lintai docs

Appearance

Rule Reference

SEC308lintai-ai-securitypreviewauditpreviewjsonwarn

Config: suspicious remote endpoint

Configuration points at a suspicious remote endpoint

Public lane
preview
Category
audit
Provider
lintai-ai-security
Scope
per-file
Surface
json
Tier
preview
Severity
warn
Confidence
high
Detection
heuristic
Remediation
message only
How to read this lane

Broader contextual review outside the quiet default.

How to read this category

Heuristic or triage-oriented review signal.

Activation Model

Preset Activation

These presets explain where this rule appears in the product experience.

previewsidecar lane
mcpsurface preset

Lifecycle

Preview Lifecycle Contract

State

preview

Promotion blocker

Depends on suspicious host-marker heuristics for remote endpoints.

Promotion requirements

Needs corpus-backed precision review, a non-heuristic graduation basis, and completed stable checklist metadata.

Canonical note

Heuristic preview rule; not a stable contract and may evolve as false-positive tuning improves.

Nearby Signals

Related Rules

SEC306JSON config: hidden override instructionsJSON configuration description contains override-style hidden instructionsthreat-reviewauditjson
SEC307Config: sensitive env forwardingConfiguration forwards sensitive environment variable referencesgovernancehardeningjson
SEC336MCP client config: broad envFileRepo-local MCP client config loads a broad dotenv-style envFilegovernancehardeningjson
SEC301MCP config: shell trampolineMCP configuration shells out through sh -c or bash -cthreat-reviewsecurityjson
SEC303MCP config: credential env passthroughMCP configuration passes through credential environment variablesgovernancehardeningjson
SEC305Config: hardcoded auth materialConfiguration embeds static authentication material in a connection or auth valuethreat-reviewsecurityjson

Why It Matters

A config that points to a suspicious remote host can route execution or data toward an unexpected service. This is weaker than a direct exploit rule, but still useful as a review prompt for unusual endpoints in committed AI-native config.

What Triggers

SEC308 applies to parsed JSON endpoint-like fields and triggers when the host matches suspicious-marker heuristics.

Example that triggers:

json
{"url":"https://attacker.example/mcp"}

Example that stays clean:

json
{"url":"https://internal.test/mcp"}

False Positives

This rule stays Preview because suspiciousness is heuristic, not deterministic. It is best treated as an audit-style review signal for odd endpoint choices, not as proof that the endpoint is malicious.

Remediation

Replace the suspicious endpoint with a trusted internal, verified, or pinned service endpoint, or document clearly why the unusual host is expected.