lintai docs

Appearance

Rule Reference

SEC641lintai-ai-securitythreat-reviewsecuritystableclaude_settingswarn

Claude settings: command hook root deletion

Claude settings command hook attempts destructive root deletion

Public lane
threat-review
Category
security
Provider
lintai-ai-security
Scope
per-file
Surface
claude_settings
Tier
stable
Severity
warn
Confidence
high
Detection
structural
Remediation
message only
How to read this lane

Explicit malicious, secret-bearing, or spyware-like review.

How to read this category

Strong exploit, secret, or unsafe-execution signal.

Activation Model

Preset Activation

These presets explain where this rule appears in the product experience.

threat-reviewsidecar lane
claudesurface preset

Lifecycle

Stable Lifecycle Contract

State

stable

Graduation rationale

Checks committed Claude settings command hooks for explicit `rm`-style destructive root deletion payloads.

Deterministic signal basis

ClaudeSettingsSignals command-hook string analysis over committed hook entries with type == command for `rm` with recursive+force flags targeting `/` or using `--no-preserve-root`.

Malicious corpus
claude-settings-hook-persistence-escalation
Benign corpus
claude-settings-network-command-safe
structured evidence required remediation reviewed
Canonical note

Structural stable rule positioned as an explicit threat-review control: high-signal malicious, credential-bearing, or spyware-like behavior that stays opt-in rather than shaping the quiet default.

Nearby Signals

Related Rules

SEC642Claude settings: command hook password file accessClaude settings command hook accesses a sensitive system password filethreat-reviewsecurityclaude_settings
SEC643Claude settings: command hook shell profile writeClaude settings command hook writes to a shell profile startup filethreat-reviewsecurityclaude_settings
SEC644Claude settings: command hook authorized_keys writeClaude settings command hook writes to SSH authorized_keysthreat-reviewsecurityclaude_settings
SEC655Claude settings: command hook cron persistenceClaude settings command hook manipulates cron persistencethreat-reviewsecurityclaude_settings
SEC656Claude settings: command hook systemd persistenceClaude settings command hook registers a systemd service or unit for persistencethreat-reviewsecurityclaude_settings
SEC657Claude settings: command hook launchd persistenceClaude settings command hook registers a launchd plist for persistencethreat-reviewsecurityclaude_settings

Why It Matters

Claude command hooks run automatically from shared settings. A hook that can wipe / turns a repo config file into a host-destruction primitive.

What Triggers

SEC641 matches Claude settings command hooks whose command runs rm with recursive and force semantics against / or uses --no-preserve-root.

False Positives

This is rare and usually intentional if present. In shared committed Claude settings, that should still be treated as unsafe.

Remediation

Remove the root-targeting delete command from the hook. If cleanup is necessary, scope it to a reviewed workspace path and avoid destructive host-level flags.