrusted expression data directly inside a run commandhardeninggithub_workflowlintai-ai-security

SEC326GitHub Actions: pull_request_target checkoutGitHub Actions pull_request_target workflow checks out untrusted pull request head contenthardeninggithub_workflowlintai-ai-security

SEC327GitHub Actions: write-all tokenGitHub Actions workflow grants GITHUB_TOKEN write-all permissionshardeninggithub_workflowlintai-ai-security

SEC328GitHub Actions: write-capable third-party actionGitHub Actions workflow combines explicit write-capable permissions with a third-party actionhardeninggithub_workflowlintai-ai-security

SEC330MCP config: remote content piped to shellMCP configuration command downloads remote content and pipes it into a shellsecurityjsonlintai-ai-security

SEC331MCP config: TLS verification disabledMCP configuration command disables TLS verification in a network-capable execution pathhardeningjsonlintai-ai-security

SEC337MCP config: Docker image not digest-pinnedMCP configuration launches Docker with an image reference that is not digest-pinnedhardeningjsonlintai-ai-security

SEC341Claude hook: remote content piped to shellClaude settings command hook downloads remote content and pipes it into a shellsecurityclaude_settingslintai-ai-security

SEC342Claude hook: TLS verification disabledClaude settings command hook disables TLS verification in a network-capable execution pathhardeningclaude_settingslintai-ai-security

SEC343Plugin hook: mutable package launcherPlugin hook command uses a mutable package launcherhardeningjsonlintai-ai-security

SEC344Plugin hook: remote content piped to shellPlugin hook command downloads remote content and pipes it into a shellsecurityjsonlintai-ai-security

SEC345Plugin hook: TLS verification disabledPlugin hook command disables TLS verification in a network-capable execution pathhardeningjsonlintai-ai-security

SEC346MCP config: mutable registry refreshMCP configuration forces Docker to refresh from a mutable registry sourcehardeningjsonlintai-ai-security

SEC347AI markdown: MCP via mutable package runnerAI-native markdown example launches MCP through a mutable package runnerhardeningmarkdownlintai-ai-security

SEC348AI markdown: mutable Docker imageAI-native markdown Docker example uses a mutable registry imagehardeningmarkdownlintai-ai-security

SEC365Claude settings: non-HTTPS allowed HTTP hook URLClaude settings allow non-HTTPS HTTP hook URLs in a shared committed confighardeningclaude_settingslintai-ai-security

SEC366Claude settings: dangerous HTTP hook host literalClaude settings allow dangerous host literals in `allowedHttpHookUrls`hardeningclaude_settingslintai-ai-security

SEC417AI markdown: unpinned pip git installAI-native markdown installs Python packages from an unpinned `git+https://` sourcehardeningmarkdownlintai-ai-security

SEC448AI markdown: pip trusted-hostAI-native markdown installs Python packages with `--trusted-host`hardeningmarkdownlintai-ai-security

SEC449AI markdown: pip http indexAI-native markdown installs Python packages from an insecure `http://` package indexhardeningmarkdownlintai-ai-security

SEC450AI markdown: npm http registryAI-native markdown installs JavaScript packages from an insecure `http://` registryhardeningmarkdownlintai-ai-security

SEC451AI markdown: cargo http git installAI-native markdown installs Rust packages from an insecure `http://` git sourcehardeningmarkdownlintai-ai-security

SEC452AI markdown: cargo http indexAI-native markdown installs Rust packages from an insecure `http://` indexhardeningmarkdownlintai-ai-security

SEC453AI markdown: pip http sourceAI-native markdown installs Python packages from an insecure direct `http://` sourcehardeningmarkdownlintai-ai-security

SEC454AI markdown: npm http sourceAI-native markdown installs JavaScript packages from an insecure direct `http://` sourcehardeningmarkdownlintai-ai-security

SEC455AI markdown: pip http git installAI-native markdown installs Python packages from an insecure `git+http://` sourcehardeningmarkdownlintai-ai-security

SEC456AI markdown: pip http find-linksAI-native markdown installs Python packages with insecure `http://` find-linkshardeningmarkdownlintai-ai-security

SEC457AI markdown: js package strict-ssl falseAI-native markdown disables strict SSL verification for JavaScript package manager confighardeningmarkdownlintai-ai-security

SEC458AI markdown: pip config http indexAI-native markdown configures Python package resolution with an insecure `http://` package indexhardeningmarkdownlintai-ai-security

SEC459AI markdown: js package config http registryAI-native markdown configures a JavaScript package manager with an insecure `http://` registryhardeningmarkdownlintai-ai-security

SEC460AI markdown: pip config http find-linksAI-native markdown configures Python package discovery with insecure `http://` find-linkshardeningmarkdownlintai-ai-security

SEC461AI markdown: pip config trusted-hostAI-native markdown configures Python package resolution with `trusted-host`hardeningmarkdownlintai-ai-security

SEC462AI markdown: network TLS bypassAI-native markdown disables TLS verification for a network-capable commandhardeningmarkdownlintai-ai-security

SEC464AI markdown: git http cloneAI-native markdown clones a Git repository from an insecure `http://` sourcehardeningmarkdownlintai-ai-security

SEC465AI markdown: git http remoteAI-native markdown configures a Git remote with an insecure `http://` sourcehardeningmarkdownlintai-ai-security

SEC471AI markdown: git sslVerify falseAI-native markdown disables Git TLS verification with `http.sslVerify false`hardeningmarkdownlintai-ai-security

SEC472AI markdown: GIT_SSL_NO_VERIFYAI-native markdown disables Git TLS verification with `GIT_SSL_NO_VERIFY`hardeningmarkdownlintai-ai-security

SEC473AI markdown: git inline sslVerify falseAI-native markdown disables Git TLS verification with `git -c http.sslVerify=false`hardeningmarkdownlintai-ai-security

SEC743package.json: dangerous lifecycle scriptpackage.json defines a dangerous install-time lifecycle scriptsecurityjsonlintai-ai-security

SEC744package.json: git or forge dependency sourcepackage.json installs a dependency from a git or forge shortcut sourcehardeningjsonlintai-ai-security

SEC745package.json: unbounded dependency versionpackage.json uses an unbounded dependency version like * or latesthardeningjsonlintai-ai-security

SEC746Dockerfile: remote script execution in RUNDockerfile RUN downloads remote code and executes itsecuritydockerfilelintai-ai-security

SEC747Dockerfile: final stage runs as rootDockerfile final stage explicitly runs as roothardeningdockerfilelintai-ai-security

SEC749Dockerfile: mutable registry image in FROMDockerfile FROM uses a mutable registry image without a digest pinhardeningdockerfilelintai-ai-security

SEC750Docker Compose: mutable service imageDocker Compose service image uses a mutable registry reference without a digest pinhardeningdocker-composelintai-ai-security

SEC751Dockerfile: latest or implicit-latest base image tagDockerfile FROM uses a latest or implicit-latest image taghardeningdockerfilelintai-ai-security

SEC752Docker Compose: latest or implicit-latest service image tagDocker Compose service image uses a latest or implicit-latest taghardeningdocker-composelintai-ai-security

SEC753package.json: direct archive URL dependency sourcepackage.json installs a dependency from a direct archive URL sourcehardeningjsonlintai-ai-security

Public Lane

Compat

18 rules

Config, schema, and policy contract review.

SEC311Cursor plugin: unsafe path traversalCursor plugin manifest contains an unsafe absolute or parent-traversing pathqualityjsonlintai-ai-security

SEC314Tool descriptor: missing machine fieldsMCP-style tool descriptor is missing required machine fieldsqualitytool_jsonlintai-ai-security

SEC315Tool descriptors: duplicate tool namesMCP-style tool descriptor collection contains duplicate tool namesqualitytool_jsonlintai-ai-security

SEC316OpenAI strict schema: missing additionalProperties falseOpenAI strict tool schema omits recursive additionalProperties: falsequalitytool_jsonlintai-ai-security

SEC317OpenAI strict schema: properties not all requiredOpenAI strict tool schema does not require every declared propertyqualitytool_jsonlintai-ai-security

SEC318Anthropic strict schema: missing additionalProperties falseAnthropic strict tool input schema omits additionalProperties: falsequalitytool_jsonlintai-ai-security

SEC320server.json remotes: undefined template variableserver.json remotes URL references an undefined template variablequalityserver_jsonlintai-ai-security

SEC322server.json remotes: undefined header variableserver.json remotes header value references an undefined template variablequalityserver_jsonlintai-ai-security

SEC323server.json auth: missing explicit secret flagserver.json auth header carries material without an explicit secret flagqualityserver_jsonlintai-ai-security

SEC361Claude settings: missing `$schema`Claude settings file is missing a top-level `$schema` referencequalityclaude_settingslintai-ai-security

SEC363Claude settings: home-directory hook pathClaude settings hook command uses a home-directory path in a shared committed configqualityclaude_settingslintai-ai-security

SEC368Claude settings: repo-external absolute hook pathClaude settings hook command uses a repo-external absolute path in a shared committed configqualityclaude_settingslintai-ai-security

SEC381Claude settings: command hook missing `timeout`Claude settings command hook should set `timeout` in a shared committed configqualityclaude_settingslintai-ai-security

SEC382Claude settings: `matcher` on unsupported hook eventClaude settings should not use `matcher` on unsupported hook eventsqualityclaude_settingslintai-ai-security

SEC383Claude settings: missing `matcher` on matcher-capable hook eventClaude settings should set `matcher` on matcher-capable hook eventsqualityclaude_settingslintai-ai-security

SEC401Policy mismatch: executionProject policy forbids execution, but repository contains executable behaviorauditworkspacelintai-policy-mismatch

SEC402Policy mismatch: network accessProject policy forbids network access, but repository contains network behaviorauditworkspacelintai-policy-mismatch

SEC403Skill capabilities mismatchSkill frontmatter capabilities conflict with project policyauditworkspacelintai-policy-mismatch

Public Lane

Governance

235 rules

Shared authority and workflow policy review.

SEC303MCP config: credential env passthroughMCP configuration passes through credential environment variableshardeningjsonlintai-ai-security

SEC307Config: sensitive env forwardingConfiguration forwards sensitive environment variable referenceshardeningjsonlintai-ai-security

SEC336MCP client config: broad envFileRepo-local MCP client config loads a broad dotenv-style envFilehardeningjsonlintai-ai-security

SEC352AI markdown: unscoped Bash tool grantAI-native markdown frontmatter grants unscoped Bash tool accesshardeningmarkdownlintai-ai-security

SEC362Claude settings: wildcard Bash permissionsClaude settings permissions allow `Bash(*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC364Claude settings: bypassPermissions default modeClaude settings set `permissions.defaultMode` to `bypassPermissions` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC367Claude settings: wildcard WebFetch permissionsClaude settings permissions allow `WebFetch(*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC369Claude settings: wildcard Write permissionsClaude settings permissions allow `Write(*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC372Claude settings: wildcard Read permissionsClaude settings permissions allow `Read(*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC373Claude settings: wildcard Edit permissionsClaude settings permissions allow `Edit(*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC374Claude settings: wildcard WebSearch permissionsClaude settings permissions allow `WebSearch(*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC375Claude settings: wildcard Glob permissionsClaude settings permissions allow `Glob(*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC376Claude settings: wildcard Grep permissionsClaude settings permissions allow `Grep(*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC384Claude settings: bare WebSearch permissionsClaude settings permissions allow bare `WebSearch` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC385Claude settings: shared git push permissionsClaude settings permissions allow `Bash(git push)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC386Claude settings: shared git checkout permissionsClaude settings permissions allow `Bash(git checkout:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC387Claude settings: shared git commit permissionsClaude settings permissions allow `Bash(git commit:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC388Claude settings: shared git stash permissionsClaude settings permissions allow `Bash(git stash:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC389AI markdown: bare WebSearch tool grantAI-native markdown frontmatter grants bare `WebSearch` tool accesshardeningmarkdownlintai-ai-security

SEC390AI markdown: shared git push tool grantAI-native markdown frontmatter grants `Bash(git push)` tool accesshardeningmarkdownlintai-ai-security

SEC391AI markdown: shared git checkout tool grantAI-native markdown frontmatter grants `Bash(git checkout:*)` tool accesshardeningmarkdownlintai-ai-security

SEC392AI markdown: shared git commit tool grantAI-native markdown frontmatter grants `Bash(git commit:*)` tool accesshardeningmarkdownlintai-ai-security

SEC393AI markdown: shared git stash tool grantAI-native markdown frontmatter grants `Bash(git stash:*)` tool accesshardeningmarkdownlintai-ai-security

SEC394MCP config: wildcard auto-approveMCP configuration auto-approves all tools with `autoApprove: ["*"]`hardeningjsonlintai-ai-security

SEC395MCP config: autoApproveTools trueMCP configuration auto-approves all tools with `autoApproveTools: true`hardeningjsonlintai-ai-security

SEC396MCP config: trustTools trueMCP configuration fully trusts tools with `trustTools: true`hardeningjsonlintai-ai-security

SEC397MCP config: sandbox disabledMCP configuration disables sandboxing with `sandbox: false` or `disableSandbox: true`hardeningjsonlintai-ai-security

SEC398MCP config: wildcard capabilitiesMCP configuration grants all capabilities with `capabilities: ["*"]` or `capabilities: "*"`hardeningjsonlintai-ai-security

SEC399Claude settings: shared npx Bash permissionsClaude settings permissions allow `Bash(npx ...)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC400Claude settings: shared enabledMcpjsonServersClaude settings enable `enabledMcpjsonServers` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC404AI markdown: bare WebFetch tool grantAI-native markdown frontmatter grants bare `WebFetch` tool accesshardeningmarkdownlintai-ai-security

SEC405Claude settings: shared package install permissionsClaude settings permissions allow package installation commands in a shared committed confighardeningclaude_settingslintai-ai-security

SEC406Claude settings: shared git add permissionsClaude settings permissions allow `Bash(git add:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC407Claude settings: shared git clone permissionsClaude settings permissions allow `Bash(git clone:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC408Claude settings: shared gh pr permissionsClaude settings permissions allow `Bash(gh pr:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC409Claude settings: shared git fetch permissionsClaude settings permissions allow `Bash(git fetch:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC410Claude settings: shared git ls-remote permissionsClaude settings permissions allow `Bash(git ls-remote:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC411Claude settings: shared curl permissionsClaude settings permissions allow `Bash(curl:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC412Claude settings: shared wget permissionsClaude settings permissions allow `Bash(wget:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC413Claude settings: shared git config permissionsClaude settings permissions allow `Bash(git config:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC414Claude settings: shared git tag permissionsClaude settings permissions allow `Bash(git tag:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC415Claude settings: shared git branch permissionsClaude settings permissions allow `Bash(git branch:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC418Claude settings: shared raw.githubusercontent.com WebFetch permissionsClaude settings permissions allow `WebFetch(domain:raw.githubusercontent.com)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC419AI markdown: `Bash(curl:*)` tool grantAI-native markdown frontmatter grants `Bash(curl:*)` authorityhardeningmarkdownlintai-ai-security

SEC420AI markdown: `Bash(wget:*)` tool grantAI-native markdown frontmatter grants `Bash(wget:*)` authorityhardeningmarkdownlintai-ai-security

SEC421AI markdown: `Bash(git clone:*)` tool grantAI-native markdown frontmatter grants `Bash(git clone:*)` authorityhardeningmarkdownlintai-ai-security

SEC423AI markdown: bare Read tool grantAI-native markdown frontmatter grants bare `Read` tool accesshardeningmarkdownlintai-ai-security

SEC424AI markdown: bare Write tool grantAI-native markdown frontmatter grants bare `Write` tool accesshardeningmarkdownlintai-ai-security

SEC425AI markdown: bare Edit tool grantAI-native markdown frontmatter grants bare `Edit` tool accesshardeningmarkdownlintai-ai-security

SEC426AI markdown: bare Glob tool grantAI-native markdown frontmatter grants bare `Glob` tool accesshardeningmarkdownlintai-ai-security

SEC427AI markdown: bare Grep tool grantAI-native markdown frontmatter grants bare `Grep` tool accesshardeningmarkdownlintai-ai-security

SEC428AI markdown: unsafe Read path grantAI-native markdown frontmatter grants `Read(...)` over an unsafe repo-external pathhardeningmarkdownlintai-ai-security

SEC429AI markdown: unsafe Write path grantAI-native markdown frontmatter grants `Write(...)` over an unsafe repo-external pathhardeningmarkdownlintai-ai-security

SEC430AI markdown: unsafe Edit path grantAI-native markdown frontmatter grants `Edit(...)` over an unsafe repo-external pathhardeningmarkdownlintai-ai-security

SEC431AI markdown: unsafe Glob path grantAI-native markdown frontmatter grants `Glob(...)` over an unsafe repo-external pathhardeningmarkdownlintai-ai-security

SEC432AI markdown: `Bash(git add:*)` tool grantAI-native markdown frontmatter grants `Bash(git add:*)` authorityhardeningmarkdownlintai-ai-security

SEC433AI markdown: `Bash(git fetch:*)` tool grantAI-native markdown frontmatter grants `Bash(git fetch:*)` authorityhardeningmarkdownlintai-ai-security

SEC434AI markdown: raw.githubusercontent.com WebFetch grantAI-native markdown frontmatter grants `WebFetch(domain:raw.githubusercontent.com)` authorityhardeningmarkdownlintai-ai-security

SEC435AI markdown: `Bash(git config:*)` tool grantAI-native markdown frontmatter grants `Bash(git config:*)` authorityhardeningmarkdownlintai-ai-security

SEC436AI markdown: `Bash(git tag:*)` tool grantAI-native markdown frontmatter grants `Bash(git tag:*)` authorityhardeningmarkdownlintai-ai-security

SEC437AI markdown: `Bash(git branch:*)` tool grantAI-native markdown frontmatter grants `Bash(git branch:*)` authorityhardeningmarkdownlintai-ai-security

SEC438AI markdown: `Bash(git reset:*)` tool grantAI-native markdown frontmatter grants `Bash(git reset:*)` authorityhardeningmarkdownlintai-ai-security

SEC439AI markdown: `Bash(git clean:*)` tool grantAI-native markdown frontmatter grants `Bash(git clean:*)` authorityhardeningmarkdownlintai-ai-security

SEC440AI markdown: `Bash(git restore:*)` tool grantAI-native markdown frontmatter grants `Bash(git restore:*)` authorityhardeningmarkdownlintai-ai-security

SEC441AI markdown: `Bash(git rebase:*)` tool grantAI-native markdown frontmatter grants `Bash(git rebase:*)` authorityhardeningmarkdownlintai-ai-security

SEC442AI markdown: `Bash(git merge:*)` tool grantAI-native markdown frontmatter grants `Bash(git merge:*)` authorityhardeningmarkdownlintai-ai-security

SEC443AI markdown: `Bash(git cherry-pick:*)` tool grantAI-native markdown frontmatter grants `Bash(git cherry-pick:*)` authorityhardeningmarkdownlintai-ai-security

SEC444AI markdown: `Bash(git apply:*)` tool grantAI-native markdown frontmatter grants `Bash(git apply:*)` authorityhardeningmarkdownlintai-ai-security

SEC445AI markdown: `Bash(git am:*)` tool grantAI-native markdown frontmatter grants `Bash(git am:*)` authorityhardeningmarkdownlintai-ai-security

SEC447AI markdown: package installation tool grantAI-native markdown frontmatter grants package installation authorityhardeningmarkdownlintai-ai-security

SEC463AI markdown: `Bash(sudo:*)` tool grantAI-native markdown frontmatter grants `Bash(sudo:*)` authorityhardeningmarkdownlintai-ai-security

SEC466AI markdown: `Bash(rm:*)` tool grantAI-native markdown frontmatter grants `Bash(rm:*)` authorityhardeningmarkdownlintai-ai-security

SEC467AI markdown: `Bash(chmod:*)` tool grantAI-native markdown frontmatter grants `Bash(chmod:*)` authorityhardeningmarkdownlintai-ai-security

SEC468AI markdown: `Bash(chown:*)` tool grantAI-native markdown frontmatter grants `Bash(chown:*)` authorityhardeningmarkdownlintai-ai-security

SEC469AI markdown: `Bash(chgrp:*)` tool grantAI-native markdown frontmatter grants `Bash(chgrp:*)` authorityhardeningmarkdownlintai-ai-security

SEC470AI markdown: `Bash(su:*)` tool grantAI-native markdown frontmatter grants `Bash(su:*)` authorityhardeningmarkdownlintai-ai-security

SEC474AI markdown: shared gh pr tool grantAI-native markdown frontmatter grants `Bash(gh pr:*)` tool accesshardeningmarkdownlintai-ai-security

SEC475Claude settings: unsafe Read path permissionsClaude settings permissions allow `Read(...)` over an unsafe path in a shared committed confighardeningclaude_settingslintai-ai-security

SEC476Claude settings: unsafe Write path permissionsClaude settings permissions allow `Write(...)` over an unsafe path in a shared committed confighardeningclaude_settingslintai-ai-security

SEC477Claude settings: unsafe Edit path permissionsClaude settings permissions allow `Edit(...)` over an unsafe path in a shared committed confighardeningclaude_settingslintai-ai-security

SEC478Claude settings: shared git reset permissionsClaude settings permissions allow `Bash(git reset:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC479Claude settings: shared git clean permissionsClaude settings permissions allow `Bash(git clean:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC480Claude settings: shared git restore permissionsClaude settings permissions allow `Bash(git restore:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC481Claude settings: shared git rebase permissionsClaude settings permissions allow `Bash(git rebase:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC482Claude settings: shared git merge permissionsClaude settings permissions allow `Bash(git merge:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC483Claude settings: shared git cherry-pick permissionsClaude settings permissions allow `Bash(git cherry-pick:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC484Claude settings: shared git apply permissionsClaude settings permissions allow `Bash(git apply:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC485Claude settings: shared git am permissionsClaude settings permissions allow `Bash(git am:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC486Claude settings: unsafe Glob path permissionsClaude settings permissions allow `Glob(...)` over an unsafe path in a shared committed confighardeningclaude_settingslintai-ai-security

SEC487Claude settings: unsafe Grep path permissionsClaude settings permissions allow `Grep(...)` over an unsafe path in a shared committed confighardeningclaude_settingslintai-ai-security

SEC488Claude settings: shared uvx Bash permissionsClaude settings permissions allow `Bash(uvx ...)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC489Claude settings: shared pnpm dlx Bash permissionsClaude settings permissions allow `Bash(pnpm dlx ...)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC490Claude settings: shared yarn dlx Bash permissionsClaude settings permissions allow `Bash(yarn dlx ...)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC491Claude settings: shared pipx run Bash permissionsClaude settings permissions allow `Bash(pipx run ...)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC492Claude settings: shared npm exec Bash permissionsClaude settings permissions allow `Bash(npm exec ...)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC493Claude settings: shared bunx Bash permissionsClaude settings permissions allow `Bash(bunx ...)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC494AI markdown: shared npm exec tool grantAI-native markdown frontmatter grants `Bash(npm exec:*)` tool accesshardeningmarkdownlintai-ai-security

SEC495AI markdown: shared bunx tool grantAI-native markdown frontmatter grants `Bash(bunx:*)` tool accesshardeningmarkdownlintai-ai-security

SEC496AI markdown: shared uvx tool grantAI-native markdown frontmatter grants `Bash(uvx:*)` tool accesshardeningmarkdownlintai-ai-security

SEC497AI markdown: shared pnpm dlx tool grantAI-native markdown frontmatter grants `Bash(pnpm dlx:*)` tool accesshardeningmarkdownlintai-ai-security

SEC498AI markdown: shared yarn dlx tool grantAI-native markdown frontmatter grants `Bash(yarn dlx:*)` tool accesshardeningmarkdownlintai-ai-security

SEC499AI markdown: shared pipx run tool grantAI-native markdown frontmatter grants `Bash(pipx run:*)` tool accesshardeningmarkdownlintai-ai-security

SEC500AI markdown: shared npx tool grantAI-native markdown frontmatter grants `Bash(npx:*)` tool accesshardeningmarkdownlintai-ai-security

SEC501AI markdown: shared git ls-remote tool grantAI-native markdown frontmatter grants `Bash(git ls-remote:*)` tool accesshardeningmarkdownlintai-ai-security

SEC502Claude settings: shared gh api POST permissionsClaude settings permissions allow `Bash(gh api --method POST:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC503Claude settings: shared gh issue create permissionsClaude settings permissions allow `Bash(gh issue create:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC504Claude settings: shared gh repo create permissionsClaude settings permissions allow `Bash(gh repo create:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC505AI markdown: shared gh api POST tool grantAI-native markdown frontmatter grants `Bash(gh api --method POST:*)` tool accesshardeningmarkdownlintai-ai-security

SEC506AI markdown: shared gh issue create tool grantAI-native markdown frontmatter grants `Bash(gh issue create:*)` tool accesshardeningmarkdownlintai-ai-security

SEC507AI markdown: shared gh repo create tool grantAI-native markdown frontmatter grants `Bash(gh repo create:*)` tool accesshardeningmarkdownlintai-ai-security

SEC508Claude settings: shared gh secret set permissionsClaude settings permissions allow `Bash(gh secret set:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC509Claude settings: shared gh variable set permissionsClaude settings permissions allow `Bash(gh variable set:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC510Claude settings: shared gh workflow run permissionsClaude settings permissions allow `Bash(gh workflow run:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC511AI markdown: shared gh secret set tool grantAI-native markdown frontmatter grants `Bash(gh secret set:*)` tool accesshardeningmarkdownlintai-ai-security

SEC512AI markdown: shared gh variable set tool grantAI-native markdown frontmatter grants `Bash(gh variable set:*)` tool accesshardeningmarkdownlintai-ai-security

SEC513AI markdown: shared gh workflow run tool grantAI-native markdown frontmatter grants `Bash(gh workflow run:*)` tool accesshardeningmarkdownlintai-ai-security

SEC514Claude settings: shared gh secret delete permissionsClaude settings permissions allow `Bash(gh secret delete:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC515Claude settings: shared gh variable delete permissionsClaude settings permissions allow `Bash(gh variable delete:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC516Claude settings: shared gh workflow disable permissionsClaude settings permissions allow `Bash(gh workflow disable:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC517AI markdown: shared gh secret delete tool grantAI-native markdown frontmatter grants `Bash(gh secret delete:*)` tool accesshardeningmarkdownlintai-ai-security

SEC518AI markdown: shared gh variable delete tool grantAI-native markdown frontmatter grants `Bash(gh variable delete:*)` tool accesshardeningmarkdownlintai-ai-security

SEC519AI markdown: shared gh workflow disable tool grantAI-native markdown frontmatter grants `Bash(gh workflow disable:*)` tool accesshardeningmarkdownlintai-ai-security

SEC520AI markdown: `Read(*)` wildcard tool grantAI-native markdown frontmatter grants `Read(*)` wildcard accesshardeningmarkdownlintai-ai-security

SEC521AI markdown: `Write(*)` wildcard tool grantAI-native markdown frontmatter grants `Write(*)` wildcard accesshardeningmarkdownlintai-ai-security

SEC522AI markdown: `Edit(*)` wildcard tool grantAI-native markdown frontmatter grants `Edit(*)` wildcard accesshardeningmarkdownlintai-ai-security

SEC523AI markdown: `Glob(*)` wildcard tool grantAI-native markdown frontmatter grants `Glob(*)` wildcard accesshardeningmarkdownlintai-ai-security

SEC524AI markdown: `Grep(*)` wildcard tool grantAI-native markdown frontmatter grants `Grep(*)` wildcard accesshardeningmarkdownlintai-ai-security

SEC525AI markdown: `WebFetch(*)` wildcard tool grantAI-native markdown frontmatter grants `WebFetch(*)` wildcard accesshardeningmarkdownlintai-ai-security

SEC526AI markdown: `WebSearch(*)` wildcard tool grantAI-native markdown frontmatter grants `WebSearch(*)` wildcard accesshardeningmarkdownlintai-ai-security

SEC527AI markdown: `Bash(*)` wildcard tool grantAI-native markdown frontmatter grants `Bash(*)` wildcard accesshardeningmarkdownlintai-ai-security

SEC528Claude settings: shared gh api DELETE permissionsClaude settings permissions allow `Bash(gh api --method DELETE:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC529AI markdown: shared gh api DELETE tool grantAI-native markdown frontmatter grants `Bash(gh api --method DELETE:*)` tool accesshardeningmarkdownlintai-ai-security

SEC530Claude settings: shared gh api PATCH permissionsClaude settings permissions allow `Bash(gh api --method PATCH:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC531Claude settings: shared gh api PUT permissionsClaude settings permissions allow `Bash(gh api --method PUT:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC532AI markdown: shared gh api PATCH tool grantAI-native markdown frontmatter grants `Bash(gh api --method PATCH:*)` tool accesshardeningmarkdownlintai-ai-security

SEC533AI markdown: shared gh api PUT tool grantAI-native markdown frontmatter grants `Bash(gh api --method PUT:*)` tool accesshardeningmarkdownlintai-ai-security

SEC534Claude settings: shared gh repo delete permissionsClaude settings permissions allow `Bash(gh repo delete:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC535AI markdown: shared gh repo delete tool grantAI-native markdown frontmatter grants `Bash(gh repo delete:*)` tool accesshardeningmarkdownlintai-ai-security

SEC536Claude settings: shared gh release delete permissionsClaude settings permissions allow `Bash(gh release delete:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC537AI markdown: shared gh release delete tool grantAI-native markdown frontmatter grants `Bash(gh release delete:*)` tool accesshardeningmarkdownlintai-ai-security

SEC538Claude settings: shared gh repo edit permissionsClaude settings permissions allow `Bash(gh repo edit:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC539AI markdown: shared gh repo edit tool grantAI-native markdown frontmatter grants `Bash(gh repo edit:*)` tool accesshardeningmarkdownlintai-ai-security

SEC540Claude settings: shared gh release create permissionsClaude settings permissions allow `Bash(gh release create:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC541AI markdown: shared gh release create tool grantAI-native markdown frontmatter grants `Bash(gh release create:*)` tool accesshardeningmarkdownlintai-ai-security

SEC542Claude settings: shared gh repo transfer permissionsClaude settings permissions allow `Bash(gh repo transfer:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC543AI markdown: shared gh repo transfer tool grantAI-native markdown frontmatter grants `Bash(gh repo transfer:*)` tool accesshardeningmarkdownlintai-ai-security

SEC544Claude settings: shared gh release upload permissionsClaude settings permissions allow `Bash(gh release upload:*)` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC545AI markdown: shared gh release upload tool grantAI-native markdown frontmatter grants `Bash(gh release upload:*)` tool accesshardeningmarkdownlintai-ai-security

SEC546MCP config: Bash(*) auto-approveMCP configuration auto-approves blanket shell execution with `autoApprove: ["Bash(*)"]`hardeningjsonlintai-ai-security

SEC547MCP config: curl auto-approveMCP configuration auto-approves `Bash(curl:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC548MCP config: wget auto-approveMCP configuration auto-approves `Bash(wget:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC549MCP config: sudo auto-approveMCP configuration auto-approves `Bash(sudo:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC550MCP config: rm auto-approveMCP configuration auto-approves `Bash(rm:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC551MCP config: git push auto-approveMCP configuration auto-approves `Bash(git push)` through `autoApprove`hardeningjsonlintai-ai-security

SEC552MCP config: gh api POST auto-approveMCP configuration auto-approves `Bash(gh api --method POST:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC553MCP config: git checkout auto-approveMCP configuration auto-approves `Bash(git checkout:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC554MCP config: git commit auto-approveMCP configuration auto-approves `Bash(git commit:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC555MCP config: git reset auto-approveMCP configuration auto-approves `Bash(git reset:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC556MCP config: git clean auto-approveMCP configuration auto-approves `Bash(git clean:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC557MCP config: gh api DELETE auto-approveMCP configuration auto-approves `Bash(gh api --method DELETE:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC558MCP config: gh api PATCH auto-approveMCP configuration auto-approves `Bash(gh api --method PATCH:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC559MCP config: gh api PUT auto-approveMCP configuration auto-approves `Bash(gh api --method PUT:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC560MCP config: gh issue create auto-approveMCP configuration auto-approves `Bash(gh issue create:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC561MCP config: gh repo create auto-approveMCP configuration auto-approves `Bash(gh repo create:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC562MCP config: gh repo delete auto-approveMCP configuration auto-approves `Bash(gh repo delete:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC563MCP config: gh repo edit auto-approveMCP configuration auto-approves `Bash(gh repo edit:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC564MCP config: gh secret set auto-approveMCP configuration auto-approves `Bash(gh secret set:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC565MCP config: gh variable set auto-approveMCP configuration auto-approves `Bash(gh variable set:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC566MCP config: gh workflow run auto-approveMCP configuration auto-approves `Bash(gh workflow run:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC567MCP config: Read wildcard auto-approveMCP configuration auto-approves `Read(*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC568MCP config: Write wildcard auto-approveMCP configuration auto-approves `Write(*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC569MCP config: Edit wildcard auto-approveMCP configuration auto-approves `Edit(*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC570MCP config: Glob wildcard auto-approveMCP configuration auto-approves `Glob(*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC571MCP config: Grep wildcard auto-approveMCP configuration auto-approves `Grep(*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC572MCP config: WebFetch wildcard auto-approveMCP configuration auto-approves `WebFetch(*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC573MCP config: WebSearch wildcard auto-approveMCP configuration auto-approves `WebSearch(*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC574MCP config: Read unsafe path auto-approveMCP configuration auto-approves `Read(...)` over an unsafe path through `autoApprove`hardeningjsonlintai-ai-security

SEC575MCP config: Write unsafe path auto-approveMCP configuration auto-approves `Write(...)` over an unsafe path through `autoApprove`hardeningjsonlintai-ai-security

SEC576MCP config: Edit unsafe path auto-approveMCP configuration auto-approves `Edit(...)` over an unsafe path through `autoApprove`hardeningjsonlintai-ai-security

SEC577MCP config: Glob unsafe path auto-approveMCP configuration auto-approves `Glob(...)` over an unsafe path through `autoApprove`hardeningjsonlintai-ai-security

SEC578MCP config: Grep unsafe path auto-approveMCP configuration auto-approves `Grep(...)` over an unsafe path through `autoApprove`hardeningjsonlintai-ai-security

SEC579MCP config: gh secret delete auto-approveMCP configuration auto-approves `Bash(gh secret delete:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC580MCP config: gh variable delete auto-approveMCP configuration auto-approves `Bash(gh variable delete:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC581MCP config: gh workflow disable auto-approveMCP configuration auto-approves `Bash(gh workflow disable:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC582MCP config: gh repo transfer auto-approveMCP configuration auto-approves `Bash(gh repo transfer:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC583MCP config: gh release create auto-approveMCP configuration auto-approves `Bash(gh release create:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC584MCP config: gh release delete auto-approveMCP configuration auto-approves `Bash(gh release delete:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC585MCP config: gh release upload auto-approveMCP configuration auto-approves `Bash(gh release upload:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC586MCP config: npx auto-approveMCP configuration auto-approves `Bash(npx ...)` through `autoApprove`hardeningjsonlintai-ai-security

SEC587MCP config: uvx auto-approveMCP configuration auto-approves `Bash(uvx ...)` through `autoApprove`hardeningjsonlintai-ai-security

SEC588MCP config: npm exec auto-approveMCP configuration auto-approves `Bash(npm exec ...)` through `autoApprove`hardeningjsonlintai-ai-security

SEC589MCP config: bunx auto-approveMCP configuration auto-approves `Bash(bunx ...)` through `autoApprove`hardeningjsonlintai-ai-security

SEC590MCP config: pnpm dlx auto-approveMCP configuration auto-approves `Bash(pnpm dlx ...)` through `autoApprove`hardeningjsonlintai-ai-security

SEC591MCP config: yarn dlx auto-approveMCP configuration auto-approves `Bash(yarn dlx ...)` through `autoApprove`hardeningjsonlintai-ai-security

SEC592MCP config: pipx run auto-approveMCP configuration auto-approves `Bash(pipx run ...)` through `autoApprove`hardeningjsonlintai-ai-security

SEC593MCP config: package install auto-approveMCP configuration auto-approves package installation commands through `autoApprove`hardeningjsonlintai-ai-security

SEC594MCP config: git clone auto-approveMCP configuration auto-approves `Bash(git clone:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC595MCP config: git fetch auto-approveMCP configuration auto-approves `Bash(git fetch:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC596MCP config: git ls-remote auto-approveMCP configuration auto-approves `Bash(git ls-remote:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC597MCP config: git add auto-approveMCP configuration auto-approves `Bash(git add:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC598MCP config: git config auto-approveMCP configuration auto-approves `Bash(git config:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC599MCP config: git tag auto-approveMCP configuration auto-approves `Bash(git tag:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC600MCP config: git branch auto-approveMCP configuration auto-approves `Bash(git branch:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC601MCP config: gh pr auto-approveMCP configuration auto-approves `Bash(gh pr:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC602MCP config: git stash auto-approveMCP configuration auto-approves `Bash(git stash:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC603MCP config: git restore auto-approveMCP configuration auto-approves `Bash(git restore:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC604MCP config: git rebase auto-approveMCP configuration auto-approves `Bash(git rebase:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC605MCP config: git merge auto-approveMCP configuration auto-approves `Bash(git merge:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC606MCP config: git cherry-pick auto-approveMCP configuration auto-approves `Bash(git cherry-pick:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC607MCP config: git apply auto-approveMCP configuration auto-approves `Bash(git apply:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC608MCP config: git am auto-approveMCP configuration auto-approves `Bash(git am:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC609MCP config: crontab auto-approveMCP configuration auto-approves `Bash(crontab:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC610MCP config: systemctl enable auto-approveMCP configuration auto-approves `Bash(systemctl enable:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC611MCP config: launchctl load auto-approveMCP configuration auto-approves `Bash(launchctl load:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC612MCP config: launchctl bootstrap auto-approveMCP configuration auto-approves `Bash(launchctl bootstrap:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC613MCP config: chmod auto-approveMCP configuration auto-approves `Bash(chmod:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC614MCP config: chown auto-approveMCP configuration auto-approves `Bash(chown:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC615MCP config: chgrp auto-approveMCP configuration auto-approves `Bash(chgrp:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC616MCP config: su auto-approveMCP configuration auto-approves `Bash(su:*)` through `autoApprove`hardeningjsonlintai-ai-security

SEC617MCP config: raw.githubusercontent.com WebFetch auto-approveMCP configuration auto-approves `WebFetch(domain:raw.githubusercontent.com)` through `autoApprove`hardeningjsonlintai-ai-security

SEC618MCP config: bare Read auto-approveMCP configuration auto-approves bare `Read` through `autoApprove`hardeningjsonlintai-ai-security

SEC619MCP config: bare Write auto-approveMCP configuration auto-approves bare `Write` through `autoApprove`hardeningjsonlintai-ai-security

SEC620MCP config: bare Edit auto-approveMCP configuration auto-approves bare `Edit` through `autoApprove`hardeningjsonlintai-ai-security

SEC621MCP config: bare Glob auto-approveMCP configuration auto-approves bare `Glob` through `autoApprove`hardeningjsonlintai-ai-security

SEC622MCP config: bare Grep auto-approveMCP configuration auto-approves bare `Grep` through `autoApprove`hardeningjsonlintai-ai-security

SEC623MCP config: bare WebFetch auto-approveMCP configuration auto-approves bare `WebFetch` through `autoApprove`hardeningjsonlintai-ai-security

SEC624MCP config: bare WebSearch auto-approveMCP configuration auto-approves bare `WebSearch` through `autoApprove`hardeningjsonlintai-ai-security

SEC625MCP config: bare Bash auto-approveMCP configuration auto-approves bare `Bash` through `autoApprove`hardeningjsonlintai-ai-security

SEC626Claude settings: bare Bash permissionsClaude settings permissions allow bare `Bash` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC627Claude settings: bare Read permissionsClaude settings permissions allow bare `Read` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC628Claude settings: bare Write permissionsClaude settings permissions allow bare `Write` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC629Claude settings: bare Edit permissionsClaude settings permissions allow bare `Edit` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC630Claude settings: bare Glob permissionsClaude settings permissions allow bare `Glob` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC631Claude settings: bare Grep permissionsClaude settings permissions allow bare `Grep` in a shared committed confighardeningclaude_settingslintai-ai-security

SEC632Claude settings: bare WebFetch permissionsClaude settings permissions allow bare `WebFetch` in a shared committed confighardeningclaude_settingslintai-ai-security

Public Lane

Guidance

15 rules

Advice-oriented guidance and maintainability review.

SEC353Copilot instructions: exceeds 4000 charsGitHub Copilot instruction markdown exceeds the 4000-character guidance limitqualitymarkdownlintai-ai-security

SEC354Copilot instructions: missing `applyTo`Path-specific GitHub Copilot instruction markdown is missing `applyTo` frontmatterqualitymarkdownlintai-ai-security

SEC355AI markdown: wildcard tool grantAI-native markdown frontmatter grants wildcard tool accesshardeningmarkdownlintai-ai-security

SEC356Plugin agent: `permissionMode` in frontmatterPlugin agent frontmatter sets `permissionMode`qualitymarkdownlintai-ai-security

SEC357Plugin agent: `hooks` in frontmatterPlugin agent frontmatter sets `hooks`qualitymarkdownlintai-ai-security

SEC358Plugin agent: `mcpServers` in frontmatterPlugin agent frontmatter sets `mcpServers`qualitymarkdownlintai-ai-security

SEC359Cursor rule: `alwaysApply` typeCursor rule frontmatter `alwaysApply` must be booleanqualitymarkdownlintai-ai-security

SEC360Cursor rule: `globs` typeCursor rule frontmatter `globs` must be a sequence of patternsqualitymarkdownlintai-ai-security

SEC370Copilot instructions: wrong path-specific suffixPath-specific GitHub Copilot instruction markdown under `.github/instructions/` uses the wrong file suffixqualitymarkdownlintai-ai-security

SEC371Copilot instructions: invalid `applyTo` shapePath-specific GitHub Copilot instruction markdown has an invalid `applyTo` shapequalitymarkdownlintai-ai-security

SEC377Copilot instructions: invalid `applyTo` globPath-specific GitHub Copilot instruction markdown has an invalid `applyTo` glob patternqualitymarkdownlintai-ai-security

SEC378Cursor rule: redundant `globs` with `alwaysApply`Cursor rule frontmatter should not set `globs` when `alwaysApply` is `true`qualitymarkdownlintai-ai-security

SEC379Cursor rule: unknown frontmatter keyCursor rule frontmatter contains an unknown keyqualitymarkdownlintai-ai-security

SEC380Cursor rule: missing `description`Cursor rule frontmatter should include `description`qualitymarkdownlintai-ai-security

SEC416AI markdown: Claude bare pip installAI-native markdown models Claude package installation with bare `pip install` despite explicit `uv` preference guidancequalitymarkdownlintai-ai-security

Public Lane

Advisory

1 rules

Installed-package advisory review.

SEC756Dependency vulnerability: installed npm package versionInstalled npm dependency version matches an offline vulnerability advisorysecurityworkspacelintai-dep-vulns