Rule Reference

SEC367lintai-ai-securitystableclaude_settingswarn

Claude settings: wildcard WebFetch permissions

Claude settings permissions allow `WebFetch(*)` in a shared committed config

Provider: lintai-ai-security
Surface: claude_settings
Scope: per_file
Tier: stable
Severity: warn
Confidence: high
Detection: structural
Remediation: message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

previewmembership

claudemembership

Lifecycle

Stable Lifecycle Contract

State

stable_gated

Graduation rationale

Checks shared Claude settings permissions for explicit wildcard `WebFetch(*)` grants.

Deterministic signal basis

ClaudeSettingsSignals exact string detection for `WebFetch(*)` inside permissions.allow on parsed Claude settings JSON.

Malicious corpus

claude-settings-webfetch-wildcard

Benign corpus

claude-settings-webfetch-specific-safe

structured evidence required remediation reviewed

Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC362Claude settings: wildcard Bash permissionsClaude settings permissions allow `Bash(*)` in a shared committed configclaude_settingsstable

SEC364Claude settings: bypassPermissions default modeClaude settings set `permissions.defaultMode` to `bypassPermissions` in a shared committed configclaude_settingsstable

SEC369Claude settings: wildcard Write permissionsClaude settings permissions allow `Write(*)` in a shared committed configclaude_settingsstable

SEC372Claude settings: wildcard Read permissionsClaude settings permissions allow `Read(*)` in a shared committed configclaude_settingsstable

SEC373Claude settings: wildcard Edit permissionsClaude settings permissions allow `Edit(*)` in a shared committed configclaude_settingsstable

SEC374Claude settings: wildcard WebSearch permissionsClaude settings permissions allow `WebSearch(*)` in a shared committed configclaude_settingsstable

Why It Matters

SEC367 flags committed Claude settings files when permissions.allow contains the exact wildcard network grant WebFetch(*).

This is useful because:

shared .claude/settings.json files are often copied between repos and teams
WebFetch(*) grants broad outbound fetch capability instead of a reviewed allowlist
broad network access is harder to review and increases accidental exfiltration or policy drift risk

What Triggers

This rule applies only to committed Claude settings surfaces:

.claude/settings.json
claude/settings.json

It triggers when:

permissions.allow contains the exact string WebFetch(*)

It does not trigger on:

narrower reviewed patterns such as WebFetch(https://api.example.com/*)
fixture-like test/example paths

Examples

Bad:

json

{
  "permissions": {
    "allow": ["WebFetch(*)", "Read(*)"]
  }
}

Better:

json

{
  "permissions": {
    "allow": ["WebFetch(https://api.example.com/*)", "Read(*)"]
  }
}

Remediation

replace WebFetch(*) with specific reviewed fetch patterns
keep shared network permissions as narrow as possible for the repo's actual workflows

Claude settings: wildcard WebFetch permissions

Preset Membership

Stable Lifecycle Contract

Related Rules

Why It Matters ​

What Triggers ​

Examples ​

Remediation ​

Why It Matters

What Triggers

Examples

Remediation