English | Italiano
| Version | Supported |
|---|---|
| 1.0.x | Yes |
To report a security vulnerability, use GitHub Security Advisories:
Do not open a public issue for security reports.
- Description of the vulnerability
- Steps to reproduce
- Affected version(s)
- Impact assessment (what an attacker could achieve)
- Acknowledgment: within 72 hours
- Critical fixes: within 30 days
- Coordinated public disclosure after the fix is released
Claude Code Available Tools by Bonn is a local CLI tool that reads Claude Code configuration files from disk. It does not expose network services, handle authentication, or process untrusted user input from external sources.
Current measures:
- Dependency lockfile:
uv.lockpins all transitive dependencies to exact versions (uv.lock) - Safe file I/O: all filesystem reads are wrapped in try/except with explicit error handling, no exceptions propagate from the scanner (
src/cctools/scanner.py:177-198) - No shell injection surface: the tool does not pass user-supplied strings to shell commands;
subprocess.Popenincli.py:80uses list-based arguments - No
eval/exec/pickle: no dynamic code execution on file contents - JSON parsing with type guards: JSON data from config files is validated with
isinstancechecks before use (src/cctools/scanner.py:186-198) - Static analysis: ruff linter and mypy type checker configured in
pyproject.toml
- Keep Python and dependencies up to date
- Review the contents of
~/.claude/and project.claude/directories, as cctools reads and displays their contents - If using
CLAUDE_CONFIG_DIRto point to a custom config directory, ensure that directory has appropriate file permissions
The following are not considered vulnerabilities in Claude Code Available Tools by Bonn:
- Display of sensitive data already present in Claude Code configuration files (this is the tool's intended function)
- Local privilege escalation requiring pre-existing access to the user's account
- Social engineering attacks
- Denial of service via excessively large configuration files on the local filesystem
- Vulnerabilities in third-party dependencies that are already publicly disclosed (report these upstream)
Security researchers who report valid vulnerabilities will be credited here upon request.