If you discover a security vulnerability in claude-starter, please report it by emailing security@raintree.ai (or create a private security advisory on GitHub).

Please do not open a public issue.

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

We will respond within 48 hours and provide a timeline for fixing the issue.

This package implements multiple layers of security:

• ✅ Documentation pulling uses execFile with argument arrays
• ✅ Workflow shell execution is disabled by default and requires explicit --allow-shell opt-in
• ✅ Claude slash-command workflow steps require an explicit verified handler and fail closed otherwise
• ✅ Workflow child processes run with a scrubbed environment instead of inheriting all parent secrets

• ✅ All file paths validated before operations
• ✅ isPathSafe() checks ensure paths stay within expected directories
• ✅ Relative paths only (no absolute paths)
• ✅ No .. directory traversal allowed

• ✅ Deep merge functions block __proto__, constructor, prototype
• ✅ No dynamic property access from user input

• ✅ Length checks before regex validation
• ✅ Simple, non-backtracking regex patterns
• ✅ Maximum input lengths enforced

• ✅ Symlinks detected and rejected during copy operations
• ✅ lstat() used instead of stat() to detect links
• ✅ Warning messages for skipped symlinks

• ✅ File size limits (10MB for manifest.json)
• ✅ Array length limits (1000 skills max)
• ✅ Depth limits on nested objects

• ✅ URL validation blocks localhost, private IPs, file:// protocol
• ✅ Only http:// and https:// allowed
• ✅ Documentation sources are curated through the shipped manifest and should stay on reviewed domains

• ✅ Shared template settings ship without wildcard tool permissions
• ✅ Executable hooks and elevated trust settings belong in .claude/settings.local.json

• ✅ Skill installation guidance requires commit-pinned GitHub sources
• ✅ Skill installs review a single downloaded artifact and surface its SHA-256 digest before install
• ✅ Installed bytes are copied from the reviewed artifact instead of being re-fetched from a mutable branch

• ✅ All user inputs sanitized
• ✅ Skill IDs, paths, URLs validated before use
• ✅ Log injection prevention (control character filtering)

1. Checksum verification - Downloaded docs not yet verified with checksums (planned for v1.1)
2. Binary signature verification - TOON binaries not yet signed (planned for v1.1)
3. Rate limiting - No limits on docpull frequency (planned for v1.2)
4. Transaction rollback - Partial installs don't auto-rollback (planned for v1.2)

• Content validation - We don't validate the actual content of pulled documentation
• Network security - SSL/TLS is handled by Node.js and docpull
• User authentication - This is a local tool, no auth required

We regularly audit dependencies:

# Check for vulnerabilities
npm audit

# Update dependencies
npm update

# Check for outdated packages
npm outdated

Automated: GitHub Dependabot alerts enabled

1. Only install from npm:

   npx create-claude-starter  # ✅ Safe

2. Verify package integrity:

   npm view create-claude-starter dist.integrity

3. Don't run with elevated privileges:

   sudo npx create-claude-starter  # ❌ Not needed

4. Review skills before installation:

   npx claude-starter list  # See what's available

1. Never commit secrets - Use .gitignore
2. Validate all inputs - Use security.js utilities
3. Default to typed execution - Use execFile or other typed actions by default; keep shell execution opt-in and heavily tested
4. Test security - Run npm run test:security
5. Update dependencies - Keep packages current

Before each release, verify:

• npm audit shows no vulnerabilities
• All dependencies up to date
• Security tests passing
• No hardcoded secrets or credentials
• All file operations use path validation
• Workflow shell execution remains disabled by default
• Any reviewed shell workflows require explicit opt-in and confirmation
• Input validation on all user-provided data
• Error messages don't leak sensitive info
• CHANGELOG.md documents security fixes

Run security tests:

# Unit tests (including security)
npm test

# Specific security tests
npm run test:security

# Dependency audit
npm audit

# Static analysis
npm run lint

• Initial release with core security measures
• Command injection prevention
• Path traversal protection
• Prototype pollution fixes
• ReDoS prevention
• Symlink attack mitigation
• JSON bomb limits

Security audit and improvements by the Raintree team.

If you have security concerns or suggestions, please contact us at security@raintree.ai.