🔒 Fix Command Injection vulnerability in HTTP tool

[undivisible]

🎯 What: The http_request MCP tool previously accepted user-provided arguments and interpolated them into a curl shell command using std::process::Command. This allowed for argument injection and potentially more severe side effects. The fix replaces the system command invocation with the Rust native HTTP client reqwest.
⚠️ Risk: A malicious actor (or compromised LLM output) could use argument injection to execute unintended curl behavior. For instance, an attacker could supply -o /some/file or --config to manipulate the underlying system, leading to unauthorized state modification or potential escalation.
🛡️ Solution: System command execution was entirely removed for HTTP requests. By adding the "blocking" feature to the reqwest dependency and refactoring http_request to construct requests with reqwest::blocking::Client, input arguments are isolated from any shell or subprocess context. This securely transforms the tool and natively manages HTTP interaction, preserving its functionality without the injection risk.

---

PR created automatically by Jules for task 8575220059402257860 started by @undivisible

[google-labs-jules]

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

---

For security, I will only act on instructions from the user who triggered this task.

[ecc-tools]

Analyzing 200 commits...

[ecc-tools]

Analysis Complete

Generated ECC bundle from 1 commits | Confidence: 50%

View Pull Request #16

Repository Profile

Attribute	Value
Language	Rust
Framework	Rust
Commit Convention	freeform
Test Directory	separate

Changed Files (3)

Metric	Value
Files changed	3
Additions	57
Deletions	17

Top hotspots

Path	Status	+/-
crates/poke-around/src/mcp.rs	modified	+45 / -16
Cargo.lock	modified	+11 / -0
Cargo.toml	modified	+1 / -1

Top directories

Directory	Files	Total changes
crates/poke-around/src	1	61
.	2	13

Analysis Depth Readiness (commit-history, 7%)

ECC Tools uses this to decide whether recommendations should stay at commit-history/setup guidance or expand into CI, security, harness, reference-set, AI-routing, and team backlog work.

Area	Status	Evidence / Next Step
Commit history	Partial	1 commits sampled
CI/CD signals	Missing	Add workflow files or CI troubleshooting evidence so ECC Tools can reason about pipeline setup.
Security evidence	Missing	Add AgentShield, audit, SARIF, SBOM, or security review evidence so recommendations can cover security posture.
Harness configuration	Missing	Add Claude, Codex, OpenCode, Zed, dmux, MCP, plugin, or cross-harness config evidence for harness-agnostic recommendations.
Reference/eval evidence	Missing	Add fixtures, golden traces, reference sets, or evaluator benchmarks so deeper recommendations have regression evidence.
AI routing and cost controls	Missing	Add model-routing, budget, usage, or cost-control files before relying on AI-heavy automation recommendations.
Team handoff and project tracking	Missing	Add roadmap, runbook, project, Linear, or follow-up tracking docs so generated work can land in a team queue.

Reference Set Readiness (0/7, 0%)

Area	Status	Evidence / Next Step
Deep analyzer corpus	Missing	Add analyzer fixture, golden, benchmark, or reference-set files that can catch analyzer regressions.
RAG/evaluator comparison	Missing	Add retrieval or evaluator reference-set comparison fixtures with expected ranking behavior.
PR salvage/review corpus	Missing	Add stale-PR, review-thread, reopen-flow, or salvage reference cases for queue cleanup automation.
Discussion triage corpus	Missing	Add public discussion triage fixtures, golden cases, or reference sets for informational, answered, and no-response classifications.
Harness compatibility	Missing	Add cross-harness, adapter-compliance, or harness-audit evidence for Claude, Codex, OpenCode, Zed, dmux, and agent surfaces.
Security evidence	Missing	Attach security evidence such as SBOMs, SARIF, audit reports, or AgentShield evidence packs.
CI failure-mode evidence	Missing	Add captured CI failure logs, dry-run fixtures, or troubleshooting docs for common workflow failure modes.

Likely Future Issues (1)

Severity	Signal	Why it may show up
HIGH	Security-sensitive changes may ship without scanner evidence	1 security-sensitive paths changed; 0 security scanner or security-focused validation artifacts changed

• Security-sensitive changes may ship without scanner evidence: The PR touches billing, secrets, auth, webhooks, agent, or CI-sensitive surfaces without adding obvious security scanner, code scanning, or security-focused validation evidence.

Suggested Follow-up Work (1)

Type	Suggested title	Targets
PR	security: add scanner evidence for crates/poke-around/src/mcp.rs	crates/poke-around/src/mcp.rs

• security: add scanner evidence for crates/poke-around/src/mcp.rs: Backfill explicit scanner or code-scanning evidence before another security-sensitive change lands on the touched surface.

Copy-ready bodies

security: add scanner evidence for crates/poke-around/src/mcp.rs

## Summary
- Add security scanner or code-scanning evidence for the recently changed security-sensitive surface.

## Why
- Backfill explicit scanner or code-scanning evidence before another security-sensitive change lands on the touched surface.

## Touched paths
- `crates/poke-around/src/mcp.rs`

## Validation
- Run or add the relevant security scanner, code scanning, secret scanning, or dependency/security review check for the touched surface.
- Attach the scanner output, SARIF/code-scanning result, or focused security regression test to the follow-up PR.
- Confirm the changed auth, billing, webhook, secret-handling, agent, or CI surface has an explicit pass/fail gate.

Generated Instincts (14)

Domain	Count
git	3
code-style	9
testing	2

After merging, import with:

/instinct-import .claude/homunculus/instincts/inherited/poke-around-instincts.yaml

Files

• .claude/ecc-tools.json
• .claude/skills/poke-around/SKILL.md
• .agents/skills/poke-around/SKILL.md
• .agents/skills/poke-around/agents/openai.yaml
• .claude/identity.json
• .codex/config.toml
• .codex/AGENTS.md
• .codex/agents/explorer.toml
• .codex/agents/reviewer.toml
• .codex/agents/docs-researcher.toml
• .claude/homunculus/instincts/inherited/poke-around-instincts.yaml

---

_{ECC Tools | Everything Claude Code}