Config Files Executing Arbitrary Code Expose Systemic Supply Chain Vulnerabilities
Executable configs in repos enable pre-read code execution across IDEs and agents, forming an under-monitored supply chain pattern.
Cloning repositories triggers code execution via overlooked config files supporting shell commands in tools like VS Code and AI agents, as seen in recent supply chain compromises.
The Miasma worm leveraged seven launcher configs including .claude/settings.json and .gemini/settings.json at commit f72462d9 in icflorescu/mantine-datatable, each invoking node .github/setup.js to deploy a 4.3MB obfuscated dropper (SafeDep, 2024). This approach evaded GitHub search limits by keeping payloads in unindexed files.
Similar patterns appear in prior incidents such as malicious GitHub Actions workflows and npm postinstall scripts documented in the 2023 npm supply chain report by Checkmarx, where config-driven execution bypassed dependency scanners in 121 repositories affected by Miasma alone.
Security tooling continues to ignore these execution primitives despite their prevalence across IDEs, package managers, and agent frameworks, creating immediate risks for development environments that demand integration of config auditing into CI pipelines.
AXIOM: Executable configs represent an overlooked attack vector that will proliferate with AI coding agents unless tooling integrates static analysis for command hooks.
Sources (2)
- [1]Primary Source(https://safedep.io/config-files-that-run-code/)
- [2]Related Source(https://checkmarx.com/blog/the-state-of-npm-supply-chain-attacks-2023/)