lintai docs

Appearance

Catalog-Driven Reference

Rule Reference

This is the primary browsing surface for shipped lintai rules. The goal is fast scanning first, then deep rule context once you open a page.

Generated machine truthMetadata is exported directly from the Rust catalog.
Human-authored proseExamples, caveats, and remediation live in checked-in Markdown.
Stable identity modelCanonical identity is provider-qualified, not SECxxx-qualified.

Start With These

These are the current highest-signal community-facing rules based on the latest external validation work:

  • SEC352: unscoped Bash grants in AI-native frontmatter
  • SEC347: markdown MCP setup through mutable package runners
  • SEC340: Claude hook commands using mutable package launchers
  • SEC329: committed mcp.json using mutable package launchers

Provider

lintai-ai-security

460 rules
SEC101HTML comment: dangerous instructionsHidden HTML comment contains dangerous agent instructionspreviewmarkdown
SEC102Markdown: remote execution instructionMarkdown contains remote download-and-execute instruction outside code blockspreviewmarkdown
SEC103HTML comment: remote execution instructionHidden HTML comment contains remote download-and-execute instructionpreviewmarkdown
SEC104Markdown: base64 executable payloadMarkdown contains a base64-decoded executable payload outside code blockspreviewmarkdown
SEC105Markdown: parent-directory file accessMarkdown instructions reference parent-directory traversal for file accesspreviewmarkdown
SEC201Hook script: remote code executionHook script downloads remote code and executes itstablehook
SEC202Hook script: secret exfiltrationHook script appears to exfiltrate secrets through a network callstablehook
SEC203Hook script: insecure HTTP secret sendHook script sends secret material to an insecure http:// endpointstablehook
SEC204Hook script: TLS verification disabledHook script disables TLS or certificate verification for a network callstablehook
SEC205Hook script: hardcoded auth in network callHook script embeds static authentication material in a network callstablehook
SEC206Hook script: base64 payload executionHook script decodes a base64 payload and executes itstablehook
SEC301MCP config: shell trampolineMCP configuration shells out through sh -c or bash -cstablejson
SEC302Config: insecure HTTP endpointConfiguration contains an insecure http:// endpointstablejson
SEC303MCP config: credential env passthroughMCP configuration passes through credential environment variablesstablejson
SEC304Config: TLS verification disabledConfiguration disables TLS or certificate verificationstablejson
SEC305Config: hardcoded auth materialConfiguration embeds static authentication material in a connection or auth valuestablejson
SEC306JSON config: hidden override instructionsJSON configuration description contains override-style hidden instructionspreviewjson
SEC307Config: sensitive env forwardingConfiguration forwards sensitive environment variable referencespreviewjson
SEC308Config: suspicious remote endpointConfiguration points at a suspicious remote endpointpreviewjson
SEC309Config: literal secrets in configConfiguration commits literal secret material in env, auth, or header valuesstablejson
SEC310Config: metadata or private-network hostConfiguration endpoint targets a metadata or private-network host literalstablejson
SEC311Cursor plugin: unsafe path traversalCursor plugin manifest contains an unsafe absolute or parent-traversing pathstablejson
SEC312Markdown: private key materialMarkdown contains committed private key materialstablemarkdown
SEC313Shell example: remote content piped to shellFenced shell example pipes remote content directly into a shellpreviewmarkdown
SEC314Tool descriptor: missing machine fieldsMCP-style tool descriptor is missing required machine fieldsstabletool_json
SEC315Tool descriptors: duplicate tool namesMCP-style tool descriptor collection contains duplicate tool namesstabletool_json
SEC316OpenAI strict schema: missing additionalProperties falseOpenAI strict tool schema omits recursive additionalProperties: falsestabletool_json
SEC317OpenAI strict schema: properties not all requiredOpenAI strict tool schema does not require every declared propertystabletool_json
SEC318Anthropic strict schema: missing additionalProperties falseAnthropic strict tool input schema omits additionalProperties: falsestabletool_json
SEC319server.json remotes: insecure or private URLserver.json remotes entry uses an insecure or non-public remote URLstableserver_json
SEC320server.json remotes: undefined template variableserver.json remotes URL references an undefined template variablestableserver_json
SEC321server.json remotes: literal auth headerserver.json remotes header commits literal authentication materialstableserver_json
SEC322server.json remotes: undefined header variableserver.json remotes header value references an undefined template variablestableserver_json
SEC323server.json auth: missing explicit secret flagserver.json auth header carries material without an explicit secret flagpreviewserver_json
SEC324GitHub Actions: unpinned third-party actionGitHub Actions workflow uses a third-party action that is not pinned to a full commit SHAstablegithub_workflow
SEC325GitHub Actions: untrusted expression in runGitHub Actions workflow interpolates untrusted expression data directly inside a run commandpreviewgithub_workflow
SEC326GitHub Actions: pull_request_target checkoutGitHub Actions pull_request_target workflow checks out untrusted pull request head contentstablegithub_workflow
SEC327GitHub Actions: write-all tokenGitHub Actions workflow grants GITHUB_TOKEN write-all permissionsstablegithub_workflow
SEC328GitHub Actions: write-capable third-party actionGitHub Actions workflow combines explicit write-capable permissions with a third-party actionpreviewgithub_workflow
SEC329MCP config: mutable package runnerMCP configuration launches tooling through a mutable package runnerstablejson
SEC330MCP config: remote content piped to shellMCP configuration command downloads remote content and pipes it into a shellstablejson
SEC331MCP config: TLS verification disabledMCP configuration command disables TLS verification in a network-capable execution pathstablejson
SEC335AI markdown: metadata-service accessAI-native markdown contains a direct cloud metadata-service access examplepreviewmarkdown
SEC336MCP client config: broad envFileRepo-local MCP client config loads a broad dotenv-style envFilepreviewjson
SEC337MCP config: Docker image not digest-pinnedMCP configuration launches Docker with an image reference that is not digest-pinnedstablejson
SEC338MCP config: sensitive host bind mountMCP configuration launches Docker with a bind mount of sensitive host materialstablejson
SEC339MCP config: privileged Docker flagsMCP configuration launches Docker with a host-escape or privileged runtime flagstablejson
SEC340Claude hook: mutable package launcherClaude settings command hook uses a mutable package launcherstableclaude_settings
SEC341Claude hook: remote content piped to shellClaude settings command hook downloads remote content and pipes it into a shellstableclaude_settings
SEC342Claude hook: TLS verification disabledClaude settings command hook disables TLS verification in a network-capable execution pathstableclaude_settings
SEC343Plugin hook: mutable package launcherPlugin hook command uses a mutable package launcherstablejson
SEC344Plugin hook: remote content piped to shellPlugin hook command downloads remote content and pipes it into a shellstablejson
SEC345Plugin hook: TLS verification disabledPlugin hook command disables TLS verification in a network-capable execution pathstablejson
SEC346MCP config: mutable registry refreshMCP configuration forces Docker to refresh from a mutable registry sourcestablejson
SEC347AI markdown: MCP via mutable package runnerAI-native markdown example launches MCP through a mutable package runnerpreviewmarkdown
SEC348AI markdown: mutable Docker imageAI-native markdown Docker example uses a mutable registry imagepreviewmarkdown
SEC349AI markdown: privileged Docker patternAI-native markdown Docker example uses a host-escape or privileged runtime patternpreviewmarkdown
SEC350Instruction markdown: untrusted content promotedInstruction markdown promotes untrusted external content to developer/system-level instructionspreviewmarkdown
SEC351AI instruction: disables user approvalAI-native instruction explicitly disables user approval or confirmationpreviewmarkdown
SEC352AI markdown: unscoped Bash tool grantAI-native markdown frontmatter grants unscoped Bash tool accessstablemarkdown
SEC353Copilot instructions: exceeds 4000 charsGitHub Copilot instruction markdown exceeds the 4000-character guidance limitpreviewmarkdown
SEC354Copilot instructions: missing `applyTo`Path-specific GitHub Copilot instruction markdown is missing `applyTo` frontmatterpreviewmarkdown
SEC355AI markdown: wildcard tool grantAI-native markdown frontmatter grants wildcard tool accesspreviewmarkdown
SEC356Plugin agent: `permissionMode` in frontmatterPlugin agent frontmatter sets `permissionMode`previewmarkdown
SEC357Plugin agent: `hooks` in frontmatterPlugin agent frontmatter sets `hooks`previewmarkdown
SEC358Plugin agent: `mcpServers` in frontmatterPlugin agent frontmatter sets `mcpServers`previewmarkdown
SEC359Cursor rule: `alwaysApply` typeCursor rule frontmatter `alwaysApply` must be booleanpreviewmarkdown
SEC360Cursor rule: `globs` typeCursor rule frontmatter `globs` must be a sequence of patternspreviewmarkdown
SEC361Claude settings: missing `$schema`Claude settings file is missing a top-level `$schema` referencepreviewclaude_settings
SEC362Claude settings: wildcard Bash permissionsClaude settings permissions allow `Bash(*)` in a shared committed configstableclaude_settings
SEC363Claude settings: home-directory hook pathClaude settings hook command uses a home-directory path in a shared committed configpreviewclaude_settings
SEC364Claude settings: bypassPermissions default modeClaude settings set `permissions.defaultMode` to `bypassPermissions` in a shared committed configstableclaude_settings
SEC365Claude settings: non-HTTPS allowed HTTP hook URLClaude settings allow non-HTTPS HTTP hook URLs in a shared committed configpreviewclaude_settings
SEC366Claude settings: dangerous HTTP hook host literalClaude settings allow dangerous host literals in `allowedHttpHookUrls`previewclaude_settings
SEC367Claude settings: wildcard WebFetch permissionsClaude settings permissions allow `WebFetch(*)` in a shared committed configstableclaude_settings
SEC368Claude settings: repo-external absolute hook pathClaude settings hook command uses a repo-external absolute path in a shared committed configpreviewclaude_settings
SEC369Claude settings: wildcard Write permissionsClaude settings permissions allow `Write(*)` in a shared committed configstableclaude_settings
SEC370Copilot instructions: wrong path-specific suffixPath-specific GitHub Copilot instruction markdown under `.github/instructions/` uses the wrong file suffixpreviewmarkdown
SEC371Copilot instructions: invalid `applyTo` shapePath-specific GitHub Copilot instruction markdown has an invalid `applyTo` shapepreviewmarkdown
SEC372Claude settings: wildcard Read permissionsClaude settings permissions allow `Read(*)` in a shared committed configstableclaude_settings
SEC373Claude settings: wildcard Edit permissionsClaude settings permissions allow `Edit(*)` in a shared committed configstableclaude_settings
SEC374Claude settings: wildcard WebSearch permissionsClaude settings permissions allow `WebSearch(*)` in a shared committed configstableclaude_settings
SEC375Claude settings: wildcard Glob permissionsClaude settings permissions allow `Glob(*)` in a shared committed configstableclaude_settings
SEC376Claude settings: wildcard Grep permissionsClaude settings permissions allow `Grep(*)` in a shared committed configstableclaude_settings
SEC377Copilot instructions: invalid `applyTo` globPath-specific GitHub Copilot instruction markdown has an invalid `applyTo` glob patternpreviewmarkdown
SEC378Cursor rule: redundant `globs` with `alwaysApply`Cursor rule frontmatter should not set `globs` when `alwaysApply` is `true`previewmarkdown
SEC379Cursor rule: unknown frontmatter keyCursor rule frontmatter contains an unknown keypreviewmarkdown
SEC380Cursor rule: missing `description`Cursor rule frontmatter should include `description`previewmarkdown
SEC381Claude settings: command hook missing `timeout`Claude settings command hook should set `timeout` in a shared committed configpreviewclaude_settings
SEC382Claude settings: `matcher` on unsupported hook eventClaude settings should not use `matcher` on unsupported hook eventspreviewclaude_settings
SEC383Claude settings: missing `matcher` on matcher-capable hook eventClaude settings should set `matcher` on matcher-capable hook eventspreviewclaude_settings
SEC384Claude settings: bare WebSearch permissionsClaude settings permissions allow bare `WebSearch` in a shared committed configstableclaude_settings
SEC385Claude settings: shared git push permissionsClaude settings permissions allow `Bash(git push)` in a shared committed configpreviewclaude_settings
SEC386Claude settings: shared git checkout permissionsClaude settings permissions allow `Bash(git checkout:*)` in a shared committed configpreviewclaude_settings
SEC387Claude settings: shared git commit permissionsClaude settings permissions allow `Bash(git commit:*)` in a shared committed configpreviewclaude_settings
SEC388Claude settings: shared git stash permissionsClaude settings permissions allow `Bash(git stash:*)` in a shared committed configpreviewclaude_settings
SEC389AI markdown: bare WebSearch tool grantAI-native markdown frontmatter grants bare `WebSearch` tool accesspreviewmarkdown
SEC390AI markdown: shared git push tool grantAI-native markdown frontmatter grants `Bash(git push)` tool accesspreviewmarkdown
SEC391AI markdown: shared git checkout tool grantAI-native markdown frontmatter grants `Bash(git checkout:*)` tool accesspreviewmarkdown
SEC392AI markdown: shared git commit tool grantAI-native markdown frontmatter grants `Bash(git commit:*)` tool accesspreviewmarkdown
SEC393AI markdown: shared git stash tool grantAI-native markdown frontmatter grants `Bash(git stash:*)` tool accesspreviewmarkdown
SEC394MCP config: wildcard auto-approveMCP configuration auto-approves all tools with `autoApprove: ["*"]`stablejson
SEC395MCP config: autoApproveTools trueMCP configuration auto-approves all tools with `autoApproveTools: true`stablejson
SEC396MCP config: trustTools trueMCP configuration fully trusts tools with `trustTools: true`stablejson
SEC397MCP config: sandbox disabledMCP configuration disables sandboxing with `sandbox: false` or `disableSandbox: true`stablejson
SEC398MCP config: wildcard capabilitiesMCP configuration grants all capabilities with `capabilities: ["*"]` or `capabilities: "*"`stablejson
SEC399Claude settings: shared npx Bash permissionsClaude settings permissions allow `Bash(npx ...)` in a shared committed configpreviewclaude_settings
SEC400Claude settings: shared enabledMcpjsonServersClaude settings enable `enabledMcpjsonServers` in a shared committed configstableclaude_settings
SEC404AI markdown: bare WebFetch tool grantAI-native markdown frontmatter grants bare `WebFetch` tool accesspreviewmarkdown
SEC405Claude settings: shared package install permissionsClaude settings permissions allow package installation commands in a shared committed configstableclaude_settings
SEC406Claude settings: shared git add permissionsClaude settings permissions allow `Bash(git add:*)` in a shared committed configpreviewclaude_settings
SEC407Claude settings: shared git clone permissionsClaude settings permissions allow `Bash(git clone:*)` in a shared committed configpreviewclaude_settings
SEC408Claude settings: shared gh pr permissionsClaude settings permissions allow `Bash(gh pr:*)` in a shared committed configpreviewclaude_settings
SEC409Claude settings: shared git fetch permissionsClaude settings permissions allow `Bash(git fetch:*)` in a shared committed configpreviewclaude_settings
SEC410Claude settings: shared git ls-remote permissionsClaude settings permissions allow `Bash(git ls-remote:*)` in a shared committed configpreviewclaude_settings
SEC411Claude settings: shared curl permissionsClaude settings permissions allow `Bash(curl:*)` in a shared committed configstableclaude_settings
SEC412Claude settings: shared wget permissionsClaude settings permissions allow `Bash(wget:*)` in a shared committed configstableclaude_settings
SEC413Claude settings: shared git config permissionsClaude settings permissions allow `Bash(git config:*)` in a shared committed configstableclaude_settings
SEC414Claude settings: shared git tag permissionsClaude settings permissions allow `Bash(git tag:*)` in a shared committed configstableclaude_settings
SEC415Claude settings: shared git branch permissionsClaude settings permissions allow `Bash(git branch:*)` in a shared committed configstableclaude_settings
SEC416AI markdown: Claude bare pip installAI-native markdown models Claude package installation with bare `pip install` despite explicit `uv` preference guidancepreviewmarkdown
SEC417AI markdown: unpinned pip git installAI-native markdown installs Python packages from an unpinned `git+https://` sourcestablemarkdown
SEC418Claude settings: shared raw.githubusercontent.com WebFetch permissionsClaude settings permissions allow `WebFetch(domain:raw.githubusercontent.com)` in a shared committed configstableclaude_settings
SEC419AI markdown: `Bash(curl:*)` tool grantAI-native markdown frontmatter grants `Bash(curl:*)` authoritypreviewmarkdown
SEC420AI markdown: `Bash(wget:*)` tool grantAI-native markdown frontmatter grants `Bash(wget:*)` authoritypreviewmarkdown
SEC421AI markdown: `Bash(git clone:*)` tool grantAI-native markdown frontmatter grants `Bash(git clone:*)` authoritypreviewmarkdown
SEC422MCP config: sudo commandMCP configuration launches the server through `sudo`stablejson
SEC423AI markdown: bare Read tool grantAI-native markdown frontmatter grants bare `Read` tool accessstablemarkdown
SEC424AI markdown: bare Write tool grantAI-native markdown frontmatter grants bare `Write` tool accessstablemarkdown
SEC425AI markdown: bare Edit tool grantAI-native markdown frontmatter grants bare `Edit` tool accessstablemarkdown
SEC426AI markdown: bare Glob tool grantAI-native markdown frontmatter grants bare `Glob` tool accessstablemarkdown
SEC427AI markdown: bare Grep tool grantAI-native markdown frontmatter grants bare `Grep` tool accessstablemarkdown
SEC428AI markdown: unsafe Read path grantAI-native markdown frontmatter grants `Read(...)` over an unsafe repo-external pathstablemarkdown
SEC429AI markdown: unsafe Write path grantAI-native markdown frontmatter grants `Write(...)` over an unsafe repo-external pathstablemarkdown
SEC430AI markdown: unsafe Edit path grantAI-native markdown frontmatter grants `Edit(...)` over an unsafe repo-external pathstablemarkdown
SEC431AI markdown: unsafe Glob path grantAI-native markdown frontmatter grants `Glob(...)` over an unsafe repo-external pathstablemarkdown
SEC432AI markdown: `Bash(git add:*)` tool grantAI-native markdown frontmatter grants `Bash(git add:*)` authoritystablemarkdown
SEC433AI markdown: `Bash(git fetch:*)` tool grantAI-native markdown frontmatter grants `Bash(git fetch:*)` authoritystablemarkdown
SEC434AI markdown: raw.githubusercontent.com WebFetch grantAI-native markdown frontmatter grants `WebFetch(domain:raw.githubusercontent.com)` authoritystablemarkdown
SEC435AI markdown: `Bash(git config:*)` tool grantAI-native markdown frontmatter grants `Bash(git config:*)` authoritystablemarkdown
SEC436AI markdown: `Bash(git tag:*)` tool grantAI-native markdown frontmatter grants `Bash(git tag:*)` authoritystablemarkdown
SEC437AI markdown: `Bash(git branch:*)` tool grantAI-native markdown frontmatter grants `Bash(git branch:*)` authoritystablemarkdown
SEC438AI markdown: `Bash(git reset:*)` tool grantAI-native markdown frontmatter grants `Bash(git reset:*)` authoritystablemarkdown
SEC439AI markdown: `Bash(git clean:*)` tool grantAI-native markdown frontmatter grants `Bash(git clean:*)` authoritystablemarkdown
SEC440AI markdown: `Bash(git restore:*)` tool grantAI-native markdown frontmatter grants `Bash(git restore:*)` authoritystablemarkdown
SEC441AI markdown: `Bash(git rebase:*)` tool grantAI-native markdown frontmatter grants `Bash(git rebase:*)` authoritystablemarkdown
SEC442AI markdown: `Bash(git merge:*)` tool grantAI-native markdown frontmatter grants `Bash(git merge:*)` authoritystablemarkdown
SEC443AI markdown: `Bash(git cherry-pick:*)` tool grantAI-native markdown frontmatter grants `Bash(git cherry-pick:*)` authoritystablemarkdown
SEC444AI markdown: `Bash(git apply:*)` tool grantAI-native markdown frontmatter grants `Bash(git apply:*)` authoritystablemarkdown
SEC445AI markdown: `Bash(git am:*)` tool grantAI-native markdown frontmatter grants `Bash(git am:*)` authoritystablemarkdown
SEC446MCP config: sudo first argumentMCP configuration passes `sudo` as the first launch argumentstablejson
SEC447AI markdown: package installation tool grantAI-native markdown frontmatter grants package installation authoritystablemarkdown
SEC448AI markdown: pip trusted-hostAI-native markdown installs Python packages with `--trusted-host`stablemarkdown
SEC449AI markdown: pip http indexAI-native markdown installs Python packages from an insecure `http://` package indexstablemarkdown
SEC450AI markdown: npm http registryAI-native markdown installs JavaScript packages from an insecure `http://` registrystablemarkdown
SEC451AI markdown: cargo http git installAI-native markdown installs Rust packages from an insecure `http://` git sourcestablemarkdown
SEC452AI markdown: cargo http indexAI-native markdown installs Rust packages from an insecure `http://` indexstablemarkdown
SEC453AI markdown: pip http sourceAI-native markdown installs Python packages from an insecure direct `http://` sourcestablemarkdown
SEC454AI markdown: npm http sourceAI-native markdown installs JavaScript packages from an insecure direct `http://` sourcestablemarkdown
SEC455AI markdown: pip http git installAI-native markdown installs Python packages from an insecure `git+http://` sourcestablemarkdown
SEC456AI markdown: pip http find-linksAI-native markdown installs Python packages with insecure `http://` find-linksstablemarkdown
SEC457AI markdown: js package strict-ssl falseAI-native markdown disables strict SSL verification for JavaScript package manager configstablemarkdown
SEC458AI markdown: pip config http indexAI-native markdown configures Python package resolution with an insecure `http://` package indexstablemarkdown
SEC459AI markdown: js package config http registryAI-native markdown configures a JavaScript package manager with an insecure `http://` registrystablemarkdown
SEC460AI markdown: pip config http find-linksAI-native markdown configures Python package discovery with insecure `http://` find-linksstablemarkdown
SEC461AI markdown: pip config trusted-hostAI-native markdown configures Python package resolution with `trusted-host`stablemarkdown
SEC462AI markdown: network TLS bypassAI-native markdown disables TLS verification for a network-capable commandstablemarkdown
SEC463AI markdown: `Bash(sudo:*)` tool grantAI-native markdown frontmatter grants `Bash(sudo:*)` authoritystablemarkdown
SEC464AI markdown: git http cloneAI-native markdown clones a Git repository from an insecure `http://` sourcestablemarkdown
SEC465AI markdown: git http remoteAI-native markdown configures a Git remote with an insecure `http://` sourcestablemarkdown
SEC466AI markdown: `Bash(rm:*)` tool grantAI-native markdown frontmatter grants `Bash(rm:*)` authoritystablemarkdown
SEC467AI markdown: `Bash(chmod:*)` tool grantAI-native markdown frontmatter grants `Bash(chmod:*)` authoritystablemarkdown
SEC468AI markdown: `Bash(chown:*)` tool grantAI-native markdown frontmatter grants `Bash(chown:*)` authoritystablemarkdown
SEC469AI markdown: `Bash(chgrp:*)` tool grantAI-native markdown frontmatter grants `Bash(chgrp:*)` authoritystablemarkdown
SEC470AI markdown: `Bash(su:*)` tool grantAI-native markdown frontmatter grants `Bash(su:*)` authoritystablemarkdown
SEC471AI markdown: git sslVerify falseAI-native markdown disables Git TLS verification with `http.sslVerify false`stablemarkdown
SEC472AI markdown: GIT_SSL_NO_VERIFYAI-native markdown disables Git TLS verification with `GIT_SSL_NO_VERIFY`stablemarkdown
SEC473AI markdown: git inline sslVerify falseAI-native markdown disables Git TLS verification with `git -c http.sslVerify=false`stablemarkdown
SEC474AI markdown: shared gh pr tool grantAI-native markdown frontmatter grants `Bash(gh pr:*)` tool accesspreviewmarkdown
SEC475Claude settings: unsafe Read path permissionsClaude settings permissions allow `Read(...)` over an unsafe path in a shared committed configstableclaude_settings
SEC476Claude settings: unsafe Write path permissionsClaude settings permissions allow `Write(...)` over an unsafe path in a shared committed configstableclaude_settings
SEC477Claude settings: unsafe Edit path permissionsClaude settings permissions allow `Edit(...)` over an unsafe path in a shared committed configstableclaude_settings
SEC478Claude settings: shared git reset permissionsClaude settings permissions allow `Bash(git reset:*)` in a shared committed configpreviewclaude_settings
SEC479Claude settings: shared git clean permissionsClaude settings permissions allow `Bash(git clean:*)` in a shared committed configpreviewclaude_settings
SEC480Claude settings: shared git restore permissionsClaude settings permissions allow `Bash(git restore:*)` in a shared committed configpreviewclaude_settings
SEC481Claude settings: shared git rebase permissionsClaude settings permissions allow `Bash(git rebase:*)` in a shared committed configpreviewclaude_settings
SEC482Claude settings: shared git merge permissionsClaude settings permissions allow `Bash(git merge:*)` in a shared committed configpreviewclaude_settings
SEC483Claude settings: shared git cherry-pick permissionsClaude settings permissions allow `Bash(git cherry-pick:*)` in a shared committed configpreviewclaude_settings
SEC484Claude settings: shared git apply permissionsClaude settings permissions allow `Bash(git apply:*)` in a shared committed configpreviewclaude_settings
SEC485Claude settings: shared git am permissionsClaude settings permissions allow `Bash(git am:*)` in a shared committed configpreviewclaude_settings
SEC486Claude settings: unsafe Glob path permissionsClaude settings permissions allow `Glob(...)` over an unsafe path in a shared committed configstableclaude_settings
SEC487Claude settings: unsafe Grep path permissionsClaude settings permissions allow `Grep(...)` over an unsafe path in a shared committed configstableclaude_settings
SEC488Claude settings: shared uvx Bash permissionsClaude settings permissions allow `Bash(uvx ...)` in a shared committed configpreviewclaude_settings
SEC489Claude settings: shared pnpm dlx Bash permissionsClaude settings permissions allow `Bash(pnpm dlx ...)` in a shared committed configpreviewclaude_settings
SEC490Claude settings: shared yarn dlx Bash permissionsClaude settings permissions allow `Bash(yarn dlx ...)` in a shared committed configpreviewclaude_settings
SEC491Claude settings: shared pipx run Bash permissionsClaude settings permissions allow `Bash(pipx run ...)` in a shared committed configpreviewclaude_settings
SEC492Claude settings: shared npm exec Bash permissionsClaude settings permissions allow `Bash(npm exec ...)` in a shared committed configpreviewclaude_settings
SEC493Claude settings: shared bunx Bash permissionsClaude settings permissions allow `Bash(bunx ...)` in a shared committed configpreviewclaude_settings
SEC494AI markdown: shared npm exec tool grantAI-native markdown frontmatter grants `Bash(npm exec:*)` tool accesspreviewmarkdown
SEC495AI markdown: shared bunx tool grantAI-native markdown frontmatter grants `Bash(bunx:*)` tool accesspreviewmarkdown
SEC496AI markdown: shared uvx tool grantAI-native markdown frontmatter grants `Bash(uvx:*)` tool accesspreviewmarkdown
SEC497AI markdown: shared pnpm dlx tool grantAI-native markdown frontmatter grants `Bash(pnpm dlx:*)` tool accesspreviewmarkdown
SEC498AI markdown: shared yarn dlx tool grantAI-native markdown frontmatter grants `Bash(yarn dlx:*)` tool accesspreviewmarkdown
SEC499AI markdown: shared pipx run tool grantAI-native markdown frontmatter grants `Bash(pipx run:*)` tool accesspreviewmarkdown
SEC500AI markdown: shared npx tool grantAI-native markdown frontmatter grants `Bash(npx:*)` tool accesspreviewmarkdown
SEC501AI markdown: shared git ls-remote tool grantAI-native markdown frontmatter grants `Bash(git ls-remote:*)` tool accesspreviewmarkdown
SEC502Claude settings: shared gh api POST permissionsClaude settings permissions allow `Bash(gh api --method POST:*)` in a shared committed configstableclaude_settings
SEC503Claude settings: shared gh issue create permissionsClaude settings permissions allow `Bash(gh issue create:*)` in a shared committed configstableclaude_settings
SEC504Claude settings: shared gh repo create permissionsClaude settings permissions allow `Bash(gh repo create:*)` in a shared committed configstableclaude_settings
SEC505AI markdown: shared gh api POST tool grantAI-native markdown frontmatter grants `Bash(gh api --method POST:*)` tool accessstablemarkdown
SEC506AI markdown: shared gh issue create tool grantAI-native markdown frontmatter grants `Bash(gh issue create:*)` tool accessstablemarkdown
SEC507AI markdown: shared gh repo create tool grantAI-native markdown frontmatter grants `Bash(gh repo create:*)` tool accessstablemarkdown
SEC508Claude settings: shared gh secret set permissionsClaude settings permissions allow `Bash(gh secret set:*)` in a shared committed configstableclaude_settings
SEC509Claude settings: shared gh variable set permissionsClaude settings permissions allow `Bash(gh variable set:*)` in a shared committed configstableclaude_settings
SEC510Claude settings: shared gh workflow run permissionsClaude settings permissions allow `Bash(gh workflow run:*)` in a shared committed configstableclaude_settings
SEC511AI markdown: shared gh secret set tool grantAI-native markdown frontmatter grants `Bash(gh secret set:*)` tool accessstablemarkdown
SEC512AI markdown: shared gh variable set tool grantAI-native markdown frontmatter grants `Bash(gh variable set:*)` tool accessstablemarkdown
SEC513AI markdown: shared gh workflow run tool grantAI-native markdown frontmatter grants `Bash(gh workflow run:*)` tool accessstablemarkdown
SEC514Claude settings: shared gh secret delete permissionsClaude settings permissions allow `Bash(gh secret delete:*)` in a shared committed configstableclaude_settings
SEC515Claude settings: shared gh variable delete permissionsClaude settings permissions allow `Bash(gh variable delete:*)` in a shared committed configstableclaude_settings
SEC516Claude settings: shared gh workflow disable permissionsClaude settings permissions allow `Bash(gh workflow disable:*)` in a shared committed configstableclaude_settings
SEC517AI markdown: shared gh secret delete tool grantAI-native markdown frontmatter grants `Bash(gh secret delete:*)` tool accessstablemarkdown
SEC518AI markdown: shared gh variable delete tool grantAI-native markdown frontmatter grants `Bash(gh variable delete:*)` tool accessstablemarkdown
SEC519AI markdown: shared gh workflow disable tool grantAI-native markdown frontmatter grants `Bash(gh workflow disable:*)` tool accessstablemarkdown
SEC520AI markdown: `Read(*)` wildcard tool grantAI-native markdown frontmatter grants `Read(*)` wildcard accessstablemarkdown
SEC521AI markdown: `Write(*)` wildcard tool grantAI-native markdown frontmatter grants `Write(*)` wildcard accessstablemarkdown
SEC522AI markdown: `Edit(*)` wildcard tool grantAI-native markdown frontmatter grants `Edit(*)` wildcard accessstablemarkdown
SEC523AI markdown: `Glob(*)` wildcard tool grantAI-native markdown frontmatter grants `Glob(*)` wildcard accessstablemarkdown
SEC524AI markdown: `Grep(*)` wildcard tool grantAI-native markdown frontmatter grants `Grep(*)` wildcard accessstablemarkdown
SEC525AI markdown: `WebFetch(*)` wildcard tool grantAI-native markdown frontmatter grants `WebFetch(*)` wildcard accessstablemarkdown
SEC526AI markdown: `WebSearch(*)` wildcard tool grantAI-native markdown frontmatter grants `WebSearch(*)` wildcard accessstablemarkdown
SEC527AI markdown: `Bash(*)` wildcard tool grantAI-native markdown frontmatter grants `Bash(*)` wildcard accessstablemarkdown
SEC528Claude settings: shared gh api DELETE permissionsClaude settings permissions allow `Bash(gh api --method DELETE:*)` in a shared committed configstableclaude_settings
SEC529AI markdown: shared gh api DELETE tool grantAI-native markdown frontmatter grants `Bash(gh api --method DELETE:*)` tool accessstablemarkdown
SEC530Claude settings: shared gh api PATCH permissionsClaude settings permissions allow `Bash(gh api --method PATCH:*)` in a shared committed configstableclaude_settings
SEC531Claude settings: shared gh api PUT permissionsClaude settings permissions allow `Bash(gh api --method PUT:*)` in a shared committed configstableclaude_settings
SEC532AI markdown: shared gh api PATCH tool grantAI-native markdown frontmatter grants `Bash(gh api --method PATCH:*)` tool accessstablemarkdown
SEC533AI markdown: shared gh api PUT tool grantAI-native markdown frontmatter grants `Bash(gh api --method PUT:*)` tool accessstablemarkdown
SEC534Claude settings: shared gh repo delete permissionsClaude settings permissions allow `Bash(gh repo delete:*)` in a shared committed configstableclaude_settings
SEC535AI markdown: shared gh repo delete tool grantAI-native markdown frontmatter grants `Bash(gh repo delete:*)` tool accessstablemarkdown
SEC536Claude settings: shared gh release delete permissionsClaude settings permissions allow `Bash(gh release delete:*)` in a shared committed configstableclaude_settings
SEC537AI markdown: shared gh release delete tool grantAI-native markdown frontmatter grants `Bash(gh release delete:*)` tool accessstablemarkdown
SEC538Claude settings: shared gh repo edit permissionsClaude settings permissions allow `Bash(gh repo edit:*)` in a shared committed configstableclaude_settings
SEC539AI markdown: shared gh repo edit tool grantAI-native markdown frontmatter grants `Bash(gh repo edit:*)` tool accessstablemarkdown
SEC540Claude settings: shared gh release create permissionsClaude settings permissions allow `Bash(gh release create:*)` in a shared committed configstableclaude_settings
SEC541AI markdown: shared gh release create tool grantAI-native markdown frontmatter grants `Bash(gh release create:*)` tool accessstablemarkdown
SEC542Claude settings: shared gh repo transfer permissionsClaude settings permissions allow `Bash(gh repo transfer:*)` in a shared committed configstableclaude_settings
SEC543AI markdown: shared gh repo transfer tool grantAI-native markdown frontmatter grants `Bash(gh repo transfer:*)` tool accessstablemarkdown
SEC544Claude settings: shared gh release upload permissionsClaude settings permissions allow `Bash(gh release upload:*)` in a shared committed configstableclaude_settings
SEC545AI markdown: shared gh release upload tool grantAI-native markdown frontmatter grants `Bash(gh release upload:*)` tool accessstablemarkdown
SEC546MCP config: Bash(*) auto-approveMCP configuration auto-approves blanket shell execution with `autoApprove: ["Bash(*)"]`stablejson
SEC547MCP config: curl auto-approveMCP configuration auto-approves `Bash(curl:*)` through `autoApprove`stablejson
SEC548MCP config: wget auto-approveMCP configuration auto-approves `Bash(wget:*)` through `autoApprove`stablejson
SEC549MCP config: sudo auto-approveMCP configuration auto-approves `Bash(sudo:*)` through `autoApprove`stablejson
SEC550MCP config: rm auto-approveMCP configuration auto-approves `Bash(rm:*)` through `autoApprove`stablejson
SEC551MCP config: git push auto-approveMCP configuration auto-approves `Bash(git push)` through `autoApprove`stablejson
SEC552MCP config: gh api POST auto-approveMCP configuration auto-approves `Bash(gh api --method POST:*)` through `autoApprove`stablejson
SEC553MCP config: git checkout auto-approveMCP configuration auto-approves `Bash(git checkout:*)` through `autoApprove`stablejson
SEC554MCP config: git commit auto-approveMCP configuration auto-approves `Bash(git commit:*)` through `autoApprove`stablejson
SEC555MCP config: git reset auto-approveMCP configuration auto-approves `Bash(git reset:*)` through `autoApprove`stablejson
SEC556MCP config: git clean auto-approveMCP configuration auto-approves `Bash(git clean:*)` through `autoApprove`stablejson
SEC557MCP config: gh api DELETE auto-approveMCP configuration auto-approves `Bash(gh api --method DELETE:*)` through `autoApprove`stablejson
SEC558MCP config: gh api PATCH auto-approveMCP configuration auto-approves `Bash(gh api --method PATCH:*)` through `autoApprove`stablejson
SEC559MCP config: gh api PUT auto-approveMCP configuration auto-approves `Bash(gh api --method PUT:*)` through `autoApprove`stablejson
SEC560MCP config: gh issue create auto-approveMCP configuration auto-approves `Bash(gh issue create:*)` through `autoApprove`stablejson
SEC561MCP config: gh repo create auto-approveMCP configuration auto-approves `Bash(gh repo create:*)` through `autoApprove`stablejson
SEC562MCP config: gh repo delete auto-approveMCP configuration auto-approves `Bash(gh repo delete:*)` through `autoApprove`stablejson
SEC563MCP config: gh repo edit auto-approveMCP configuration auto-approves `Bash(gh repo edit:*)` through `autoApprove`stablejson
SEC564MCP config: gh secret set auto-approveMCP configuration auto-approves `Bash(gh secret set:*)` through `autoApprove`stablejson
SEC565MCP config: gh variable set auto-approveMCP configuration auto-approves `Bash(gh variable set:*)` through `autoApprove`stablejson
SEC566MCP config: gh workflow run auto-approveMCP configuration auto-approves `Bash(gh workflow run:*)` through `autoApprove`stablejson
SEC567MCP config: Read wildcard auto-approveMCP configuration auto-approves `Read(*)` through `autoApprove`stablejson
SEC568MCP config: Write wildcard auto-approveMCP configuration auto-approves `Write(*)` through `autoApprove`stablejson
SEC569MCP config: Edit wildcard auto-approveMCP configuration auto-approves `Edit(*)` through `autoApprove`stablejson
SEC570MCP config: Glob wildcard auto-approveMCP configuration auto-approves `Glob(*)` through `autoApprove`stablejson
SEC571MCP config: Grep wildcard auto-approveMCP configuration auto-approves `Grep(*)` through `autoApprove`stablejson
SEC572MCP config: WebFetch wildcard auto-approveMCP configuration auto-approves `WebFetch(*)` through `autoApprove`stablejson
SEC573MCP config: WebSearch wildcard auto-approveMCP configuration auto-approves `WebSearch(*)` through `autoApprove`stablejson
SEC574MCP config: Read unsafe path auto-approveMCP configuration auto-approves `Read(...)` over an unsafe path through `autoApprove`stablejson
SEC575MCP config: Write unsafe path auto-approveMCP configuration auto-approves `Write(...)` over an unsafe path through `autoApprove`stablejson
SEC576MCP config: Edit unsafe path auto-approveMCP configuration auto-approves `Edit(...)` over an unsafe path through `autoApprove`stablejson
SEC577MCP config: Glob unsafe path auto-approveMCP configuration auto-approves `Glob(...)` over an unsafe path through `autoApprove`stablejson
SEC578MCP config: Grep unsafe path auto-approveMCP configuration auto-approves `Grep(...)` over an unsafe path through `autoApprove`stablejson
SEC579MCP config: gh secret delete auto-approveMCP configuration auto-approves `Bash(gh secret delete:*)` through `autoApprove`stablejson
SEC580MCP config: gh variable delete auto-approveMCP configuration auto-approves `Bash(gh variable delete:*)` through `autoApprove`stablejson
SEC581MCP config: gh workflow disable auto-approveMCP configuration auto-approves `Bash(gh workflow disable:*)` through `autoApprove`stablejson
SEC582MCP config: gh repo transfer auto-approveMCP configuration auto-approves `Bash(gh repo transfer:*)` through `autoApprove`stablejson
SEC583MCP config: gh release create auto-approveMCP configuration auto-approves `Bash(gh release create:*)` through `autoApprove`stablejson
SEC584MCP config: gh release delete auto-approveMCP configuration auto-approves `Bash(gh release delete:*)` through `autoApprove`stablejson
SEC585MCP config: gh release upload auto-approveMCP configuration auto-approves `Bash(gh release upload:*)` through `autoApprove`stablejson
SEC586MCP config: npx auto-approveMCP configuration auto-approves `Bash(npx ...)` through `autoApprove`stablejson
SEC587MCP config: uvx auto-approveMCP configuration auto-approves `Bash(uvx ...)` through `autoApprove`stablejson
SEC588MCP config: npm exec auto-approveMCP configuration auto-approves `Bash(npm exec ...)` through `autoApprove`stablejson
SEC589MCP config: bunx auto-approveMCP configuration auto-approves `Bash(bunx ...)` through `autoApprove`stablejson
SEC590MCP config: pnpm dlx auto-approveMCP configuration auto-approves `Bash(pnpm dlx ...)` through `autoApprove`stablejson
SEC591MCP config: yarn dlx auto-approveMCP configuration auto-approves `Bash(yarn dlx ...)` through `autoApprove`stablejson
SEC592MCP config: pipx run auto-approveMCP configuration auto-approves `Bash(pipx run ...)` through `autoApprove`stablejson
SEC593MCP config: package install auto-approveMCP configuration auto-approves package installation commands through `autoApprove`stablejson
SEC594MCP config: git clone auto-approveMCP configuration auto-approves `Bash(git clone:*)` through `autoApprove`stablejson
SEC595MCP config: git fetch auto-approveMCP configuration auto-approves `Bash(git fetch:*)` through `autoApprove`stablejson
SEC596MCP config: git ls-remote auto-approveMCP configuration auto-approves `Bash(git ls-remote:*)` through `autoApprove`stablejson
SEC597MCP config: git add auto-approveMCP configuration auto-approves `Bash(git add:*)` through `autoApprove`stablejson
SEC598MCP config: git config auto-approveMCP configuration auto-approves `Bash(git config:*)` through `autoApprove`stablejson
SEC599MCP config: git tag auto-approveMCP configuration auto-approves `Bash(git tag:*)` through `autoApprove`stablejson
SEC600MCP config: git branch auto-approveMCP configuration auto-approves `Bash(git branch:*)` through `autoApprove`stablejson
SEC601MCP config: gh pr auto-approveMCP configuration auto-approves `Bash(gh pr:*)` through `autoApprove`stablejson
SEC602MCP config: git stash auto-approveMCP configuration auto-approves `Bash(git stash:*)` through `autoApprove`stablejson
SEC603MCP config: git restore auto-approveMCP configuration auto-approves `Bash(git restore:*)` through `autoApprove`stablejson
SEC604MCP config: git rebase auto-approveMCP configuration auto-approves `Bash(git rebase:*)` through `autoApprove`stablejson
SEC605MCP config: git merge auto-approveMCP configuration auto-approves `Bash(git merge:*)` through `autoApprove`stablejson
SEC606MCP config: git cherry-pick auto-approveMCP configuration auto-approves `Bash(git cherry-pick:*)` through `autoApprove`stablejson
SEC607MCP config: git apply auto-approveMCP configuration auto-approves `Bash(git apply:*)` through `autoApprove`stablejson
SEC608MCP config: git am auto-approveMCP configuration auto-approves `Bash(git am:*)` through `autoApprove`stablejson
SEC609MCP config: crontab auto-approveMCP configuration auto-approves `Bash(crontab:*)` through `autoApprove`stablejson
SEC610MCP config: systemctl enable auto-approveMCP configuration auto-approves `Bash(systemctl enable:*)` through `autoApprove`stablejson
SEC611MCP config: launchctl load auto-approveMCP configuration auto-approves `Bash(launchctl load:*)` through `autoApprove`stablejson
SEC612MCP config: launchctl bootstrap auto-approveMCP configuration auto-approves `Bash(launchctl bootstrap:*)` through `autoApprove`stablejson
SEC613MCP config: chmod auto-approveMCP configuration auto-approves `Bash(chmod:*)` through `autoApprove`stablejson
SEC614MCP config: chown auto-approveMCP configuration auto-approves `Bash(chown:*)` through `autoApprove`stablejson
SEC615MCP config: chgrp auto-approveMCP configuration auto-approves `Bash(chgrp:*)` through `autoApprove`stablejson
SEC616MCP config: su auto-approveMCP configuration auto-approves `Bash(su:*)` through `autoApprove`stablejson
SEC617MCP config: raw.githubusercontent.com WebFetch auto-approveMCP configuration auto-approves `WebFetch(domain:raw.githubusercontent.com)` through `autoApprove`stablejson
SEC618MCP config: bare Read auto-approveMCP configuration auto-approves bare `Read` through `autoApprove`stablejson
SEC619MCP config: bare Write auto-approveMCP configuration auto-approves bare `Write` through `autoApprove`stablejson
SEC620MCP config: bare Edit auto-approveMCP configuration auto-approves bare `Edit` through `autoApprove`stablejson
SEC621MCP config: bare Glob auto-approveMCP configuration auto-approves bare `Glob` through `autoApprove`stablejson
SEC622MCP config: bare Grep auto-approveMCP configuration auto-approves bare `Grep` through `autoApprove`stablejson
SEC623MCP config: bare WebFetch auto-approveMCP configuration auto-approves bare `WebFetch` through `autoApprove`stablejson
SEC624MCP config: bare WebSearch auto-approveMCP configuration auto-approves bare `WebSearch` through `autoApprove`stablejson
SEC625MCP config: bare Bash auto-approveMCP configuration auto-approves bare `Bash` through `autoApprove`stablejson
SEC626Claude settings: bare Bash permissionsClaude settings permissions allow bare `Bash` in a shared committed configstableclaude_settings
SEC627Claude settings: bare Read permissionsClaude settings permissions allow bare `Read` in a shared committed configstableclaude_settings
SEC628Claude settings: bare Write permissionsClaude settings permissions allow bare `Write` in a shared committed configstableclaude_settings
SEC629Claude settings: bare Edit permissionsClaude settings permissions allow bare `Edit` in a shared committed configstableclaude_settings
SEC630Claude settings: bare Glob permissionsClaude settings permissions allow bare `Glob` in a shared committed configstableclaude_settings
SEC631Claude settings: bare Grep permissionsClaude settings permissions allow bare `Grep` in a shared committed configstableclaude_settings
SEC632Claude settings: bare WebFetch permissionsClaude settings permissions allow bare `WebFetch` in a shared committed configstableclaude_settings
SEC633Hook script: destructive root deletionHook script attempts destructive root deletionstablehook
SEC634Hook script: password file accessHook script accesses a sensitive system password filestablehook
SEC635Hook script: shell profile writeHook script writes to a shell profile startup filestablehook
SEC636Hook script: authorized_keys writeHook script writes to SSH authorized_keysstablehook
SEC637MCP config: destructive root deletionMCP configuration command attempts destructive root deletionstablejson
SEC638MCP config: password file accessMCP configuration command accesses a sensitive system password filestablejson
SEC639MCP config: shell profile writeMCP configuration command writes to a shell profile startup filestablejson
SEC640MCP config: authorized_keys writeMCP configuration command writes to SSH authorized_keysstablejson
SEC641Claude settings: command hook root deletionClaude settings command hook attempts destructive root deletionstableclaude_settings
SEC642Claude settings: command hook password file accessClaude settings command hook accesses a sensitive system password filestableclaude_settings
SEC643Claude settings: command hook shell profile writeClaude settings command hook writes to a shell profile startup filestableclaude_settings
SEC644Claude settings: command hook authorized_keys writeClaude settings command hook writes to SSH authorized_keysstableclaude_settings
SEC645Plugin hook: destructive root deletionPlugin hook command attempts destructive root deletionstablejson
SEC646Plugin hook: password file accessPlugin hook command accesses a sensitive system password filestablejson
SEC647Plugin hook: shell profile writePlugin hook command writes to a shell profile startup filestablejson
SEC648Plugin hook: authorized_keys writePlugin hook command writes to SSH authorized_keysstablejson
SEC649Hook script: cron persistenceHook script manipulates cron persistencestablehook
SEC650Hook script: systemd persistenceHook script registers a systemd service or unit for persistencestablehook
SEC651Hook script: launchd persistenceHook script registers a launchd plist for persistencestablehook
SEC652MCP config: cron persistenceMCP configuration command manipulates cron persistencestablejson
SEC653MCP config: systemd persistenceMCP configuration command registers a systemd service or unit for persistencestablejson
SEC654MCP config: launchd persistenceMCP configuration command registers a launchd plist for persistencestablejson
SEC655Claude settings: command hook cron persistenceClaude settings command hook manipulates cron persistencestableclaude_settings
SEC656Claude settings: command hook systemd persistenceClaude settings command hook registers a systemd service or unit for persistencestableclaude_settings
SEC657Claude settings: command hook launchd persistenceClaude settings command hook registers a launchd plist for persistencestableclaude_settings
SEC658Plugin hook: cron persistencePlugin hook command manipulates cron persistencestablejson
SEC659Plugin hook: systemd persistencePlugin hook command registers a systemd service or unit for persistencestablejson
SEC660Plugin hook: launchd persistencePlugin hook command registers a launchd plist for persistencestablejson
SEC661Hook script: insecure chmodHook script performs an insecure permission changestablehook
SEC662Hook script: setuid or setgid manipulationHook script manipulates setuid or setgid permissionsstablehook
SEC663Hook script: Linux capability manipulationHook script manipulates Linux capabilitiesstablehook
SEC664MCP config: insecure chmodMCP configuration command performs an insecure permission changestablejson
SEC665MCP config: setuid or setgid manipulationMCP configuration command manipulates setuid or setgid permissionsstablejson
SEC666MCP config: Linux capability manipulationMCP configuration command manipulates Linux capabilitiesstablejson
SEC667Claude settings: command hook insecure chmodClaude settings command hook performs an insecure permission changestableclaude_settings
SEC668Claude settings: command hook setuid or setgid manipulationClaude settings command hook manipulates setuid or setgid permissionsstableclaude_settings
SEC669Claude settings: command hook Linux capability manipulationClaude settings command hook manipulates Linux capabilitiesstableclaude_settings
SEC670Plugin hook: insecure chmodPlugin hook command performs an insecure permission changestablejson
SEC671Plugin hook: setuid or setgid manipulationPlugin hook command manipulates setuid or setgid permissionsstablejson
SEC672Plugin hook: Linux capability manipulationPlugin hook command manipulates Linux capabilitiesstablejson
SEC673Hook script: webhook secret exfiltrationHook script posts secret material to a webhook endpointstablehook
SEC674MCP config: secret exfiltrationMCP configuration command appears to send secret material over the networkstablejson
SEC675MCP config: insecure HTTP secret sendMCP configuration command sends secret material to an insecure http:// endpointstablejson
SEC676MCP config: webhook secret exfiltrationMCP configuration command posts secret material to a webhook endpointstablejson
SEC677Claude settings: secret exfiltration hookClaude settings command hook appears to send secret material over the networkstableclaude_settings
SEC678Claude settings: insecure HTTP secret sendClaude settings command hook sends secret material to an insecure http:// endpointstableclaude_settings
SEC679Claude settings: webhook secret exfiltrationClaude settings command hook posts secret material to a webhook endpointstableclaude_settings
SEC680Plugin hook: secret exfiltrationPlugin hook command appears to send secret material over the networkstablejson
SEC681Plugin hook: insecure HTTP secret sendPlugin hook command sends secret material to an insecure http:// endpointstablejson
SEC682Plugin hook: webhook secret exfiltrationPlugin hook command posts secret material to a webhook endpointstablejson
SEC683Hook script: sensitive file exfiltrationHook script transfers a sensitive credential file to a remote destinationstablehook
SEC684MCP config: sensitive file exfiltrationMCP configuration command transfers a sensitive credential file to a remote destinationstablejson
SEC685Claude settings: sensitive file exfiltration hookClaude settings command hook transfers a sensitive credential file to a remote destinationstableclaude_settings
SEC686Plugin hook: sensitive file exfiltrationPlugin hook command transfers a sensitive credential file to a remote destinationstablejson
SEC687Hook script: clipboard readHook script reads local clipboard contentsstablehook
SEC688Hook script: browser credential store accessHook script accesses browser credential or cookie storesstablehook
SEC689MCP config: clipboard readMCP configuration command reads local clipboard contentsstablejson
SEC690MCP config: browser credential store accessMCP configuration command accesses browser credential or cookie storesstablejson
SEC691Claude settings: clipboard read hookClaude settings command hook reads local clipboard contentsstableclaude_settings
SEC692Claude settings: browser credential store access hookClaude settings command hook accesses browser credential or cookie storesstableclaude_settings
SEC693Plugin hook: clipboard readPlugin hook command reads local clipboard contentsstablejson
SEC694Plugin hook: browser credential store accessPlugin hook command accesses browser credential or cookie storesstablejson
SEC695Hook script: clipboard exfiltrationHook script exfiltrates clipboard contents over the networkstablehook
SEC696Hook script: browser credential store exfiltrationHook script exfiltrates browser credential or cookie store datastablehook
SEC697MCP config: clipboard exfiltrationMCP configuration command exfiltrates clipboard contents over the networkstablejson
SEC698MCP config: browser credential store exfiltrationMCP configuration command exfiltrates browser credential or cookie store datastablejson
SEC699Claude settings: clipboard exfiltration hookClaude settings command hook exfiltrates clipboard contents over the networkstableclaude_settings
SEC700Claude settings: browser credential store exfiltration hookClaude settings command hook exfiltrates browser credential or cookie store datastableclaude_settings
SEC701Plugin hook: clipboard exfiltrationPlugin hook command exfiltrates clipboard contents over the networkstablejson
SEC702Plugin hook: browser credential store exfiltrationPlugin hook command exfiltrates browser credential or cookie store datastablejson
SEC703Hook script: screen captureHook script captures a screenshot or desktop imagestablehook
SEC704Hook script: screen capture exfiltrationHook script captures and exfiltrates a screenshot or desktop imagestablehook
SEC705MCP config: screen captureMCP configuration command captures a screenshot or desktop imagestablejson
SEC706MCP config: screen capture exfiltrationMCP configuration command captures and exfiltrates a screenshot or desktop imagestablejson
SEC707Claude settings: screen capture hookClaude settings command hook captures a screenshot or desktop imagestableclaude_settings
SEC708Claude settings: screen capture exfiltration hookClaude settings command hook captures and exfiltrates a screenshot or desktop imagestableclaude_settings
SEC709Plugin hook: screen capturePlugin hook command captures a screenshot or desktop imagestablejson
SEC710Plugin hook: screen capture exfiltrationPlugin hook command captures and exfiltrates a screenshot or desktop imagestablejson
SEC711Hook script: camera captureHook script captures a camera image or webcam streamstablehook
SEC712Hook script: microphone captureHook script records microphone or audio inputstablehook
SEC713Hook script: camera capture exfiltrationHook script captures and exfiltrates camera or webcam datastablehook
SEC714Hook script: microphone capture exfiltrationHook script records and exfiltrates microphone or audio inputstablehook
SEC715MCP config: camera captureMCP configuration command captures a webcam or camera imagestablejson
SEC716MCP config: microphone captureMCP configuration command captures microphone audiostablejson
SEC717MCP config: camera capture exfiltrationMCP configuration command captures and exfiltrates webcam or camera datastablejson
SEC718MCP config: microphone capture exfiltrationMCP configuration command captures and exfiltrates microphone audiostablejson
SEC719Claude settings: camera capture hookClaude settings command hook captures a webcam or camera imagestableclaude_settings
SEC720Claude settings: microphone capture hookClaude settings command hook captures microphone audiostableclaude_settings
SEC721Claude settings: camera capture exfiltration hookClaude settings command hook captures and exfiltrates webcam or camera datastableclaude_settings
SEC722Claude settings: microphone capture exfiltration hookClaude settings command hook captures and exfiltrates microphone audiostableclaude_settings
SEC723Plugin hook: camera capturePlugin hook command captures a webcam or camera imagestablejson
SEC724Plugin hook: microphone capturePlugin hook command captures microphone audiostablejson
SEC725Plugin hook: camera capture exfiltrationPlugin hook command captures and exfiltrates webcam or camera datastablejson
SEC726Plugin hook: microphone capture exfiltrationPlugin hook command captures and exfiltrates microphone audiostablejson
SEC727Hook script: keylogger captureHook script captures keystrokes or keyboard inputstablehook
SEC728Hook script: keylogger exfiltrationHook script captures and exfiltrates keystrokes or keyboard inputstablehook
SEC729MCP config: keylogger captureMCP configuration command captures keystrokes or keyboard inputstablejson
SEC730MCP config: keylogger exfiltrationMCP configuration command captures and exfiltrates keystrokes or keyboard inputstablejson
SEC731Claude settings: keylogger capture hookClaude settings command hook captures keystrokes or keyboard inputstableclaude_settings
SEC732Claude settings: keylogger exfiltration hookClaude settings command hook captures and exfiltrates keystrokes or keyboard inputstableclaude_settings
SEC733Plugin hook: keylogger capturePlugin hook command captures keystrokes or keyboard inputstablejson
SEC734Plugin hook: keylogger exfiltrationPlugin hook command captures and exfiltrates keystrokes or keyboard inputstablejson
SEC735Hook script: environment dumpHook script dumps environment variables or shell statestablehook
SEC736Hook script: environment dump exfiltrationHook script dumps and exfiltrates environment variables or shell statestablehook
SEC737MCP config: environment dumpMCP configuration command dumps environment variables or shell statestablejson
SEC738MCP config: environment dump exfiltrationMCP configuration command dumps and exfiltrates environment variables or shell statestablejson
SEC739Claude settings: environment dump hookClaude settings command hook dumps environment variables or shell statestableclaude_settings
SEC740Claude settings: environment dump exfiltration hookClaude settings command hook dumps and exfiltrates environment variables or shell statestableclaude_settings
SEC741Plugin hook: environment dumpPlugin hook command dumps environment variables or shell statestablejson
SEC742Plugin hook: environment dump exfiltrationPlugin hook command dumps and exfiltrates environment variables or shell statestablejson
SEC743package.json: dangerous lifecycle scriptpackage.json defines a dangerous install-time lifecycle scriptstablejson
SEC744package.json: git or forge dependency sourcepackage.json installs a dependency from a git or forge shortcut sourcestablejson
SEC745package.json: unbounded dependency versionpackage.json uses an unbounded dependency version like * or lateststablejson
SEC746Dockerfile: remote script execution in RUNDockerfile RUN downloads remote code and executes itstabledockerfile
SEC747Dockerfile: final stage runs as rootDockerfile final stage explicitly runs as rootstabledockerfile
SEC748Docker Compose: privileged service runtimeDocker Compose service enables privileged container runtime or host namespace accessstabledocker-compose
SEC749Dockerfile: mutable registry image in FROMDockerfile FROM uses a mutable registry image without a digest pinstabledockerfile
SEC750Docker Compose: mutable service imageDocker Compose service image uses a mutable registry reference without a digest pinstabledocker-compose
SEC751Dockerfile: latest or implicit-latest base image tagDockerfile FROM uses a latest or implicit-latest image tagstabledockerfile
SEC752Docker Compose: latest or implicit-latest service image tagDocker Compose service image uses a latest or implicit-latest tagstabledocker-compose
SEC753package.json: direct archive URL dependency sourcepackage.json installs a dependency from a direct archive URL sourcestablejson
SEC754Devcontainer: host-side initializeCommandDevcontainer config defines a host-side initializeCommandstabledevcontainer
SEC755Devcontainer: sensitive local bind mountDevcontainer config bind-mounts sensitive local host materialstabledevcontainer

Provider

lintai-policy-mismatch

3 rules
SEC401Policy mismatch: executionProject policy forbids execution, but repository contains executable behaviorpreviewworkspace
SEC402Policy mismatch: network accessProject policy forbids network access, but repository contains network behaviorpreviewworkspace
SEC403Skill capabilities mismatchSkill frontmatter capabilities conflict with project policypreviewworkspace

Provider

lintai-dep-vulns

1 rules
SEC756Dependency vulnerability: installed npm package versionInstalled npm dependency version matches an offline vulnerability advisorypreviewworkspace