Back to Docs
Security Model
Trust boundaries and security guarantees of the claudeBase ecosystem.
Trust Hierarchy
Claude Code (Sole Runtime Authority)
↑ Loads plugins from
~/.claude/plugins/ (Local Plugin Store)
↑ Installs to
claudeBase CLI (Package Manager Only)
↑ Fetches from
claudeBase Catalog (Authoritative Allowlist)
↑ Publishes to
Dashboard (Untrusted Input)
What claudeBase CLI Does NOT Do
Execute plugin code
Run lifecycle scripts
Install system dependencies
Modify files outside ~/.claude
Make background network calls
Auto-update itself or plugins
Send telemetry
Access user credentials
Cryptographic Guarantees
Catalog Snapshots
Content-addressed by SHA-256 hash. Hash verified before use. Immutable once generated.
Plugin Integrity
integrity.json contains SHA-256 of each file. Root hash covers entire file tree. Verified on every install.
Downgrade Protection
Monotonic timestamp tracking prevents replay of older catalog snapshots.
Attack Mitigations
| Attack | Mitigation |
|---|---|
| Supply chain (malicious npm) | Allowlist-only installation |
| Typosquatting | Catalog lookup by exact name |
| MITM on catalog | HTTPS + hash verification |
| Catalog downgrade | Monotonic timestamp tracking |
| Path traversal | Validation + normalization |
| Symlink escape | All links rejected |
| Race condition | File locking |
Revocation Model
- • Revoked plugins blocked from new installations immediately
- • Existing installations are NOT automatically removed
- • User must explicitly remove with
plugin remove - • Clear audit trail maintained locally