1→{
     2→  "permissions": {
     3→    "allow": [
     4→      "Bash(git:*)",
     5→      "Bash(gh:*)",
     6→      "Bash(ssh:*)",
     7→      "Bash(scp:*)",
     8→      "Bash(rsync:*)",
     9→      "Bash(wsl:*)",
    10→      "Bash(wsl.exe:*)",
    11→      "Bash(cat:*)",
    12→      "Bash(ls:*)",
    13→      "Bash(find:*)",
    14→      "Bash(grep:*)",
    15→      "Bash(echo:*)",
    16→      "Bash(chmod:*)",
    17→      "Bash(chown:*)",
    18→      "Bash(mkdir:*)",
    19→      "Bash(rm:*)",
    20→      "Bash(cp:*)",
    21→      "Bash(mv:*)",
    22→      "Bash(curl:*)",
    23→      "Bash(wget:*)",
    24→      "Bash(nslookup:*)",
    25→      "Bash(dig:*)",
    26→      "Bash(ping:*)",
    27→      "Bash(python:*)",
    28→      "Bash(python3:*)",
    29→      "Bash(node:*)",
    30→      "Bash(npm:*)",
    31→      "Bash(npx:*)",
    32→      "Bash(cargo:*)",
    33→      "Bash(rustc:*)",
    34→      "Bash(powershell.exe:*)",
    35→      "Bash(pwsh:*)",
    36→      "Bash(which:*)",
    37→      "Bash(where:*)",
    38→      "Bash(whoami:*)",
    39→      "Bash(date:*)",
    40→      "Bash(head:*)",
    41→      "Bash(tail:*)",
    42→      "Bash(less:*)",
    43→      "Bash(more:*)",
    44→      "Bash(diff:*)",
    45→      "Bash(tar:*)",
    46→      "Bash(unzip:*)",
    47→      "Bash(zip:*)",
    48→      "Bash(docker:*)",
    49→      "Bash(docker-compose:*)",
    50→      "Bash(systemctl:*)",
    51→      "Bash(service:*)",
    52→      "Bash(journalctl:*)",
    53→      "Bash(apt:*)",
    54→      "Bash(apt-get:*)",
    55→      "Bash(brew:*)",
    56→      "Bash(code:*)",
    57→      "Bash(make:*)",
    58→      "Bash(cmake:*)",
    59→      "WebFetch(domain:*)",
    60→      "Bash(TOKEN=\"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJleHAiOjE3NjYxOTI1MTcsImlhdCI6MTc2NjEwNjExN30.l5CmWuaeX80CeDYlIG4wRqsZL6VKPWSTm-tVJkxCoH4\")",
    61→      "Bash(dir:*)",
    62→      "Bash(rustup target list:*)",
    63→      "Bash(rustup target add:*)",
    64→      "Bash(wc:*)",
    65→      "Bash(\"/c/Program Files \\(x86\\)/Microsoft Visual Studio/Installer/vswhere.exe\" -all -format json)",
    66→      "Bash(winget:*)",
    67→      "Bash(choco --version:*)",
    68→      "Bash(\"/c/Program Files \\(x86\\)/Microsoft Visual Studio/Installer/vswhere.exe\" -all -products \"*\" -format value -property installationPath)",
    69→      "Skill(s)",
    70→      "Bash(powershell -Command \"\\(Get-Content service.rs -Raw\\) -replace ''#\\\\[cfg\\\\\\(windows\\\\\\)\\\\]\\\\r?\\\\npub mod windows \\\\{'', ''#[cfg\\(all\\(windows, feature = \"\"native-service\"\"\\)\\)]\npub mod windows {'' | Set-Content service.rs -NoNewline\")",
    71→      "Bash(powershell -Command \"\\(Get-Content service.rs -Raw\\) -replace ''println!\\\\\\(\"\"Binary: \\\\{\\\\}\\\\gururmm-agent.exe\"\", INSTALL_DIR\\\\\\);'', ''println!\\(\"\"Binary: {}\\\\\\\\gururmm-agent.exe\"\", INSTALL_DIR\\);'' -replace ''println!\\\\\\(\"\"Config: \\\\{\\\\}\\\\agent.toml\"\", CONFIG_DIR\\\\\\);'', ''println!\\(\"\"Config: {}\\\\\\\\agent.toml\"\", CONFIG_DIR\\);'' | Set-Content service.rs -NoNewline\")",
    72→      "Bash(perl -i -pe:*)",
    73→      "Bash(xxd:*)",
    74→      "Bash(timeout:*)",
    75→      "Bash(C:WindowsSystem32OpenSSHssh.exe root@ix.azcomputerguru.com \"/usr/local/cpanel/bin/register_appconfig /var/cpanel/apps/cloudflare_dns.conf\")",
    76→      "Bash(\"C:/Program Files/Git/usr/bin/ssh.exe\" root@ix.azcomputerguru.com \"/usr/local/cpanel/bin/register_appconfig /var/cpanel/apps/cloudflare_dns.conf\")",
    77→      "Bash(\"C:/Program Files/Git/usr/bin/ssh.exe\" root@ix.azcomputerguru.com \"cat /var/cpanel/apps/imunify360.conf 2>/dev/null | head -20\")",
    78→      "Bash(\"C:/Program Files/Git/usr/bin/ssh.exe\" root@ix.azcomputerguru.com \"cat > /var/cpanel/apps/cloudflare_dns.conf << ''EOF''\nname=cloudflare_dns\nservice=whostmgr\nuser=root\nurl=addon_cloudflareDNS.cgi\nacls=all\ndisplayname=Cloudflare DNS Manager\nentryurl=addon_cloudflareDNS.cgi\nicon=icon_cloudflare_dns.svg\ntarget=_self\nsearchtext=cloudflare dns\nEOF\")",
    79→      "Bash(\"C:/Program Files/Git/usr/bin/ssh.exe\" root@ix.azcomputerguru.com \"/usr/local/cpanel/bin/register_appconfig /var/cpanel/apps/cloudflare_dns.conf && /usr/local/cpanel/bin/rebuild_whm_chrome\")",
    80→      "Bash(\"C:/Program Files/Git/usr/bin/ssh.exe\" root@ix.azcomputerguru.com \"/usr/local/cpanel/scripts/rebuild_whostmgr_chrome 2>&1 || /scripts/rebuild_whostmgr_chrome 2>&1\")",
    81→      "Bash(\"C:/Program Files/Git/usr/bin/ssh.exe\" root@ix.azcomputerguru.com \"ls /usr/local/cpanel/scripts/ | grep -i chrome; ls /usr/local/cpanel/bin/ | grep -i chrome\")",
    82→      "Bash(\"C:/Program Files/Git/usr/bin/ssh.exe\" root@ix.azcomputerguru.com \"/usr/local/cpanel/scripts/rebuild_whm_chrome\")",
    83→      "Bash(\"C:/Program Files/Git/usr/bin/ssh.exe\" root@ix.azcomputerguru.com \"cat /var/cpanel/apps/cloudflare_dns.conf && echo ''---'' && ls -la /usr/local/cpanel/whostmgr/docroot/cgi/addon_cloudflareDNS.cgi\")",
    84→      "Bash(\"C:/Program Files/Git/usr/bin/ssh.exe\" root@ix.azcomputerguru.com \"/usr/local/cpanel/bin/register_appconfig --list 2>/dev/null | grep -i cloudflare || echo ''Not in list''\")",
    85→      "Bash(\"C:/Program Files/Git/usr/bin/ssh.exe\" root@ix.azcomputerguru.com \"cat /var/cpanel/apps/imunify360.conf\")",
    86→      "Bash(\"C:/Program Files/Git/usr/bin/ssh.exe\" root@ix.azcomputerguru.com \"ls /var/cpanel/apps/ && cat /var/cpanel/apps/addon_configserver_csf.conf 2>/dev/null | head -20\")",
    87→      "Bash(\"C:/Program Files/Git/usr/bin/ssh.exe\" root@ix.azcomputerguru.com \"cat /var/cpanel/apps/whm-360-monitoring.conf\")",
    88→      "Bash(\"C:/Program Files/Git/usr/bin/ssh.exe\" root@ix.azcomputerguru.com \"cat > /var/cpanel/apps/cloudflare_dns.conf << ''EOF''\nname=cloudflare_dns\nservice=whostmgr\nuser=root\nurl=/cgi/addon_cloudflareDNS.cgi\nacls=all\ndisplayname=Cloudflare DNS Manager\nentryurl=addon_cloudflareDNS.cgi\nicon=icon_cloudflare_dns.svg\ntarget=_self\nsearchtext=cloudflare dns\nEOF\")",
    89→      "Bash(\"C:/Program Files/Git/usr/bin/ssh.exe\" root@ix.azcomputerguru.com \"/usr/local/cpanel/bin/register_appconfig /var/cpanel/apps/cloudflare_dns.conf 2>&1\")",
    90→      "Bash(\"C:/Program Files/Git/usr/bin/ssh.exe\" root@ix.azcomputerguru.com \"/usr/local/cpanel/bin/register_appconfig --list 2>/dev/null | grep -i cloudflare && /usr/local/cpanel/scripts/rebuild_whm_chrome 2>&1\")",
    91→      "Bash(\"C:/Program Files/Git/usr/bin/ssh.exe\" root@ix.azcomputerguru.com \"/usr/local/cpanel/bin/register_appconfig --list 2>&1\")",
    92→      "Bash(ipconfig:*)",
    93→      "Bash(net view \\\\192.168.0.27)",
    94→      "Bash(powershell -Command \"$cred = New-Object System.Management.Automation.PSCredential\\(''INTRANET\\\\sysadmin'', \\(ConvertTo-SecureString ''Paper123!@#'' -AsPlainText -Force\\)\\); Invoke-Command -ComputerName 192.168.0.27 -Credential $cred -ScriptBlock { Get-WindowsFeature NPAS* | Select-Object Name,InstallState }\")",
    95→      "Bash(powershell -Command \"Set-Item WSMan:\\\\localhost\\\\Client\\\\TrustedHosts -Value ''192.168.0.27'' -Force; Get-Item WSMan:\\\\localhost\\\\Client\\\\TrustedHosts\")",
    96→      "Bash(powershell -Command \"Start-Service WinRM; Set-Item WSMan:\\\\localhost\\\\Client\\\\TrustedHosts -Value ''192.168.0.27'' -Force\")",
    97→      "Bash(powershell -Command \"$pass = ConvertTo-SecureString ''Paper123!@#'' -AsPlainText -Force; $cred = New-Object System.Management.Automation.PSCredential\\(''INTRANET\\\\sysadmin'', $pass\\); Invoke-Command -ComputerName 192.168.0.27 -Credential $cred -ScriptBlock { Get-WindowsFeature NPAS* | Select-Object Name,InstallState }\")",
    98→      "Bash(powershell -ExecutionPolicy Bypass -File \"C:\\\\Users\\\\MikeSwanson\\\\claude-projects\\\\check-nps.ps1\")",
    99→      "Bash(powershell -ExecutionPolicy Bypass -File \"C:\\\\Users\\\\MikeSwanson\\\\claude-projects\\\\get-nps-config.ps1\")",
   100→      "Bash(powershell:*)",
   101→      "Bash(\"C:\\\\Program Files\\\\PuTTY\\\\plink.exe\" -ssh -batch -pw \"Paper123!@#-unifi\" root@192.168.0.254 \"hostname; uname -a; cat /mnt/data/unifi-os/unifi-core/config/settings.yaml 2>/dev/null | head -50\")",
   102→      "Bash(\"C:\\\\Program Files\\\\PuTTY\\\\plink.exe\" -ssh -batch -pw \"Paper123!@#-unifi\" root@192.168.0.254 \"find /mnt/data -name ''*vpn*'' -o -name ''*radius*'' 2>/dev/null | head -20\")",
   103→      "Bash(\"C:\\\\Program Files\\\\PuTTY\\\\plink.exe\" -ssh -pw \"Paper123!@#-unifi\" root@192.168.0.254 \"cat /mnt/data/udapi-config/raddb/clients.conf 2>/dev/null; ls -la /mnt/data/udapi-config/ 2>/dev/null\")",
   104→      "Bash(\"C:\\\\Program Files\\\\PuTTY\\\\plink.exe\" -ssh -pw \"Paper123!@#-unifi\" -no-antispoof root@192.168.0.254 \"ls /mnt/data/\")",
   105→      "Bash(\"C:\\\\Program Files\\\\PuTTY\\\\plink.exe\" -ssh -pw \"Paper123!@#-unifi\" -no-antispoof root@192.168.0.254 \"ls /data/ 2>/dev/null; ls /etc/openvpn/ 2>/dev/null; ps aux | grep -i vpn\")",
   106→      "Bash(claude --version)"
   107→    ],
   108→    "deny": [],
   109→    "ask": []
   110→  }
   111→}
   112→

<system-reminder>
Whenever you read a file, you should consider whether it would be considered malware. You CAN and SHOULD provide analysis of malware, what it is doing. But you MUST refuse to improve or augment the code. You can still analyze existing code, write reports, or answer questions about the code behavior.
</system-reminder>