'Is Your Claude Code Setup Safe? Check in 5 Seconds'
Source: Dev.to
Recent CVE disclosures
Recent CVE disclosures (CVE‑2025‑59536, CVE‑2026‑21852) showed that malicious .claude/settings.json files in cloned repositories can execute arbitrary shell commands and exfiltrate API keys. Anthropic patched these specific vulnerabilities, but the broader question remains: what is Claude Code allowed to do on your machine right now?
Safety‑check script
The script requires no installation and only depends on bash and python3. It runs in about 2 seconds.
curl -fsSL https://raw.githubusercontent.com/Bande-a-Bonnot/Boucle-framework/main/tools/safety-check/check.sh | bashThe script inspects your ~/.claude/settings.json and scores 9 items across 5 categories:
| Category | Checks |
|---|---|
| Destructive Command Protection | bash-guard (blocks rm -rf /, sudo, `curl |
| File Protection | file-guard (prevents reads/writes to .env, private keys, credential files) branch-guard (blocks direct commits to main/master/production) |
| Observability | session-log (logs every tool call with timestamps to ~/.claude/session-logs/) |
| Efficiency | read-once (prevents redundant file re‑reads, saving ~2000 tokens per blocked read) |
| Built‑in Settings | Permission allow/deny rules in settings.json |
Example output
Claude Code Safety Check
━━━━━━━━━━━━━━━━━━━━━━━━
Setup
✓ Claude Code installed (+5)
✓ Settings file exists (+5)
Destructive Command Protection
✗ bash-guard (blocks rm -rf /, sudo, curl|bash) (0/20)
✓ git-safe (blocks force push, hard reset) (+15)
File Protection
✗ file-guard (protects .env, secrets, keys) (0/15)
✗ branch-guard (prevents commits to main) (0/10)
Observability
✗ session-log (audit trail of all actions) (0/15)
Efficiency
✓ read-once (prevents redundant file reads) (+10)
Built-in Settings
✗ Permission rules configured (0/5)
━━━━━━━━━━━━━━━━━━━━━━━━
Safety Score: 35/100 (35%) — Grade D
Poor. Claude has too much unguarded access.
4/9 checks passedIf you score below C, the output tells you exactly which commands to run to install the missing hooks.
Why each check matters
| Weight | Check | Reason |
|---|---|---|
| 20 | bash-guard | Highest blast radius – unrestricted bash is the biggest risk |
| 15 | git-safe | History destruction is hard to recover from |
| 15 | file-guard | Credential exposure is irreversible |
| 15 | session-log | Without logs you can’t audit what happened |
| 10 | branch-guard | Protects deployment branches |
| 10 | read-once | Token savings, not safety (lower weight) |
| 5 | settings.json | Basic config existence |
| 5 | Claude installed | Prerequisite check |
| 5 | Permissions | Built‑in allow/deny rules |
How the hooks work
Hooks are deterministic safety layers that run before Claude Code executes a tool call. They are simple Bash scripts that can:
- Block dangerous commands (
rm -rf /,sudo,curl|bash, etc.). - Prevent destructive Git operations (force‑push, hard reset).
- Stop reads of sensitive files (
.env, private keys). - Enforce branch protection policies.
- Log every action for later audit.
Because they run regardless of the model’s decisions, they provide a reliable safety net even when the model is prompted to perform risky actions.
Running the check again
curl -fsSL https://raw.githubusercontent.com/Bande-a-Bonnot/Boucle-framework/main/tools/safety-check/check.sh | bashSource code
The safety‑check script is open‑source and includes 30 tests to verify its behavior. You can review the code and tests in the repository linked above.