Rule Reference

SEC367lintai-ai-securitygovernancehardeningstableclaude_settingswarn

Claude settings: wildcard WebFetch permissions

Claude settings permissions allow `WebFetch(*)` in a shared committed config

Public lane: governance
Category: hardening
Provider: lintai-ai-security
Scope: per-file
Surface: claude_settings
Tier: stable
Severity: warn
Confidence: high
Detection: structural
Remediation: message only

How to read this lane

Shared authority and workflow policy review.

How to read this category

Least-privilege, provenance, or operational hygiene signal.

Activation Model

Preset Activation

These presets explain where this rule appears in the product experience.

governancesidecar lane

claudesurface preset

Lifecycle

Stable Lifecycle Contract

State

stable

Graduation rationale

Checks shared Claude settings permissions for explicit wildcard `WebFetch(*)` grants.

Deterministic signal basis

ClaudeSettingsSignals exact string detection for `WebFetch(*)` inside permissions.allow on parsed Claude settings JSON.

Malicious corpus

claude-settings-webfetch-wildcard

Benign corpus

claude-settings-webfetch-specific-safe

structured evidence required remediation reviewed

Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC362Claude settings: wildcard Bash permissionsClaude settings permissions allow `Bash(*)` in a shared committed configgovernancehardeningclaude_settings

SEC364Claude settings: bypassPermissions default modeClaude settings set `permissions.defaultMode` to `bypassPermissions` in a shared committed configgovernancehardeningclaude_settings

SEC369Claude settings: wildcard Write permissionsClaude settings permissions allow `Write(*)` in a shared committed configgovernancehardeningclaude_settings

SEC372Claude settings: wildcard Read permissionsClaude settings permissions allow `Read(*)` in a shared committed configgovernancehardeningclaude_settings

SEC373Claude settings: wildcard Edit permissionsClaude settings permissions allow `Edit(*)` in a shared committed configgovernancehardeningclaude_settings

SEC374Claude settings: wildcard WebSearch permissionsClaude settings permissions allow `WebSearch(*)` in a shared committed configgovernancehardeningclaude_settings

Why It Matters

SEC367 flags committed Claude settings files when permissions.allow contains the exact wildcard network grant WebFetch(*).

This is useful because:

shared .claude/settings.json files are often copied between repos and teams
WebFetch(*) grants broad outbound fetch capability instead of a reviewed allowlist
broad network access is harder to review and increases accidental exfiltration or policy drift risk

What Triggers

This rule applies only to committed Claude settings surfaces:

.claude/settings.json
claude/settings.json

It triggers when:

permissions.allow contains the exact string WebFetch(*)

It does not trigger on:

narrower reviewed patterns such as WebFetch(https://api.example.com/*)
fixture-like test/example paths

Examples

Bad:

json

{
  "permissions": {
    "allow": ["WebFetch(*)", "Read(*)"]
  }
}

Better:

json

{
  "permissions": {
    "allow": ["WebFetch(https://api.example.com/*)", "Read(*)"]
  }
}

Remediation

replace WebFetch(*) with specific reviewed fetch patterns
keep shared network permissions as narrow as possible for the repo's actual workflows

Claude settings: wildcard WebFetch permissions

Preset Activation

Stable Lifecycle Contract

Related Rules

Why It Matters ​

What Triggers ​

Examples ​

Remediation ​

Why It Matters

What Triggers

Examples

Remediation