Public Repository - Security hardening and monitoring tools for Claude Code CLI environments
security-config.json or storage-rules.json files with your real system paths, credentials, or sensitive information. Always customize configurations locally and keep them in .gitignore.
This toolkit provides comprehensive security controls, monitoring, and hardening measures for Claude Code CLI installations. It addresses identified vulnerabilities and implements defense-in-depth strategies to protect against unauthorized operations, data exfiltration, and behavioral manipulation.
- Protect user systems from unauthorized Claude Code operations
- Implement access controls for file system, network, and command execution
- Monitor and audit all Claude Code activities
- Enforce behavioral constraints for transparent, accountable operation
- Provide corrective actions for identified security gaps
- ✅ Comprehensive PreToolUse security hooks
- ✅ Storage access policy enforcement
- ✅ Command injection prevention
- ✅ Network activity monitoring
- ✅ Session audit logging
- ✅ File integrity monitoring
- ✅ Rate limiting and anomaly detection
- ✅ Symbolic link resolution
- ✅ Behavioral constraint enforcement
# Clone this repository (after pushing to GitHub)
git clone https://github.com/hah23255/claude-code-security-toolkit.git
cd claude-code-security-toolkit
# Run installation script
bash scripts/install.sh# Copy and customize configuration templates
cp config/templates/security-config.json ~/.claude/security-config.json
cp config/templates/storage-rules.json ~/.claude/storage-rules.json
# Edit with your specific paths and policies
vi ~/.claude/security-config.json# Deploy enhanced security hooks
bash scripts/deploy-hooks.sh
# Test hook enforcement
bash scripts/test-hooks.shclaude-code-security-toolkit/
├── README.md # This file
├── SECURITY.md # Security policy and reporting
├── LICENSE # License information
├── .gitignore # Git ignore patterns
│
├── docs/ # Documentation
│ ├── reports/ # Security assessment reports
│ │ ├── integrity-assessment.md # Initial integrity assessment
│ │ ├── corrected-assessment.md # Corrected user perspective
│ │ └── gap-analysis.md # Security gap analysis
│ ├── guides/ # Implementation guides
│ │ ├── installation.md # Installation instructions
│ │ ├── configuration.md # Configuration guide
│ │ ├── hardening.md # System hardening guide
│ │ └── troubleshooting.md # Troubleshooting guide
│ └── references/ # Reference documentation
│ ├── hook-api.md # Hook development reference
│ ├── gap-details.md # Detailed gap descriptions
│ └── attack-scenarios.md # Attack scenario documentation
│
├── hooks/ # Security hook implementations
│ ├── templates/ # Original hook templates
│ │ ├── storage_policy_enforcer.py
│ │ ├── security_guard.py
│ │ ├── session_start.py
│ │ └── session_end.py
│ ├── enhanced/ # Enhanced hardened hooks
│ │ ├── comprehensive_pretooluse.py
│ │ ├── enhanced_storage_policy.py
│ │ ├── enhanced_audit_logger.py
│ │ └── file_integrity_monitor.py
│ └── utils/ # Shared hook utilities
│ ├── patterns.py # Security pattern definitions
│ ├── logger.py # Logging utilities
│ └── validators.py # Validation functions
│
├── config/ # Configuration files
│ └── templates/ # Configuration templates
│ ├── security-config.json # Main security configuration
│ ├── storage-rules.json # Storage access rules
│ ├── settings.json # Claude settings template
│ └── behavioral-constraints.md # Output style constraints
│
├── tests/ # Test scripts
│ ├── test-hooks.sh # Hook functionality tests
│ ├── test-bypass-attempts.sh # Security bypass tests
│ ├── test-file-access.sh # File access policy tests
│ └── test-command-blocking.sh # Command blocking tests
│
├── examples/ # Example configurations
│ ├── minimal-config.json # Minimal security config
│ ├── strict-config.json # Strict security config
│ └── custom-rules.json # Custom rule examples
│
└── scripts/ # Utility scripts
├── install.sh # Installation script
├── deploy-hooks.sh # Hook deployment script
├── backup-config.sh # Configuration backup
├── restore-config.sh # Configuration restore
├── audit-analysis.sh # Audit log analysis
└── integrity-check.sh # System integrity check
Purpose: Prevent unauthorized file system access
Features:
- Whitelist/blacklist path enforcement
- Symbolic link resolution
- Real-path validation
- Critical file protection
Coverage: Write, Edit, NotebookEdit, Read operations
Purpose: Prevent command injection and malicious shell operations
Features:
- Dangerous pattern detection
- Command whitelist validation
- Argument sanitization
- Execution logging
Coverage: Bash tool operations
Purpose: Prevent data exfiltration and unauthorized network access
Features:
- Domain whitelist enforcement
- URL validation
- Network operation logging
- Suspicious pattern detection
Coverage: WebFetch, WebSearch operations
Purpose: Detect reconnaissance and information gathering attempts
Features:
- Sensitive pattern flagging
- Search operation logging
- Pattern-based alerting
Coverage: Glob, Grep operations
Purpose: Track and control sub-agent creation
Features:
- Agent spawn logging
- Task prompt analysis
- Suspicious task detection
Coverage: Task tool operations
Purpose: Enforce transparent, clear communication
Features:
- Output style enforcement
- Ruthless clarity standards
- Code quality requirements
- Deletion principle
Coverage: All Claude Code communications
Purpose: Maintain comprehensive activity trail
Features:
- Full operation logging
- Decision tracking (allow/block)
- Timestamp and context capture
- Forensic trail creation
Coverage: All monitored operations
Purpose: Detect and prevent automated/scripted abuse
Features:
- Per-tool rate limits
- Time-window based throttling
- Anomaly detection
- Burst prevention
Coverage: All tool operations
This toolkit addresses 15 identified security gaps in standard Claude Code installations:
- ✅ GAP 1: Read tool monitoring added
- ✅ GAP 2: Bash command monitoring implemented
- ✅ GAP 4: Fail-closed storage policy with required config
- ✅ GAP 5: Security scanner properly integrated
- ✅ GAP 12: Symbolic link resolution implemented
- ✅ GAP 3: Glob/Grep enumeration monitoring
- ✅ GAP 6: File content validation
- ✅ GAP 7: Network activity monitoring
- ✅ GAP 8: Detailed audit logging
- ✅ GAP 10: Task/agent monitoring
- ✅ GAP 13: Enhanced Edit operation controls
- ✅ GAP 15: Configuration file protection
- ✅ GAP 9: Rate limiting implemented
- ✅ GAP 11: File integrity monitoring
- ✅ GAP 14: Hook enforcement validation
See docs/references/gap-details.md for detailed information.
File: ~/.claude/security-config.json
{
"version": "1.0",
"fail_closed": true,
"restricted_paths": ["~/.ssh", "~/.gnupg", "~/.claude/hooks"],
"allowed_paths": ["/storage/emulated/0/Enterprise"],
"dangerous_bash_patterns": ["rm\\s+-rf", "dd\\s+if=", "curl.*-d\\s+@"],
"allowed_domains": ["docs.claude.com", "github.com"],
"rate_limits": {"Read": 100, "Bash": 20},
"monitoring": {
"log_all_operations": true,
"alert_on_suspicious": true,
"block_on_critical": true
}
}File: ~/.claude/storage-rules.json
{
"rules": {
"RULE_01": {
"authorized": {
"primary": [
{"path": "/storage/emulated/0/Enterprise", "bridge": "~/storage/Enterprise"}
]
},
"denied": {
"paths": ["/data/data/com.termux/files/home/*"],
"reason": "Internal storage access restricted",
"exceptions": ["~/.claude/sessions/**", "~/.claude/file-history/**"]
}
}
}
}See docs/guides/configuration.md for complete options.
# Deploy all enhanced security hooks
cd /storage/emulated/0/Enterprise/projects/claude-code-security-toolkit
bash scripts/deploy-hooks.sh# Run comprehensive security tests
bash tests/test-hooks.sh
# Test specific bypass attempts
bash tests/test-bypass-attempts.sh# View recent audit entries
tail -50 ~/.claude/audit.jsonl | jq .
# Analyze blocked operations
bash scripts/audit-analysis.sh --blocked
# Generate security report
bash scripts/audit-analysis.sh --report# Verify hook integrity
bash scripts/integrity-check.sh
# Check for unauthorized modifications
bash scripts/integrity-check.sh --verify-all- Review Audit Logs: Check
~/.claude/audit.jsonlweekly - Update Patterns: Keep
hooks/utils/patterns.pycurrent - Test Enforcement: Run tests after any changes
- Backup Configuration: Use
scripts/backup-config.sh
# Backup current configuration
bash scripts/backup-config.sh
# Update hooks
git pull origin main
bash scripts/deploy-hooks.sh
# Test updated hooks
bash tests/test-hooks.shSee docs/guides/troubleshooting.md for common issues and solutions.
- Integrity Assessment - Initial system analysis
- Corrected Assessment - User perspective correction
- Security Gap Analysis - Detailed vulnerability assessment
All reports available in docs/reports/.
Three documented attack chains:
- Credential Exfiltration
- Persistent Backdoor Installation
- Mass Data Enumeration
See docs/references/attack-scenarios.md.
- Create hook in
hooks/enhanced/ - Add to
config/templates/settings.json - Test with
tests/test-hooks.sh - Document in
docs/guides/
See docs/references/hook-api.md for:
- Hook input format
- Exit code meanings
- Logging standards
- Error handling
If you discover security vulnerabilities in this toolkit:
- Do NOT open public issues
- Contact repository owner directly
- Provide detailed reproduction steps
- Allow time for patching before disclosure
See SECURITY.md for full policy.
This toolkit is provided for personal use in protecting user-owned systems. See LICENSE for details.
- Installation: docs/guides/installation.md
- Configuration: docs/guides/configuration.md
- Hardening: docs/guides/hardening.md
For issues, questions, or improvements, open an issue in this repository.
This toolkit was developed in response to observed gaps in Claude Code CLI security controls. It represents user-implemented protective measures to ensure transparent, accountable, and secure operation.
Version: 1.0.0 Last Updated: 2025-10-29