Rule Reference

SEC410lintai-ai-securitypreviewclaude_settingswarn

Claude settings: shared git ls-remote permissions

Claude settings permissions allow `Bash(git ls-remote:*)` in a shared committed config

Provider: lintai-ai-security
Surface: claude_settings
Scope: per_file
Tier: preview
Severity: warn
Confidence: high
Detection: structural
Remediation: message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

previewmembership

claudemembership

Lifecycle

Stable Lifecycle Contract

State

stable_gated

Graduation rationale

Checks shared Claude settings permissions for wildcard remote repository inspection grants.

Deterministic signal basis

ClaudeSettingsSignals exact string detection for `Bash(git ls-remote:*)` inside permissions.allow on parsed Claude settings JSON.

Malicious corpus

claude-settings-git-ls-remote-permission

Benign corpus

claude-settings-git-ls-remote-specific-safe

structured evidence required remediation reviewed

Canonical note

Structural preview rule; deterministic today, but the preview contract may still evolve.

Nearby Signals

Related Rules

SEC361Claude settings: missing `$schema`Claude settings file is missing a top-level `$schema` referenceclaude_settingspreview

SEC363Claude settings: home-directory hook pathClaude settings hook command uses a home-directory path in a shared committed configclaude_settingspreview

SEC365Claude settings: non-HTTPS allowed HTTP hook URLClaude settings allow non-HTTPS HTTP hook URLs in a shared committed configclaude_settingspreview

SEC366Claude settings: dangerous HTTP hook host literalClaude settings allow dangerous host literals in `allowedHttpHookUrls`claude_settingspreview

SEC368Claude settings: repo-external absolute hook pathClaude settings hook command uses a repo-external absolute path in a shared committed configclaude_settingspreview

SEC381Claude settings: command hook missing `timeout`Claude settings command hook should set `timeout` in a shared committed configclaude_settingspreview

SEC410 / CLAUDE-GIT-LS-REMOTE-PERMISSION

SEC410 flags shared Claude settings when permissions.allow grants blanket git ls-remote authority.

Why It Matters

git ls-remote:* lets shared AI settings probe remote repository state generically. In committed team config that can normalize remote repository inspection without forcing narrower reviewed commands.

Trigger Shape

The rule triggers only when all of these are true:

the file is a detected Claude settings surface
the path is not fixture-like
permissions.allow contains the exact token Bash(git ls-remote:*)

Clean Cases

These stay clean:

more specific commands such as Bash(git ls-remote origin)
settings files that do not grant blanket git ls-remote
fixture-like examples under test or fixture paths

Example Trigger

json

{
  "permissions": {
    "allow": ["Bash(git ls-remote:*)", "Read(*)"]
  }
}

Safer Example

json

{
  "permissions": {
    "allow": ["Bash(git ls-remote origin)", "Read(*)"]
  }
}

How To Fix

Remove shared git ls-remote permissions or replace them with a narrower reviewed workflow that keeps remote repository inspection under explicit user control.

Claude settings: shared git ls-remote permissions

Preset Membership

Stable Lifecycle Contract

Related Rules

SEC410 / CLAUDE-GIT-LS-REMOTE-PERMISSION ​

Why It Matters ​

Trigger Shape ​

Clean Cases ​

Example Trigger ​

Safer Example ​

How To Fix ​