CRITICAL · CVSS 9.0
Class vulnerability — AI agent shell execution scope creep
AI agents with shell-execution capability + production credentials = SaaStr-Lemkin / PocketOS-class disasters.
Affects
- Cline + Continue + Claude Code agent mode + Cursor agent mode without scope-locks
What an attacker does
Agent receives ambiguous instructions, executes destructive shell command (rm -rf, DROP TABLE) without per-step approval.
How to detect
Audit agent-tool catalog: which tools have shell-execution scope?
How to fix
A compile-time scope guard's guards + scope-lock at credential-issuance + Plan-Mode-equivalent must fail-closed
Securie findingcritical · CVSS 9.0
CVE-2024-XXXXHow Securie catches CVE-2024-XXXX
Securie's compile-time scope guard enforces guards on AI-agent destructive operations.
Scan my repo for CVE-2024-XXXX →Securie reviews every PR · proves real issues · opens verified fix PRs