Problem
Multiple tools are downloaded and executed without verification at container boot:
-
Claude CLI (init.d/01-tools.sh:11):
curl -fsSL https://claude.ai/install.sh | bash
-
Google Workspace skills (init.d/01-tools.sh:20):
npx -y skills add https://github.com/googleworkspace/cli -y
-
xurl (Dockerfile:31-35): Downloaded without checksum verification
-
gum (installer/gum.sh): Downloaded without checksum verification (host-side)
No checksums, no signatures, no version pinning. A compromised CDN or repo pushes malicious code that runs with node user privileges and access to all secrets.
Severity: CRITICAL (runtime downloads) / HIGH (build-time downloads)
Proposed Solution
- Pre-install Claude CLI in the Dockerfile at build time with a pinned version and SHA256 verification
- Pin GWS skills to a specific commit hash; install at build time
- Pin xurl version and add checksum verification in Dockerfile
- Pin gum version and add checksum verification in installer
Example pattern:
ARG XURL_VERSION=v1.2.3
ARG XURL_SHA256=abc123...
RUN curl -fsSL ".../xurl_${XURL_VERSION}_Linux_x86_64.tar.gz" -o /tmp/xurl.tar.gz && \
echo "$XURL_SHA256 /tmp/xurl.tar.gz" | sha256sum -c - && \
tar -xz -C /usr/local/bin -f /tmp/xurl.tar.gz xurl && \
rm /tmp/xurl.tar.gzContext
From security audit 2026-03-25.
Problem
Multiple tools are downloaded and executed without verification at container boot:
Claude CLI (
init.d/01-tools.sh:11):curl -fsSL https://claude.ai/install.sh | bashGoogle Workspace skills (
init.d/01-tools.sh:20):xurl (
Dockerfile:31-35): Downloaded without checksum verificationgum (
installer/gum.sh): Downloaded without checksum verification (host-side)No checksums, no signatures, no version pinning. A compromised CDN or repo pushes malicious code that runs with
nodeuser privileges and access to all secrets.Severity: CRITICAL (runtime downloads) / HIGH (build-time downloads)
Proposed Solution
Example pattern:
Context
From security audit 2026-03-25.