CapitalGuard

CapitalGuard Observatory · Tool record

Claude Code

Anthropic · coding agent

Claude Code is a local or cloud coding agent with file, command, network, MCP, and editing capabilities governed by permissions, sandboxing, trust, and account settings.

Public-Control Score

85

Extensive public control coverage

Measures publicly documented control coverage as of the review date. It is not a breach rate, penetration test, endorsement, or guarantee of safety.

Scored dimensions

The documented control surface.

This record is reviewed against the same five-dimension rubric used across every scored product.

Read Methodology

Access and scope transparency

18/20

Official material provides extensive operational detail for access and scope transparency.

Data and retention controls

16/20

Official material names concrete controls and meaningful boundaries for data and retention controls.

Connector and permission controls

17/20

Official material provides extensive operational detail for connector and permission controls.

Action, approval, and isolation controls

18/20

Official material provides extensive operational detail for action, approval, and isolation controls.

Audit and administrative evidence

16/20

Official material names concrete controls and meaningful boundaries for audit and administrative evidence.

Documented access points

1

repository and local file reads

2

edits and Bash commands

3

network access, MCP servers, hooks, and cloud environments

Settings to verify now

1

Permission mode and deny rules

2

Filesystem and network sandbox

3

Trusted directories, MCP servers, hooks, and unsandboxed escape paths

Linked security signals

Version checks that should not wait.

CVE-2026-24887 · high

Claude Code confirmation-prompt bypass

Claude Code releases before 2.0.72.

Update to 2.0.72 or later and keep untrusted repository content outside command-authorizing context.

CGO-CHANGE-2026-06-09 · informational

GitHub adds security validation for third-party coding agents

Supported GitHub agent workflows; coverage depends on repository and agent settings.

Keep the validation enabled, but retain branch protection, review, and least-privilege controls around agent-generated changes.

CGO-RESEARCH-2026-05 · informational

AgentSecBench formalizes three enforceable agent-security boundaries

Agentic systems that combine untrusted content, private context, and action-capable tools.

Project trusted provenance, restrict capabilities before generation, and validate outputs before execution.

Primary sources

Inspect the evidence directly.