diff --git a/FAQ.md b/FAQ.md index c0d8b885..a6089dd1 100644 --- a/FAQ.md +++ b/FAQ.md @@ -372,22 +372,30 @@ We welcome feedback from users who try Desktop Commander with other MCP clients ## Security & Permissions +> **Important**: For current security limitations and vulnerability reporting, see our [Security Policy](SECURITY.md). + ### Is it safe to give Claude access to my file system? -Claude Desktop Commander operates within certain safety boundaries: +Claude Desktop Commander has known security limitations: -- While file restrictions are currently disabled, Claude typically only works with files in folders you specifically direct it to +- Directory restrictions can be bypassed via symlinks and terminal commands +- Command blocking can be bypassed via command substitution and absolute paths - Claude can only perform actions that your user account has permission to do -- No data is sent to external servers beyond what you share in Claude conversations -> **Note:** Command blocking features are still in development. You should always review the actions Claude proposes before allowing it to make system changes, especially when working with important files or system configurations. +> **For production use requiring security**: Use the [Docker installation](#option-6-docker-installation-🐳-⭐-auto-updates-no-nodejs-required) with selective folder mounting for complete isolation from your host system. ### Can I control which directories Claude can access? -Recent updates have removed path limitations, and work is in progress to add configuration options that will allow you to specify which directories the tool can access. This feature is being developed in [PR #16](https://github.com/wonderwhy-er/ClaudeDesktopCommander/pull/16). +Directory access controls exist but have known bypass vulnerabilities. For secure usage, we recommend the Docker installation which provides complete isolation with controlled folder mounting. ### What commands are blocked by default? +Command blocking exists but can be bypassed through various methods. The current system blocks dangerous commands like `rm`, `sudo`, `format`, etc., but these restrictions can be circumvented. + +### How do I report security vulnerabilities? + +Please create a [GitHub Issue](https://github.com/wonderwhy-er/DesktopCommanderMCP/issues) with detailed information about any security vulnerabilities you discover. See our [Security Policy](SECURITY.md) for full guidelines. + Claude Desktop Commander doesn't have a pre-defined blocklist, but you can use the `block_command` and `unblock_command` functions to manage which commands Claude can execute. It's recommended to block commands that could potentially be destructive, such as `rm -rf` or `format`. ### Why is the fileWriteLineLimit set to 50 by default? What is the maximum value? diff --git a/README.md b/README.md index 7ce72068..0a5497c5 100644 --- a/README.md +++ b/README.md @@ -565,9 +565,15 @@ For commands that may take a while: ### ⚠️ Important Security Warnings -1. **Always change configuration in a separate chat window** from where you're doing your actual work. Claude may sometimes attempt to modify configuration settings (like `allowedDirectories`) if it encounters filesystem access restrictions. +> **For comprehensive security information and vulnerability reporting**: See [SECURITY.md](SECURITY.md) -2. **The `allowedDirectories` setting currently only restricts filesystem operations**, not terminal commands. Terminal commands can still access files outside allowed directories. Full terminal sandboxing is on the roadmap. +1. **Known security limitations**: Directory restrictions and command blocking can be bypassed through various methods including symlinks, command substitution, and absolute paths or code execution + +2. **Always change configuration in a separate chat window** from where you're doing your actual work. Claude may sometimes attempt to modify configuration settings (like `allowedDirectories`) if it encounters filesystem access restrictions. + +3. **The `allowedDirectories` setting currently only restricts filesystem operations**, not terminal commands. Terminal commands can still access files outside allowed directories. + +4. **For production security**: Use the [Docker installation](#option-6-docker-installation-🐳-⭐-auto-updates-no-nodejs-required) which provides complete isolation from your host system. ### Configuration Tools @@ -854,6 +860,9 @@ Yes, when installed through npx or Smithery, Desktop Commander automatically upd ### I'm having trouble installing or using the tool. Where can I get help? Join our [Discord server](https://discord.gg/kQ27sNnZr7) for community support, check the [GitHub issues](https://github.com/wonderwhy-er/DesktopCommanderMCP/issues) for known problems, or review the [full FAQ](FAQ.md) for troubleshooting tips. You can also visit our [website FAQ section](https://desktopcommander.app#faq) for a more user-friendly experience. If you encounter a new issue, please consider [opening a GitHub issue](https://github.com/wonderwhy-er/DesktopCommanderMCP/issues/new) with details about your problem. +### How do I report security vulnerabilities? +Please create a [GitHub Issue](https://github.com/wonderwhy-er/DesktopCommanderMCP/issues) with detailed information about any security vulnerabilities you discover. See our [Security Policy](SECURITY.md) for complete guidelines on responsible disclosure. + ## Data Collection & Privacy Desktop Commander collects limited anonymous telemetry data to help improve the tool. No personal information, file contents, file paths, or command arguments are collected. diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..85753a0a --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,40 @@ +# Security Policy + +## Current Security Approach + +Desktop Commander is designed for human users working with AI assistants like Claude. The security restrictions built into the tool are primarily **guardrails to help the AI model** avoid actions the user didn't intend, rather than hardened security boundaries. + +**Security is not currently our top priority** - we haven't heard significant demand from users for stronger security controls. We take **user needs seriously**, so if you need better security controls for your specific use case, please contact the team to discuss your requirements. + +**For users who need security**: We recommend using Desktop Commander with Docker, which provides complete isolation. See the [Docker installation section](README.md#option-6-docker-installation-🐳-⭐-auto-updates-no-nodejs-required) in our README for setup instructions. + +## Reporting Vulnerabilities + +1. **Create a GitHub Issue** with detailed information +2. **Label it as security-related** for visibility +3. **Include technical details** and proof of concept if possible +4. **Request attribution** if you'd like to be credited in any future advisories + +We will acknowledge reports and provide context as needed. + +## Current Security Limitations + +This project has known security limitations: +- Directory restrictions can be bypassed via symlinks and terminal commands +- Command blocking can be bypassed via substitution and absolute paths +- Terminal commands can access files outside `allowedDirectories` restrictions + +**For production use requiring security**: Use Docker installation with selective folder mounting for complete isolation. See [Docker installation instructions](README.md#option-6-docker-installation-🐳-⭐-auto-updates-no-nodejs-required) for setup details. + +## Disclosure Timeline + +As a startup focused on user needs rather than theoretical security concerns, we prioritize issues based on actual user demand. We may not respond immediately to security reports but will address issues that affect real user workflows. We appreciate responsible disclosure and will work with researchers when addressing vulnerabilities aligns with user priorities. + +## Contact + +- **GitHub Issues**: https://github.com/wonderwhy-er/DesktopCommanderMCP/issues +- **Discord Community**: https://discord.gg/kQ27sNnZr7 + +--- + +*Last updated: January 2025* \ No newline at end of file