MCPcopy
hub / github.com/codeaashu/claude-code / checkEncodedCommand

Function checkEncodedCommand

src/tools/PowerShellTool/powershellSecurity.ts:166–180  ·  view source on GitHub ↗

* Checks for encoded command parameters which obscure intent. * These are commonly used in malware to bypass security tools.

(
  parsed: ParsedPowerShellCommand,
)

Source from the content-addressed store, hash-verified

164 * These are commonly used in malware to bypass security tools.
165 */
166function checkEncodedCommand(
167 parsed: ParsedPowerShellCommand,
168): PowerShellSecurityResult {
169 for (const cmd of getAllCommands(parsed)) {
170 if (isPowerShellExecutable(cmd.name)) {
171 if (psExeHasParamAbbreviation(cmd, '-encodedcommand', '-e')) {
172 return {
173 behavior: 'ask',
174 message: 'Command uses encoded parameters which obscure intent',
175 }
176 }
177 }
178 }
179 return { behavior: 'passthrough' }
180}
181
182/**
183 * Checks for PowerShell re-invocation (nested pwsh/powershell process).

Callers

nothing calls this directly

Calls 3

isPowerShellExecutableFunction · 0.85
getAllCommandsFunction · 0.50

Tested by

no test coverage detected