Rule Reference

SEC418lintai-ai-securitygovernancehardeningstableclaude_settingswarn

Claude settings: shared raw.githubusercontent.com WebFetch permissions

Claude settings permissions allow `WebFetch(domain:raw.githubusercontent.com)` in a shared committed config

Public lane: governance
Category: hardening
Provider: lintai-ai-security
Scope: per-file
Surface: claude_settings
Tier: stable
Severity: warn
Confidence: high
Detection: structural
Remediation: message only

How to read this lane

Shared authority and workflow policy review.

How to read this category

Least-privilege, provenance, or operational hygiene signal.

Activation Model

Preset Activation

These presets explain where this rule appears in the product experience.

governancesidecar lane

claudesurface preset

Lifecycle

Stable Lifecycle Contract

State

stable

Graduation rationale

Checks shared Claude settings permissions for explicit raw GitHub content fetch grants.

Deterministic signal basis

ClaudeSettingsSignals exact string detection for `WebFetch(domain:raw.githubusercontent.com)` inside permissions.allow on parsed Claude settings JSON.

Malicious corpus

claude-settings-webfetch-raw-github-permission

Benign corpus

claude-settings-webfetch-raw-github-fixture-safe

structured evidence required remediation reviewed

Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC362Claude settings: wildcard Bash permissionsClaude settings permissions allow `Bash(*)` in a shared committed configgovernancehardeningclaude_settings

SEC364Claude settings: bypassPermissions default modeClaude settings set `permissions.defaultMode` to `bypassPermissions` in a shared committed configgovernancehardeningclaude_settings

SEC367Claude settings: wildcard WebFetch permissionsClaude settings permissions allow `WebFetch(*)` in a shared committed configgovernancehardeningclaude_settings

SEC369Claude settings: wildcard Write permissionsClaude settings permissions allow `Write(*)` in a shared committed configgovernancehardeningclaude_settings

SEC372Claude settings: wildcard Read permissionsClaude settings permissions allow `Read(*)` in a shared committed configgovernancehardeningclaude_settings

SEC373Claude settings: wildcard Edit permissionsClaude settings permissions allow `Edit(*)` in a shared committed configgovernancehardeningclaude_settings

SEC418 / CLAUDE-WEBFETCH-RAW-GITHUB

Claude settings permissions allow WebFetch(domain:raw.githubusercontent.com) in a shared committed config.

Why It Matters

raw.githubusercontent.com serves direct repository file contents. Granting fetch access to that domain in shared Claude settings makes it easy for an agent to pull mutable remote content outside the normal repository review path.

Trigger Shape

This rule applies to committed shared Claude settings files and triggers only on the exact permission token:

WebFetch(domain:raw.githubusercontent.com)

Clean Cases

WebFetch(domain:developers.openai.com)
WebFetch(domain:github.com)
no WebFetch grants at all

Example Trigger

json

{
  "permissions": {
    "allow": [
      "WebFetch(domain:raw.githubusercontent.com)"
    ]
  }
}

How To Fix

remove the raw-content fetch grant
or replace it with a narrower reviewed documentation source

Claude settings: shared raw.githubusercontent.com WebFetch permissions

Preset Activation

Stable Lifecycle Contract

Related Rules

SEC418 / CLAUDE-WEBFETCH-RAW-GITHUB ​

Why It Matters ​

Trigger Shape ​

Clean Cases ​

Example Trigger ​