-
Notifications
You must be signed in to change notification settings - Fork 1
All issues
Issue creation is restricted in this repository
Issues
is:issue state:open
is:issue state:open
Search results
Hook-mode Write guard doesn't canonicalize paths —
/private/etc/sudoers,//etc/passwd,/etc/./passwdbypass the anchored system-file blockbugSomething isn't workingSomething isn't workingStatus: Open.#241 In ryo-ebata/cc-audit;Hook-mode Bash guard does no shell normalization —
c\url,su\do,ch"m"od,ba''se64defeat every keyword regexbugSomething isn't workingSomething isn't workingStatus: Open.#240 In ryo-ebata/cc-audit;Hook-mode localhost/127.0.0.1 exclusion is substring-matched over the whole command —
127.0.0.1.evil.com/ pathlocalhost.phpsuppress EX-001/EX-002/EX-005bugSomething isn't workingSomething isn't workingStatus: Open.#239 In ryo-ebata/cc-audit;Hook-mode SC-001 only matches
| sh/| bash—| python/| zsh/| sudo bash/bash -c "$(curl)"bypass the runtime curl-pipe guardbugSomething isn't workingSomething isn't workingStatus: Open.#238 In ryo-ebata/cc-audit;Hook-mode gate denies only
critical, but PE-001/PS-001/EX-006 are hardcodedhighin the analyzer — sudo/crontab/credential-exfil run at runtime (fail-open)bugSomething isn't workingSomething isn't workingStatus: Open.#237 In ryo-ebata/cc-audit;UTF-8 BOM (or leading blank line) before
---defeats frontmatter extraction — OP-001 (wildcard allowed-tools) evadedbugSomething isn't workingSomething isn't workingStatus: Open.#229 In ryo-ebata/cc-audit;CVE scan treats package.json version ranges (
^1.2.0,latest) as the resolved version — false positives on patched installsbugSomething isn't workingSomething isn't workingStatus: Open.#225 In ryo-ebata/cc-audit;CVE scope normalization misses the real published
@modelcontextprotocol/inspector— CVE-2025-49596 not flagged for the canonical package namebugSomething isn't workingSomething isn't workingStatus: Open.#224 In ryo-ebata/cc-audit;CVE
version_affected: "*"(all versions) matches nothing — wildcard entries are permanently inertbugSomething isn't workingSomething isn't workingStatus: Open.#223 In ryo-ebata/cc-audit;CVE data bug: escaped product names
\@frontmcp\/adapters/\@frontmcp\/sdknever match real package names (CVE-2026-39885 false negative)bugSomething isn't workingSomething isn't workingStatus: Open.#222 In ryo-ebata/cc-audit;CVE version matching: prerelease versions (1.5.0-beta.1) sort ABOVE the release — vulnerable RC/beta builds evade detection
bugSomething isn't workingSomething isn't workingStatus: Open.#221 In ryo-ebata/cc-audit;Skill scanner collects .php/.pl/.mjs/.cjs/.ps1/.lua files (is_text_file) but SCANNABLE_EXTENSIONS refuses to scan them — silent false negative
bugSomething isn't workingSomething isn't workingStatus: Open.#220 In ryo-ebata/cc-audit;