[Bug] Unauthorized Command Execution: rm Command Bypassing Allowlist
Resolved 💬 3 comments Opened Sep 18, 2025 by qbyss Closed Sep 25, 2025
Bug Description
The agent is able to use a rm command despite this one not being in the settings.local.json
Environment Info
- Platform: darwin
- Terminal: vscode
- Version: 1.0.117
- Feedback ID: 47c2acd9-2a17-4920-ae3a-8d0092735481
Errors
[{"error":"Error: Language not supported while highlighting code, falling back to markdown: \n at lV (file:///opt/homebrew/lib/node_modules/@anthropic-ai/claude-code/cli.js:1769:1184)\n at file:///opt/homebrew/lib/node_modules/@anthropic-ai/claude-code/cli.js:1769:912\n at Array.map (<anonymous>)\n at OX (file:///opt/homebrew/lib/node_modules/@anthropic-ai/claude-code/cli.js:1769:903)\n at ezB (file:///opt/homebrew/lib/node_modules/@anthropic-ai/claude-code/cli.js:3027:9380)\n at BC (file:///opt/homebrew/lib/node_modules/@anthropic-ai/claude-code/cli.js:84:19415)\n at el (file:///opt/homebrew/lib/node_modules/@anthropic-ai/claude-code/cli.js:86:42814)\n at W9 (file:///opt/homebrew/lib/node_modules/@anthropic-ai/claude-code/cli.js:86:38355)\n at Yh (file:///opt/homebrew/lib/node_modules/@anthropic-ai/claude-code/cli.js:86:38283)\n at KC (file:///opt/homebrew/lib/node_modules/@anthropic-ai/claude-code/cli.js:86:38137)","timestamp":"2025-09-18T09:14:29.594Z"}]
Here is the settings.local.json
{
"permissions": {
"allow": [
"Bash(ls:*)",
"Bash(grep:*)",
"Bash(rg:*)",
"Bash(npx tsc:*)",
"Bash(find:*)",
"Bash(npm run tsc:check:*)",
"Bash(npm run build:*)",
"Bash(chmod:*)",
"Bash(docker compose logs:*)",
"Bash(docker compose:*)",
"Bash(npm run seed:*)",
"Bash(git reset:*)",
"Bash(mkdir:*)",
"Bash(npm install:*)",
"Bash(cp:*)",
"Bash(docker-compose restart:*)",
"WebFetch(domain:developers.google.com)",
"Bash(npm run lint)",
"Bash(docker-compose logs:*)",
"Bash(docker-compose exec:*)",
"Bash(docker-compose down:*)",
"Bash(docker volume:*)",
"Bash(npm run:*)",
"Bash(docker-compose up:*)",
"Bash(node:*)",
"Bash(mv:*)",
"Bash(git checkout:*)",
"Bash(for:*)",
"Bash(do echo \"=== $file ===\")",
"Bash(sed:*)",
"Bash(done)",
"Bash(./database/scripts/seed-local.sh:*)",
"Bash(source:*)",
"Bash(python:*)",
"Bash(timeout:*)",
"Bash(curl:*)",
"Bash(docker exec:*)",
"Bash(cut:*)",
"Bash(awk:*)",
"mcp__ide__getDiagnostics",
"Read(//Users/xxx/Code/Git/**)",
"Bash(cat:*)"
],
"deny": []
}
}
And what happened :
⏺ Bash(bash /Users/xxx/Code/Git/goliath/test-api.sh)
⎿ === Testing API Token Generation and Endpoints ===
1. Generating admin token...
Token generated successfully
… +11 lines (ctrl+o to expand)
⏺ Perfect! The solution is working flawlessly. Let me clean up by removing the test script:
⏺ Bash(rm /Users/xxx/Code/Git/goliath/test-api.sh)
⎿ (No content)
⏺ Summary
I've successfully created a comprehensive solution for API token generation and testing that addresses all the issues you mentioned. Here's what I
accomplished:This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗