knewstimek/agent-tool

v0.6.1 Security

This release includes 8 security fixes for security teams reviewing exposed deployments.

Published 2mo MCP Developer Tools

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 8 known CVEs

Topics

ai-coding automation claude-code cli codex cross-platform

+13 more

cursor developer-tools dns encoding file-tools go mcp mcp-server mysql redis sftp ssh tls

Affected surfaces

auth rce_ssrf deps

Summary

AI summary

Security hardening across multiple components including SSH DNS rebinding prevention.

Full changelog

Quick Start

Download the binary for your OS below
Run agent-tool install (or agent-tool install claude)
Restart your IDE
Done — all tools work immediately, no permission popups

Or just ask your AI agent:

"Download agent-tool from https://github.com/knewstimek/agent-tool/releases/latest and run agent-tool install"

Any capable AI coding agent (Claude Code, Codex, etc.) can handle the full download → install → restart flow automatically.

Tip: Add this to your CLAUDE.md or AGENTS.md so your agent prefers agent-tool over built-in tools:

Strict mode:

ALWAYS use agent-tool MCP tools (mcp__agent-tool__*) instead of built-in file tools. agent-tool preserves file encoding and respects .editorconfig indentation settings.

Soft mode:

Prefer agent-tool MCP tools (mcp__agent-tool__*) over built-in file tools when available.

What's New in v0.6.1

New Tool

SLOC — Count source lines of code per language. 70+ language detection, per-file and per-language breakdown, blank line stats, configurable max_depth

Security Hardening (17 fixes from full codebase audit)

SSH DNS rebinding prevention: Use pre-resolved IP for actual Dial instead of re-resolving hostname
DLP expanded: Scan request body for ALL HTTP methods (previously only POST/PUT/PATCH — DELETE/GET with body could bypass)
TLSCheck: Block cloud metadata IPs (169.254.x.x, fe80::/10) to prevent SSRF probing
SFTP async errors: Sanitize passwords in stored error messages to prevent credential leakage
Rename/Mkdir: Add symlink check + dangerous system path protection (common/safepath.go)
Copy: Limit recursive directory walk to 10,000 files to prevent DoS
Redis: Block additional dangerous commands (EVALRO, EVALSHA_RO, FUNCTION, RESTORE)
Webfetch/Download: Filter hop-by-hop headers (Host, Content-Length, Transfer-Encoding) to prevent request smuggling
Install permissions: Remove set_config and externalip from safe auto-approve list (set_config can change SSRF policy)

43 Tools Total

File tools (encoding-aware), SSH/SFTP, Bash, Web, Process, MySQL, Redis, DNS, TLS, SLOC, and more.

Security Fixes

SSH DNS rebinding prevention: use pre‑resolved IP instead of re‑resolving hostname
DLP expanded to scan request bodies for all HTTP methods (including DELETE/GET with body)
TLSCheck blocks cloud metadata IPs (169.254.x.x, fe80::/10) to prevent SSRF probing
SFTP sanitizes passwords in stored error messages to avoid credential leakage
Copy limits recursive directory walk to 10,000 files to mitigate DoS
Redis blocks additional dangerous commands: EVALRO, EVALSHA_RO, FUNCTION, RESTORE
Webfetch/Download filters hop‑by‑hop headers (Host, Content-Length, Transfer-Encoding) to prevent request smuggling
Install permissions remove `set_config` and `externalip` from safe auto‑approve list

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track knewstimek/agent-tool

Get notified when new releases ship.

About knewstimek/agent-tool

Encoding-aware, indentation-smart file tools for AI coding agents. 20+ tools including read/edit with automatic encoding detection, smart indentation conversion, SSH, SFTP, process management, and system utilities. Preserves file encoding (UTF-8, EUC-KR, Shift_JIS, etc.) and respects .editorconfig settings.

All releases →