Problem
The MCP CLI installer paths build shell command strings by concatenating resolved executable paths and project-derived script paths, then pass the result to bash -c or cmd.exe /c.
Project paths and executable paths are not shell-escaped before interpolation.
Evidence
Editor/MCPCliInstaller.cs:309-316 wraps the caller-built command string in bash -c "..." or cmd.exe /c "...".
Editor/MCPCliInstaller.Codex.cs:36-40 concatenates codexPath, pythonPath, and scriptPath into shell commands.
Editor/MCPCliInstaller.ClaudeCode.cs:39-43 uses the same pattern for Claude Code.
Editor/MCPCliInstaller.Gemini.cs:33-38 uses the same pattern for Gemini and includes --trust in the add command.
scriptPath comes from the Unity project location, so it can include shell metacharacters if the checkout directory is named maliciously or unusually.
Impact
A project checked out into a path containing quotes or shell metacharacters can break out of the intended command and execute unintended shell syntax when the user runs the integration link action. This affects Codex, Claude Code, and Gemini installer flows.
Suggested fix
Avoid shell wrapping. Use ProcessStartInfo.FileName plus ArgumentList for each executable and argument. If a shell is unavoidable, centralize platform-correct escaping and cover paths containing quotes, spaces, $(), backticks, semicolons, ampersands, pipes, and Windows metacharacters.
Source report
Imported from audit report items:
security (11) / Editor/MCPCliInstaller.cs:309
security (11) / Editor/MCPCliInstaller.Codex.cs:40
security (11) / Editor/MCPCliInstaller.ClaudeCode.cs:43
security (11) / Editor/MCPCliInstaller.Gemini.cs:37
These were combined because all four entries describe the same shell command construction root cause.
Problem
The MCP CLI installer paths build shell command strings by concatenating resolved executable paths and project-derived script paths, then pass the result to
bash -corcmd.exe /c.Project paths and executable paths are not shell-escaped before interpolation.
Evidence
Editor/MCPCliInstaller.cs:309-316wraps the caller-built command string inbash -c "..."orcmd.exe /c "...".Editor/MCPCliInstaller.Codex.cs:36-40concatenatescodexPath,pythonPath, andscriptPathinto shell commands.Editor/MCPCliInstaller.ClaudeCode.cs:39-43uses the same pattern for Claude Code.Editor/MCPCliInstaller.Gemini.cs:33-38uses the same pattern for Gemini and includes--trustin the add command.scriptPathcomes from the Unity project location, so it can include shell metacharacters if the checkout directory is named maliciously or unusually.Impact
A project checked out into a path containing quotes or shell metacharacters can break out of the intended command and execute unintended shell syntax when the user runs the integration link action. This affects Codex, Claude Code, and Gemini installer flows.
Suggested fix
Avoid shell wrapping. Use
ProcessStartInfo.FileNameplusArgumentListfor each executable and argument. If a shell is unavoidable, centralize platform-correct escaping and cover paths containing quotes, spaces,$(), backticks, semicolons, ampersands, pipes, and Windows metacharacters.Source report
Imported from audit report items:
security (11)/Editor/MCPCliInstaller.cs:309security (11)/Editor/MCPCliInstaller.Codex.cs:40security (11)/Editor/MCPCliInstaller.ClaudeCode.cs:43security (11)/Editor/MCPCliInstaller.Gemini.cs:37These were combined because all four entries describe the same shell command construction root cause.