lintai docs

Appearance

Preset Reference

sidecar lanedirect activation140 direct rules

threat-review

Explicit threat-review rules for malicious, credential-bearing, or spyware-like behavior that should stay opt-in instead of shaping the quiet default.

Explicit malicious-behavior and spyware-like review.

Explicitly turns on this rule set.

Coverage

Covered Rules

SEC101HTML comment: dangerous instructionsHidden HTML comment contains dangerous agent instructionsthreat-reviewauditmarkdown
SEC102Markdown: remote execution instructionMarkdown contains remote download-and-execute instruction outside code blocksthreat-reviewauditmarkdown
SEC103HTML comment: remote execution instructionHidden HTML comment contains remote download-and-execute instructionthreat-reviewauditmarkdown
SEC104Markdown: base64 executable payloadMarkdown contains a base64-decoded executable payload outside code blocksthreat-reviewauditmarkdown
SEC105Markdown: parent-directory file accessMarkdown instructions reference parent-directory traversal for file accessthreat-reviewauditmarkdown
SEC201Hook script: remote code executionHook script downloads remote code and executes itthreat-reviewsecurityhook
SEC202Hook script: secret exfiltrationHook script appears to exfiltrate secrets through a network callthreat-reviewsecurityhook
SEC203Hook script: insecure HTTP secret sendHook script sends secret material to an insecure http:// endpointthreat-reviewsecurityhook
SEC204Hook script: TLS verification disabledHook script disables TLS or certificate verification for a network callthreat-reviewsecurityhook
SEC205Hook script: hardcoded auth in network callHook script embeds static authentication material in a network callthreat-reviewsecurityhook
SEC206Hook script: base64 payload executionHook script decodes a base64 payload and executes itthreat-reviewsecurityhook
SEC301MCP config: shell trampolineMCP configuration shells out through sh -c or bash -cthreat-reviewsecurityjson
SEC305Config: hardcoded auth materialConfiguration embeds static authentication material in a connection or auth valuethreat-reviewsecurityjson
SEC306JSON config: hidden override instructionsJSON configuration description contains override-style hidden instructionsthreat-reviewauditjson
SEC309Config: literal secrets in configConfiguration commits literal secret material in env, auth, or header valuesthreat-reviewsecurityjson
SEC310Config: metadata or private-network hostConfiguration endpoint targets a metadata or private-network host literalthreat-reviewsecurityjson
SEC312Markdown: private key materialMarkdown contains committed private key materialthreat-reviewsecuritymarkdown
SEC313Shell example: remote content piped to shellFenced shell example pipes remote content directly into a shellthreat-reviewauditmarkdown
SEC321server.json remotes: literal auth headerserver.json remotes header commits literal authentication materialthreat-reviewsecurityserver_json
SEC335AI markdown: metadata-service accessAI-native markdown contains a direct cloud metadata-service access examplethreat-reviewauditmarkdown
SEC338MCP config: sensitive host bind mountMCP configuration launches Docker with a bind mount of sensitive host materialthreat-reviewsecurityjson
SEC339MCP config: privileged Docker flagsMCP configuration launches Docker with a host-escape or privileged runtime flagthreat-reviewsecurityjson
SEC349AI markdown: privileged Docker patternAI-native markdown Docker example uses a host-escape or privileged runtime patternthreat-reviewauditmarkdown
SEC350Instruction markdown: untrusted content promotedInstruction markdown promotes untrusted external content to developer/system-level instructionsthreat-reviewauditmarkdown
SEC351AI instruction: disables user approvalAI-native instruction explicitly disables user approval or confirmationthreat-reviewauditmarkdown
SEC422MCP config: sudo commandMCP configuration launches the server through `sudo`threat-reviewsecurityjson
SEC446MCP config: sudo first argumentMCP configuration passes `sudo` as the first launch argumentthreat-reviewsecurityjson
SEC633Hook script: destructive root deletionHook script attempts destructive root deletionthreat-reviewsecurityhook
SEC634Hook script: password file accessHook script accesses a sensitive system password filethreat-reviewsecurityhook
SEC635Hook script: shell profile writeHook script writes to a shell profile startup filethreat-reviewsecurityhook
SEC636Hook script: authorized_keys writeHook script writes to SSH authorized_keysthreat-reviewsecurityhook
SEC637MCP config: destructive root deletionMCP configuration command attempts destructive root deletionthreat-reviewsecurityjson
SEC638MCP config: password file accessMCP configuration command accesses a sensitive system password filethreat-reviewsecurityjson
SEC639MCP config: shell profile writeMCP configuration command writes to a shell profile startup filethreat-reviewsecurityjson
SEC640MCP config: authorized_keys writeMCP configuration command writes to SSH authorized_keysthreat-reviewsecurityjson
SEC641Claude settings: command hook root deletionClaude settings command hook attempts destructive root deletionthreat-reviewsecurityclaude_settings
SEC642Claude settings: command hook password file accessClaude settings command hook accesses a sensitive system password filethreat-reviewsecurityclaude_settings
SEC643Claude settings: command hook shell profile writeClaude settings command hook writes to a shell profile startup filethreat-reviewsecurityclaude_settings
SEC644Claude settings: command hook authorized_keys writeClaude settings command hook writes to SSH authorized_keysthreat-reviewsecurityclaude_settings
SEC645Plugin hook: destructive root deletionPlugin hook command attempts destructive root deletionthreat-reviewsecurityjson
SEC646Plugin hook: password file accessPlugin hook command accesses a sensitive system password filethreat-reviewsecurityjson
SEC647Plugin hook: shell profile writePlugin hook command writes to a shell profile startup filethreat-reviewsecurityjson
SEC648Plugin hook: authorized_keys writePlugin hook command writes to SSH authorized_keysthreat-reviewsecurityjson
SEC649Hook script: cron persistenceHook script manipulates cron persistencethreat-reviewsecurityhook
SEC650Hook script: systemd persistenceHook script registers a systemd service or unit for persistencethreat-reviewsecurityhook
SEC651Hook script: launchd persistenceHook script registers a launchd plist for persistencethreat-reviewsecurityhook
SEC652MCP config: cron persistenceMCP configuration command manipulates cron persistencethreat-reviewsecurityjson
SEC653MCP config: systemd persistenceMCP configuration command registers a systemd service or unit for persistencethreat-reviewsecurityjson
SEC654MCP config: launchd persistenceMCP configuration command registers a launchd plist for persistencethreat-reviewsecurityjson
SEC655Claude settings: command hook cron persistenceClaude settings command hook manipulates cron persistencethreat-reviewsecurityclaude_settings
SEC656Claude settings: command hook systemd persistenceClaude settings command hook registers a systemd service or unit for persistencethreat-reviewsecurityclaude_settings
SEC657Claude settings: command hook launchd persistenceClaude settings command hook registers a launchd plist for persistencethreat-reviewsecurityclaude_settings
SEC658Plugin hook: cron persistencePlugin hook command manipulates cron persistencethreat-reviewsecurityjson
SEC659Plugin hook: systemd persistencePlugin hook command registers a systemd service or unit for persistencethreat-reviewsecurityjson
SEC660Plugin hook: launchd persistencePlugin hook command registers a launchd plist for persistencethreat-reviewsecurityjson
SEC661Hook script: insecure chmodHook script performs an insecure permission changethreat-reviewsecurityhook
SEC662Hook script: setuid or setgid manipulationHook script manipulates setuid or setgid permissionsthreat-reviewsecurityhook
SEC663Hook script: Linux capability manipulationHook script manipulates Linux capabilitiesthreat-reviewsecurityhook
SEC664MCP config: insecure chmodMCP configuration command performs an insecure permission changethreat-reviewsecurityjson
SEC665MCP config: setuid or setgid manipulationMCP configuration command manipulates setuid or setgid permissionsthreat-reviewsecurityjson
SEC666MCP config: Linux capability manipulationMCP configuration command manipulates Linux capabilitiesthreat-reviewsecurityjson
SEC667Claude settings: command hook insecure chmodClaude settings command hook performs an insecure permission changethreat-reviewsecurityclaude_settings
SEC668Claude settings: command hook setuid or setgid manipulationClaude settings command hook manipulates setuid or setgid permissionsthreat-reviewsecurityclaude_settings
SEC669Claude settings: command hook Linux capability manipulationClaude settings command hook manipulates Linux capabilitiesthreat-reviewsecurityclaude_settings
SEC670Plugin hook: insecure chmodPlugin hook command performs an insecure permission changethreat-reviewsecurityjson
SEC671Plugin hook: setuid or setgid manipulationPlugin hook command manipulates setuid or setgid permissionsthreat-reviewsecurityjson
SEC672Plugin hook: Linux capability manipulationPlugin hook command manipulates Linux capabilitiesthreat-reviewsecurityjson
SEC673Hook script: webhook secret exfiltrationHook script posts secret material to a webhook endpointthreat-reviewsecurityhook
SEC674MCP config: secret exfiltrationMCP configuration command appears to send secret material over the networkthreat-reviewsecurityjson
SEC675MCP config: insecure HTTP secret sendMCP configuration command sends secret material to an insecure http:// endpointthreat-reviewsecurityjson
SEC676MCP config: webhook secret exfiltrationMCP configuration command posts secret material to a webhook endpointthreat-reviewsecurityjson
SEC677Claude settings: secret exfiltration hookClaude settings command hook appears to send secret material over the networkthreat-reviewsecurityclaude_settings
SEC678Claude settings: insecure HTTP secret sendClaude settings command hook sends secret material to an insecure http:// endpointthreat-reviewsecurityclaude_settings
SEC679Claude settings: webhook secret exfiltrationClaude settings command hook posts secret material to a webhook endpointthreat-reviewsecurityclaude_settings
SEC680Plugin hook: secret exfiltrationPlugin hook command appears to send secret material over the networkthreat-reviewsecurityjson
SEC681Plugin hook: insecure HTTP secret sendPlugin hook command sends secret material to an insecure http:// endpointthreat-reviewsecurityjson
SEC682Plugin hook: webhook secret exfiltrationPlugin hook command posts secret material to a webhook endpointthreat-reviewsecurityjson
SEC683Hook script: sensitive file exfiltrationHook script transfers a sensitive credential file to a remote destinationthreat-reviewsecurityhook
SEC684MCP config: sensitive file exfiltrationMCP configuration command transfers a sensitive credential file to a remote destinationthreat-reviewsecurityjson
SEC685Claude settings: sensitive file exfiltration hookClaude settings command hook transfers a sensitive credential file to a remote destinationthreat-reviewsecurityclaude_settings
SEC686Plugin hook: sensitive file exfiltrationPlugin hook command transfers a sensitive credential file to a remote destinationthreat-reviewsecurityjson
SEC687Hook script: clipboard readHook script reads local clipboard contentsthreat-reviewsecurityhook
SEC688Hook script: browser credential store accessHook script accesses browser credential or cookie storesthreat-reviewsecurityhook
SEC689MCP config: clipboard readMCP configuration command reads local clipboard contentsthreat-reviewsecurityjson
SEC690MCP config: browser credential store accessMCP configuration command accesses browser credential or cookie storesthreat-reviewsecurityjson
SEC691Claude settings: clipboard read hookClaude settings command hook reads local clipboard contentsthreat-reviewsecurityclaude_settings
SEC692Claude settings: browser credential store access hookClaude settings command hook accesses browser credential or cookie storesthreat-reviewsecurityclaude_settings
SEC693Plugin hook: clipboard readPlugin hook command reads local clipboard contentsthreat-reviewsecurityjson
SEC694Plugin hook: browser credential store accessPlugin hook command accesses browser credential or cookie storesthreat-reviewsecurityjson
SEC695Hook script: clipboard exfiltrationHook script exfiltrates clipboard contents over the networkthreat-reviewsecurityhook
SEC696Hook script: browser credential store exfiltrationHook script exfiltrates browser credential or cookie store datathreat-reviewsecurityhook
SEC697MCP config: clipboard exfiltrationMCP configuration command exfiltrates clipboard contents over the networkthreat-reviewsecurityjson
SEC698MCP config: browser credential store exfiltrationMCP configuration command exfiltrates browser credential or cookie store datathreat-reviewsecurityjson
SEC699Claude settings: clipboard exfiltration hookClaude settings command hook exfiltrates clipboard contents over the networkthreat-reviewsecurityclaude_settings
SEC700Claude settings: browser credential store exfiltration hookClaude settings command hook exfiltrates browser credential or cookie store datathreat-reviewsecurityclaude_settings
SEC701Plugin hook: clipboard exfiltrationPlugin hook command exfiltrates clipboard contents over the networkthreat-reviewsecurityjson
SEC702Plugin hook: browser credential store exfiltrationPlugin hook command exfiltrates browser credential or cookie store datathreat-reviewsecurityjson
SEC703Hook script: screen captureHook script captures a screenshot or desktop imagethreat-reviewsecurityhook
SEC704Hook script: screen capture exfiltrationHook script captures and exfiltrates a screenshot or desktop imagethreat-reviewsecurityhook
SEC705MCP config: screen captureMCP configuration command captures a screenshot or desktop imagethreat-reviewsecurityjson
SEC706MCP config: screen capture exfiltrationMCP configuration command captures and exfiltrates a screenshot or desktop imagethreat-reviewsecurityjson
SEC707Claude settings: screen capture hookClaude settings command hook captures a screenshot or desktop imagethreat-reviewsecurityclaude_settings
SEC708Claude settings: screen capture exfiltration hookClaude settings command hook captures and exfiltrates a screenshot or desktop imagethreat-reviewsecurityclaude_settings
SEC709Plugin hook: screen capturePlugin hook command captures a screenshot or desktop imagethreat-reviewsecurityjson
SEC710Plugin hook: screen capture exfiltrationPlugin hook command captures and exfiltrates a screenshot or desktop imagethreat-reviewsecurityjson
SEC711Hook script: camera captureHook script captures a camera image or webcam streamthreat-reviewsecurityhook
SEC712Hook script: microphone captureHook script records microphone or audio inputthreat-reviewsecurityhook
SEC713Hook script: camera capture exfiltrationHook script captures and exfiltrates camera or webcam datathreat-reviewsecurityhook
SEC714Hook script: microphone capture exfiltrationHook script records and exfiltrates microphone or audio inputthreat-reviewsecurityhook
SEC715MCP config: camera captureMCP configuration command captures a webcam or camera imagethreat-reviewsecurityjson
SEC716MCP config: microphone captureMCP configuration command captures microphone audiothreat-reviewsecurityjson
SEC717MCP config: camera capture exfiltrationMCP configuration command captures and exfiltrates webcam or camera datathreat-reviewsecurityjson
SEC718MCP config: microphone capture exfiltrationMCP configuration command captures and exfiltrates microphone audiothreat-reviewsecurityjson
SEC719Claude settings: camera capture hookClaude settings command hook captures a webcam or camera imagethreat-reviewsecurityclaude_settings
SEC720Claude settings: microphone capture hookClaude settings command hook captures microphone audiothreat-reviewsecurityclaude_settings
SEC721Claude settings: camera capture exfiltration hookClaude settings command hook captures and exfiltrates webcam or camera datathreat-reviewsecurityclaude_settings
SEC722Claude settings: microphone capture exfiltration hookClaude settings command hook captures and exfiltrates microphone audiothreat-reviewsecurityclaude_settings
SEC723Plugin hook: camera capturePlugin hook command captures a webcam or camera imagethreat-reviewsecurityjson
SEC724Plugin hook: microphone capturePlugin hook command captures microphone audiothreat-reviewsecurityjson
SEC725Plugin hook: camera capture exfiltrationPlugin hook command captures and exfiltrates webcam or camera datathreat-reviewsecurityjson
SEC726Plugin hook: microphone capture exfiltrationPlugin hook command captures and exfiltrates microphone audiothreat-reviewsecurityjson
SEC727Hook script: keylogger captureHook script captures keystrokes or keyboard inputthreat-reviewsecurityhook
SEC728Hook script: keylogger exfiltrationHook script captures and exfiltrates keystrokes or keyboard inputthreat-reviewsecurityhook
SEC729MCP config: keylogger captureMCP configuration command captures keystrokes or keyboard inputthreat-reviewsecurityjson
SEC730MCP config: keylogger exfiltrationMCP configuration command captures and exfiltrates keystrokes or keyboard inputthreat-reviewsecurityjson
SEC731Claude settings: keylogger capture hookClaude settings command hook captures keystrokes or keyboard inputthreat-reviewsecurityclaude_settings
SEC732Claude settings: keylogger exfiltration hookClaude settings command hook captures and exfiltrates keystrokes or keyboard inputthreat-reviewsecurityclaude_settings
SEC733Plugin hook: keylogger capturePlugin hook command captures keystrokes or keyboard inputthreat-reviewsecurityjson
SEC734Plugin hook: keylogger exfiltrationPlugin hook command captures and exfiltrates keystrokes or keyboard inputthreat-reviewsecurityjson
SEC735Hook script: environment dumpHook script dumps environment variables or shell statethreat-reviewsecurityhook
SEC736Hook script: environment dump exfiltrationHook script dumps and exfiltrates environment variables or shell statethreat-reviewsecurityhook
SEC737MCP config: environment dumpMCP configuration command dumps environment variables or shell statethreat-reviewsecurityjson
SEC738MCP config: environment dump exfiltrationMCP configuration command dumps and exfiltrates environment variables or shell statethreat-reviewsecurityjson
SEC739Claude settings: environment dump hookClaude settings command hook dumps environment variables or shell statethreat-reviewsecurityclaude_settings
SEC740Claude settings: environment dump exfiltration hookClaude settings command hook dumps and exfiltrates environment variables or shell statethreat-reviewsecurityclaude_settings
SEC741Plugin hook: environment dumpPlugin hook command dumps environment variables or shell statethreat-reviewsecurityjson
SEC742Plugin hook: environment dump exfiltrationPlugin hook command dumps and exfiltrates environment variables or shell statethreat-reviewsecurityjson
SEC748Docker Compose: privileged service runtimeDocker Compose service enables privileged container runtime or host namespace accessthreat-reviewsecuritydocker-compose
SEC754Devcontainer: host-side initializeCommandDevcontainer config defines a host-side initializeCommandthreat-reviewsecuritydevcontainer
SEC755Devcontainer: sensitive local bind mountDevcontainer config bind-mounts sensitive local host materialthreat-reviewsecuritydevcontainer

What This Preset Enables

The threat-review preset enables explicit opt-in rules for malicious, credential-bearing, or spyware-like behavior that is useful to detect, but too aggressive to present as part of the quiet default or the softer preview lane.

This includes patterns such as:

  • committed hooks or command configs that exfiltrate secrets, dump environments, or execute remote payloads
  • committed MCP, plugin-hook, or Claude hook commands that attempt persistence, privilege escalation, or device capture
  • instruction surfaces that carry overtly dangerous hidden directives, inline execution payloads, or committed secret-bearing examples

When To Use It

Use it when you want an explicit malicious-behavior review pass on top of the normal product experience, especially for red-team-style audits, suspicious repos, or security triage where spyware-like and post-exploitation patterns should be surfaced intentionally.

Tradeoffs

These rules are strong and useful, but they are intentionally more forceful than the main preview lane. Keeping them explicit helps lintai stay honest with the community about what belongs in the quiet default, what belongs in broader review, and what belongs in a dedicated threat-review pass.