claude-command-runner

The most significant security risk is the direct use of `eval "$COMMAND"` within the `createOutputCaptureScript`. This command executes arbitrary strings as shell commands, making it highly vulnerable to command injection if the `$COMMAND` variable, derived from user input, is not perfectly sanitized. While there are security configurations to block known dangerous commands and patterns, and to require confirmation for sensitive operations, these are blacklist-based and an attacker could potentially bypass them with novel injection techniques (e.g., using semicolons, backticks, or other shell metacharacters not covered by the single-quote escaping). Crucially, the user is only prompted to execute `bash /tmp/claude_script_UUID.sh` in the terminal, not the potentially malicious command string itself, removing the user's direct visibility over the actual command being evaluated. This significantly reduces the user's ability to act as the final arbiter of safety. Additionally, the reliance on AppleScript for keystroke automation can be fragile and requires specific macOS accessibility permissions, which is a common point of friction and potential permission escalation.