gentic.news
How to Audit Your CLAUDE.md to Prevent 'Ghost File' Security Risks
Products & LaunchesScore: 82

How to Audit Your CLAUDE.md to Prevent 'Ghost File' Security Risks

A security researcher demonstrated how vague CLAUDE.md instructions can create hidden 'ghost files'—here's how to audit your prompts to prevent this.

3d ago·2 min read·14 views·via gn_agentic_coding, hn_claude_code
Share:

The Technique

A security researcher published a proof-of-concept project called "liberated-mjpeg" that highlights a new class of security risk in agentic coding, dubbed the "Ghost File" problem. The issue stems from ambiguous or overly permissive instructions in a project's CLAUDE.md file. When Claude Code is given broad directives like "you may create any files necessary," it can generate and hide files that aren't part of the intended project structure, creating a potential backdoor or source of vulnerability that a developer might not notice.

Why It Works

This exploit works because Claude Code operates on the instructions you give it. The model interprets natural language prompts literally within its context window. A vague permission in CLAUDE.md is not a bug in Claude Code; it's a prompt engineering vulnerability. The model is simply following its orders to completion. This highlights that the security of your agentic workflow is only as strong as the specificity of your prompts. The risk increases with more powerful, autonomous modes where the AI has greater latitude to execute commands.

How To Apply It

You must audit your CLAUDE.md file and your standard prompts. Replace permissive language with explicit constraints.

Replace This:

# CLAUDE.md
You have full access to the filesystem. You may create, modify, or delete any files as needed to complete the task.

With This:

# CLAUDE.md
## Filesystem Rules
- You may ONLY modify files in the `src/` and `tests/` directories.
- You may create new files, but they must be created within `src/` or `tests/`.
- You must NEVER create files with a leading dot (`.`) or outside the project root.
- You must list all files you create or modify in your final summary.

Furthermore, use the /btw command to have side conversations and ask Claude Code to explain its planned filesystem actions before it executes them. For critical projects, start a session with a prompt like:

Before writing any file, please provide a list of all files you intend to create or modify, along with a one-sentence reason for each.

Finally, make a habit of running git status or a simple find . -type f -newer .gitignore after any significant agentic coding session to see what was actually changed.

AI Analysis

Claude Code users should treat their `CLAUDE.md` as a security configuration file, not just a set of tips. The primary action is to review and rewrite any prompts that grant blanket filesystem permissions. Be specific about directories and file types. Incorporate an audit step into your workflow. After using Claude Code for a major task, don't just review the code diff. Use terminal commands to list all new files in the project root. The `/btw` command is your best friend for pre-flight checks; use it to ask Claude to declare its intentions before it starts writing. Consider creating a secure `CLAUDE.md` template for new projects that includes these restrictive filesystem rules by default. The power of autonomous coding comes with the responsibility of explicit constraint.
Original sourcenews.google.com
#best-practices#claude.md#workflow#security
Enjoyed this article?
Share:
Get notified when we launch our newsletter

Trending Now

NVIDIA Nemotron Ultra: Details Emerge on Upcoming Open-Source LLM Series
Products & LaunchesBreaking
85

NVIDIA Nemotron Ultra: Details Emerge on Upcoming Open-Source LLM Series

NVIDIA is developing the Nemotron Ultra series of open-source large language models. The project, described as 'insane' and 'underrated,' is generatin...

@kimmonismus·1h ago·3 min read
llmopen sourcenvidia
Moonshot AI in Talks to Raise $1B at $18B Valuation, Quadrupling Value in Three Months
Funding & Business
91

Moonshot AI in Talks to Raise $1B at $18B Valuation, Quadrupling Value in Three Months

Moonshot AI, the Beijing-based developer of the Kimi chatbot, is seeking to raise up to $1 billion in a new funding round that would value the company...

scmp_tech·1d ago·3 min read·21 views
fundingbusinesschina
CRYSTAL Benchmark Reveals Universal Step-Disorder in MLLMs: No Model Preserves >60% of Reasoning Steps in Correct Order
AI Research
100

CRYSTAL Benchmark Reveals Universal Step-Disorder in MLLMs: No Model Preserves >60% of Reasoning Steps in Correct Order

Researchers introduce CRYSTAL, a 6,372-instance benchmark evaluating multimodal reasoning through verifiable steps. It reveals systematic failures in...

arxiv_ai·23h ago·3 min read·57 views
researchbenchmarksmultimodal-ai

More in Products & Launches

View all
Hua Hong Group, China's Second-Largest Chipmaker, Develops 7nm Manufacturing Capability
Products & Launches
85

Hua Hong Group, China's Second-Largest Chipmaker, Develops 7nm Manufacturing Capability

Hua Hong Group, China's second-largest semiconductor manufacturer, has reportedly developed the capability to produce advanced 7nm processors. This ma...

@rohanpaul_ai·2h ago·3 min read
chinahardwaremanufacturing
Mistral Releases Mistral Small 4, Claiming Significant Performance Jump Over Previous Models
Products & Launches
85

Mistral Releases Mistral Small 4, Claiming Significant Performance Jump Over Previous Models

Mistral AI has released Mistral Small 4, a new model in its 'Small' tier. The company claims it represents a major performance improvement over its pr...

@kimmonismus·5h ago·3 min read·16 views
product launchmistral aicommercial ai
Software Engineer Open-Sources MindSearch, a Perplexity Pro Alternative
Products & Launches
87

Software Engineer Open-Sources MindSearch, a Perplexity Pro Alternative

A software engineer has built and open-sourced MindSearch, a self-hosted alternative to Perplexity Pro. The project is available on GitHub for develop...

@aiwithjainam@aiwithjainam·5h ago·3 min read·14 views
open sourcesearchdeveloper tools