lintai docs

Appearance

Rule Reference

SEC685lintai-ai-securitystableclaude_settingswarn

Claude settings: sensitive file exfiltration hook

Claude settings command hook transfers a sensitive credential file to a remote destination

Provider
lintai-ai-security
Surface
claude_settings
Scope
per_file
Tier
stable
Severity
warn
Confidence
high
Detection
structural
Remediation
message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

basemembership
claudemembership

Lifecycle

Stable Lifecycle Contract

State

stable_gated

Graduation rationale

Checks committed Claude settings command hooks for explicit transfer of sensitive credential files to remote destinations.

Deterministic signal basis

ClaudeSettingsSignals command-hook string analysis over committed hook entries with type == command for sensitive file paths such as `.env`, `.aws/credentials`, `.ssh/id_rsa`, or `.kube/config` combined with transfer commands like `scp`, `sftp`, `rsync`, `curl`, `aws s3 cp`, `gsutil cp`, or `rclone copy`.

Malicious corpus
claude-settings-hook-sensitive-file-exfilclaude-settings-hook-sensitive-file-rclone-exfil
Benign corpus
claude-settings-network-command-safe
structured evidence required remediation reviewed
Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC340Claude hook: mutable package launcherClaude settings command hook uses a mutable package launcherclaude_settingsstable
SEC341Claude hook: remote content piped to shellClaude settings command hook downloads remote content and pipes it into a shellclaude_settingsstable
SEC342Claude hook: TLS verification disabledClaude settings command hook disables TLS verification in a network-capable execution pathclaude_settingsstable
SEC641Claude settings: command hook root deletionClaude settings command hook attempts destructive root deletionclaude_settingsstable
SEC642Claude settings: command hook password file accessClaude settings command hook accesses a sensitive system password fileclaude_settingsstable
SEC643Claude settings: command hook shell profile writeClaude settings command hook writes to a shell profile startup fileclaude_settingsstable

Why It Matters

Shared Claude command hooks execute automatically. Uploading local credential files from those hooks can leak long-lived secrets without additional review.

What Triggers

SEC685 matches committed Claude command hooks that pair sensitive file paths like .env, ~/.aws/credentials, ~/.ssh/id_rsa, or ~/.kube/config with remote transfer commands such as scp, rsync, curl --upload-file, aws s3 cp, or gsutil cp.

False Positives

Legitimate hooks may copy ordinary artifacts, but they should not export credential-bearing files or local secret stores.

Remediation

Remove the remote transfer of sensitive credential files from the committed Claude hook and keep credential material local to the trusted machine.