GHSA-xrmc-c5cg-rv7x: SafeInstall agent guard shell parsing can miss raw package execution
SafeInstall CLI versions up to 0.10.1 have a vulnerability in their agent guard shell parsing that can allow certain raw package-manager and registry-runner commands to bypass policy evaluation. This occurs due to the guard failing to recognize commands with case-variant launcher names, leading file-descriptor redirections, and supported shell wrappers with options. As a result, a coding agent may execute package installations or scaffolding commands without SafeInstall enforcing its security policies. The issue is fixed in version 0.10.2.
AI Analysis
Technical Summary
SafeInstall CLI through version 0.10.1 contains a vulnerability where its agent guard shell parsing fails to detect some package-manager and registry-runner commands. This failure is caused by case-variant launcher names, leading file-descriptor redirections, and shell wrappers with options, which cause raw install commands to bypass the guard's approval decision. Remote project scaffolding commands can also avoid policy evaluation. Exploitation requires a coding agent to execute attacker-influenced crafted shell commands, potentially allowing malicious package installations or scaffolding to run with developer account permissions. The vulnerability affects only commands bypassing the guard interception; commands routed through the SafeInstall CLI remain protected. The issue is resolved in version 0.10.2 by normalizing launcher names, parsing redirections, handling wrapper options conservatively, and routing scaffolding commands through the approval path.
Potential Impact
An attacker able to influence a coding agent's shell commands can bypass SafeInstall's intended deny or ask responses, causing unauthorized package installations or registry scaffolding commands to execute without policy checks or lifecycle script restrictions. This can compromise the confidentiality, integrity, and availability of local source code, credentials, and development resources by running code with the developer's permissions.
Mitigation Recommendations
Upgrade to safeinstall-cli version 0.10.2 or later, which includes fixes for command normalization, redirection parsing, and approval routing. Until upgrading is possible, manually review all coding-agent shell commands and prevent the agent from invoking package managers or registry runners directly, as running an affected guard does not ensure raw package-manager execution is safe.
GHSA-xrmc-c5cg-rv7x: SafeInstall agent guard shell parsing can miss raw package execution
Description
SafeInstall CLI versions up to 0.10.1 have a vulnerability in their agent guard shell parsing that can allow certain raw package-manager and registry-runner commands to bypass policy evaluation. This occurs due to the guard failing to recognize commands with case-variant launcher names, leading file-descriptor redirections, and supported shell wrappers with options. As a result, a coding agent may execute package installations or scaffolding commands without SafeInstall enforcing its security policies. The issue is fixed in version 0.10.2.
CVSS v3.1
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
SafeInstall CLI through version 0.10.1 contains a vulnerability where its agent guard shell parsing fails to detect some package-manager and registry-runner commands. This failure is caused by case-variant launcher names, leading file-descriptor redirections, and shell wrappers with options, which cause raw install commands to bypass the guard's approval decision. Remote project scaffolding commands can also avoid policy evaluation. Exploitation requires a coding agent to execute attacker-influenced crafted shell commands, potentially allowing malicious package installations or scaffolding to run with developer account permissions. The vulnerability affects only commands bypassing the guard interception; commands routed through the SafeInstall CLI remain protected. The issue is resolved in version 0.10.2 by normalizing launcher names, parsing redirections, handling wrapper options conservatively, and routing scaffolding commands through the approval path.
Potential Impact
An attacker able to influence a coding agent's shell commands can bypass SafeInstall's intended deny or ask responses, causing unauthorized package installations or registry scaffolding commands to execute without policy checks or lifecycle script restrictions. This can compromise the confidentiality, integrity, and availability of local source code, credentials, and development resources by running code with the developer's permissions.
Mitigation Recommendations
Upgrade to safeinstall-cli version 0.10.2 or later, which includes fixes for command normalization, redirection parsing, and approval routing. Until upgrading is possible, manually review all coding-agent shell commands and prevent the agent from invoking package managers or registry runners directly, as running an affected guard does not ensure raw package-manager execution is safe.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-xrmc-c5cg-rv7x
- Osv Schema Version
- 1.4.0
- Aliases
- []
- Ecosystems
- ["npm"]
- Database Specific Severity
- HIGH
- Cvss Version
- 3.1
Threat ID: 6a520eb368715ace438f5262
Added to database: 07/11/2026, 09:36:51 UTC
Last enriched: 07/11/2026, 09:49:34 UTC
Last updated: 07/11/2026, 09:49:34 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.