lintai docs

Appearance

Rule Reference

SEC363lintai-ai-securitycompatqualitypreviewclaude_settingswarn

Claude settings: home-directory hook path

Claude settings hook command uses a home-directory path in a shared committed config

Public lane
compat
Category
quality
Provider
lintai-ai-security
Scope
per-file
Surface
claude_settings
Tier
preview
Severity
warn
Confidence
high
Detection
structural
Remediation
message only
How to read this lane

Config, schema, and policy contract review.

How to read this category

Contract, schema, or config correctness signal.

Activation Model

Preset Activation

These presets explain where this rule appears in the product experience.

compatsidecar lane
claudesurface preset

Lifecycle

Stable Lifecycle Contract

State

stable

Graduation rationale

Checks shared committed Claude settings for hook commands rooted in the home directory.

Deterministic signal basis

ClaudeSettingsSignals exact command-path analysis for home-directory rooted hook commands in parsed Claude settings JSON.

Malicious corpus
claude-settings-home-directory-hook-path
Benign corpus
claude-settings-home-directory-safe-project-scoped
structured evidence required remediation reviewed
Canonical note

Structural preview rule; deterministic today, but the preview contract may still evolve.

Nearby Signals

Related Rules

SEC361Claude settings: missing `$schema`Claude settings file is missing a top-level `$schema` referencecompatqualityclaude_settings
SEC368Claude settings: repo-external absolute hook pathClaude settings hook command uses a repo-external absolute path in a shared committed configcompatqualityclaude_settings
SEC381Claude settings: command hook missing `timeout`Claude settings command hook should set `timeout` in a shared committed configcompatqualityclaude_settings
SEC382Claude settings: `matcher` on unsupported hook eventClaude settings should not use `matcher` on unsupported hook eventscompatqualityclaude_settings
SEC383Claude settings: missing `matcher` on matcher-capable hook eventClaude settings should set `matcher` on matcher-capable hook eventscompatqualityclaude_settings
SEC365Claude settings: non-HTTPS allowed HTTP hook URLClaude settings allow non-HTTPS HTTP hook URLs in a shared committed configsupply-chainhardeningclaude_settings

Why It Matters

SEC363 flags committed Claude settings hook commands that start from a user home-directory path such as $HOME/, /Users/, or /home/.

This is useful because:

  • shared Claude settings in git are team-facing configuration, not one machine's personal dotfiles
  • home-directory hook paths are brittle and make setup harder to review, audit, and reproduce
  • project-scoped wrapper paths are easier for teams to understand and maintain

Positioning

This is a compat rule, not a headline security finding. The issue is portability and shared-config correctness, not exploitability by itself.

What Triggers

This rule applies only to committed Claude settings surfaces:

  • .claude/settings.json
  • claude/settings.json

It triggers when a hooks entry with type: "command" has a command string that starts with:

  • $HOME/
  • /Users/
  • /home/

It does not trigger on:

  • project-scoped paths rooted in $CLAUDE_PROJECT_DIR
  • commands that merely redirect output into $HOME/...
  • fixture-like test/example paths

Examples

Bad:

json
{
  "hooks": {
    "Stop": [
      {
        "hooks": [
          {
            "type": "command",
            "command": "$HOME/.claude/hooks/audit.sh"
          }
        ]
      }
    ]
  }
}

Better:

json
{
  "hooks": {
    "Stop": [
      {
        "hooks": [
          {
            "type": "command",
            "command": "$CLAUDE_PROJECT_DIR/scripts/audit.sh"
          }
        ]
      }
    ]
  }
}

Remediation

  • replace home-directory hook commands with project-scoped wrappers
  • prefer repo-relative launch paths rooted in $CLAUDE_PROJECT_DIR
  • keep shared Claude settings portable across machines