lintai docs

Appearance

Rule Reference

SEC374lintai-ai-securitygovernancehardeningstableclaude_settingswarn

Claude settings: wildcard WebSearch permissions

Claude settings permissions allow `WebSearch(*)` in a shared committed config

Public lane
governance
Category
hardening
Provider
lintai-ai-security
Scope
per-file
Surface
claude_settings
Tier
stable
Severity
warn
Confidence
high
Detection
structural
Remediation
message only
How to read this lane

Shared authority and workflow policy review.

How to read this category

Least-privilege, provenance, or operational hygiene signal.

Activation Model

Preset Activation

These presets explain where this rule appears in the product experience.

governancesidecar lane
claudesurface preset

Lifecycle

Stable Lifecycle Contract

State

stable

Graduation rationale

Checks shared Claude settings permissions for explicit wildcard `WebSearch(*)` grants.

Deterministic signal basis

ClaudeSettingsSignals exact string detection for `WebSearch(*)` inside permissions.allow on parsed Claude settings JSON.

Malicious corpus
claude-settings-websearch-wildcard
Benign corpus
claude-settings-websearch-specific-safe
structured evidence required remediation reviewed
Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC362Claude settings: wildcard Bash permissionsClaude settings permissions allow `Bash(*)` in a shared committed configgovernancehardeningclaude_settings
SEC364Claude settings: bypassPermissions default modeClaude settings set `permissions.defaultMode` to `bypassPermissions` in a shared committed configgovernancehardeningclaude_settings
SEC367Claude settings: wildcard WebFetch permissionsClaude settings permissions allow `WebFetch(*)` in a shared committed configgovernancehardeningclaude_settings
SEC369Claude settings: wildcard Write permissionsClaude settings permissions allow `Write(*)` in a shared committed configgovernancehardeningclaude_settings
SEC372Claude settings: wildcard Read permissionsClaude settings permissions allow `Read(*)` in a shared committed configgovernancehardeningclaude_settings
SEC373Claude settings: wildcard Edit permissionsClaude settings permissions allow `Edit(*)` in a shared committed configgovernancehardeningclaude_settings

Why It Matters

SEC374 flags committed Claude settings files when permissions.allow contains the exact wildcard search grant WebSearch(*).

This is useful because:

  • shared Claude settings often become team-wide defaults by copy/paste
  • WebSearch(*) grants broad search capability instead of a reviewed allowlist
  • broad search access is harder to defend in code review when a workflow only needs a narrow, documented search surface

What Triggers

This rule applies only to committed Claude settings surfaces:

  • .claude/settings.json
  • claude/settings.json

It triggers when:

  • permissions.allow contains the exact string WebSearch(*)

It does not trigger on:

  • narrower reviewed patterns such as WebSearch(site:docs.example.com)
  • fixture-like test/example paths

Examples

Bad:

json
{
  "permissions": {
    "allow": ["WebSearch(*)", "Read(*)"]
  }
}

Better:

json
{
  "permissions": {
    "allow": ["WebSearch(site:docs.example.com)", "Read(*)"]
  }
}

Remediation

  • replace WebSearch(*) with specific reviewed search patterns
  • scope shared search permissions to the narrowest set of queries or domains the workflow actually needs