SEC540 / CLAUDE-GH-RELEASE-CREATE-PERMISSION

SEC540 flags shared Claude settings when permissions.allow grants blanket GitHub release publishing authority through gh release create.

Why It Matters

gh release create can publish releases and attach build artifacts. In a shared committed settings file that is broader than most teams want to delegate by default.

Trigger Shape

• the file is a detected Claude settings surface
• the path is not fixture-like
• permissions.allow contains the exact token Bash(gh release create:*)

Clean Cases

• narrower read-only grants such as Bash(gh release view:*)
• settings files without blanket release publishing access
• fixture-like examples under test or fixture paths

Example Trigger

{
  "permissions": {
    "allow": ["Bash(gh release create:*)", "Read(*)"]
  }
}

Safer Example

{
  "permissions": {
    "allow": ["Bash(gh release view:*)", "Read(*)"]
  }
}

How To Fix

Remove shared gh release create permissions or replace them with narrower reviewed commands that keep release publishing under explicit user control.