lintai docs

Appearance

Rule Reference

SEC368lintai-ai-securitypreviewclaude_settingswarn

Claude settings: repo-external absolute hook path

Claude settings hook command uses a repo-external absolute path in a shared committed config

Provider
lintai-ai-security
Surface
claude_settings
Scope
per_file
Tier
preview
Severity
warn
Confidence
high
Detection
structural
Remediation
message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

previewmembership
claudemembership

Lifecycle

Stable Lifecycle Contract

State

stable_gated

Graduation rationale

Checks shared committed Claude settings for repo-external absolute hook command paths.

Deterministic signal basis

ClaudeSettingsSignals exact command-path analysis for repo-external absolute hook commands in parsed Claude settings JSON.

Malicious corpus
claude-settings-repo-external-absolute-hook-path
Benign corpus
claude-settings-repo-external-absolute-hook-safe
structured evidence required remediation reviewed
Canonical note

Structural preview rule; deterministic today, but the preview contract may still evolve.

Nearby Signals

Related Rules

SEC361Claude settings: missing `$schema`Claude settings file is missing a top-level `$schema` referenceclaude_settingspreview
SEC363Claude settings: home-directory hook pathClaude settings hook command uses a home-directory path in a shared committed configclaude_settingspreview
SEC365Claude settings: non-HTTPS allowed HTTP hook URLClaude settings allow non-HTTPS HTTP hook URLs in a shared committed configclaude_settingspreview
SEC366Claude settings: dangerous HTTP hook host literalClaude settings allow dangerous host literals in `allowedHttpHookUrls`claude_settingspreview
SEC381Claude settings: command hook missing `timeout`Claude settings command hook should set `timeout` in a shared committed configclaude_settingspreview
SEC382Claude settings: `matcher` on unsupported hook eventClaude settings should not use `matcher` on unsupported hook eventsclaude_settingspreview

Why It Matters

SEC368 flags committed Claude settings hook commands that start with a repo-external absolute path such as /opt/... in a shared team-facing config.

This is useful because:

  • shared Claude settings in git should stay portable across machines and contributors
  • repo-external absolute paths make hook wiring harder to review, reproduce, and safely rotate
  • project-scoped wrapper paths rooted in $CLAUDE_PROJECT_DIR are easier for teams to understand and maintain

What Triggers

This rule applies only to committed Claude settings surfaces:

  • .claude/settings.json
  • claude/settings.json

It triggers when a hooks entry with type: "command" has a command string that starts with a repo-external absolute path such as:

  • /opt/...
  • /usr/local/...
  • /etc/...
  • /var/...
  • /private/...
  • /tmp/...
  • /Volumes/...
  • /srv/...

It does not trigger on:

  • project-scoped paths rooted in $CLAUDE_PROJECT_DIR
  • common system launcher paths such as /bin/sh -lc ...
  • fixture-like test/example paths

Examples

Bad:

json
{
  "hooks": {
    "Stop": [
      {
        "hooks": [
          {
            "type": "command",
            "command": "/opt/team/hooks/audit.sh"
          }
        ]
      }
    ]
  }
}

Better:

json
{
  "hooks": {
    "Stop": [
      {
        "hooks": [
          {
            "type": "command",
            "command": "$CLAUDE_PROJECT_DIR/scripts/audit.sh"
          }
        ]
      }
    ]
  }
}

Remediation

  • replace repo-external absolute hook commands with project-scoped wrappers
  • prefer repo-relative launch paths rooted in $CLAUDE_PROJECT_DIR
  • keep shared Claude settings portable across machines