lintai docs

Appearance

Rule Reference

SEC310lintai-ai-securitythreat-reviewsecuritystablejsonwarn

Config: metadata or private-network host

Configuration endpoint targets a metadata or private-network host literal

Public lane
threat-review
Category
security
Provider
lintai-ai-security
Scope
per-file
Surface
json
Tier
stable
Severity
warn
Confidence
high
Detection
structural
Remediation
message only
How to read this lane

Explicit malicious, secret-bearing, or spyware-like review.

How to read this category

Strong exploit, secret, or unsafe-execution signal.

Activation Model

Preset Activation

These presets explain where this rule appears in the product experience.

threat-reviewsidecar lane
mcpsurface preset

Lifecycle

Stable Lifecycle Contract

State

stable

Graduation rationale

Matches explicit metadata-service or private-network host literals in endpoint-like configuration values and is best reviewed as an overt threat-review signal rather than a softer middle-lane prompt.

Deterministic signal basis

JsonSignals endpoint-host extraction over URL-like endpoint fields with metadata/private-host classification.

Malicious corpus
mcp-metadata-host-literal
Benign corpus
mcp-public-endpoint-safe
structured evidence required remediation reviewed
Canonical note

Structural stable rule positioned as an explicit threat-review control: high-signal malicious, credential-bearing, or spyware-like behavior that stays opt-in rather than shaping the quiet default.

Nearby Signals

Related Rules

SEC301MCP config: shell trampolineMCP configuration shells out through sh -c or bash -cthreat-reviewsecurityjson
SEC305Config: hardcoded auth materialConfiguration embeds static authentication material in a connection or auth valuethreat-reviewsecurityjson
SEC309Config: literal secrets in configConfiguration commits literal secret material in env, auth, or header valuesthreat-reviewsecurityjson
SEC338MCP config: sensitive host bind mountMCP configuration launches Docker with a bind mount of sensitive host materialthreat-reviewsecurityjson
SEC339MCP config: privileged Docker flagsMCP configuration launches Docker with a host-escape or privileged runtime flagthreat-reviewsecurityjson
SEC422MCP config: sudo commandMCP configuration launches the server through `sudo`threat-reviewsecurityjson

Why It Matters

Metadata-service and private-network host literals are high-signal indicators that a config is pointing at infrastructure-local or cloud-instance surfaces rather than an ordinary public service.

What Triggers

SEC310 applies to parsed JSON endpoint-like values and triggers when the host is a metadata or private-network literal.

Example that triggers:

json
{"url":"https://169.254.169.254/latest/meta-data"}

Example that stays clean:

json
{"url":"https://api.example.com/mcp"}

False Positives

This is a structural host-classification rule, not a prose heuristic. The main question is intent, not precision: sometimes the config is intentionally meant for local infrastructure access, but the signal is strong enough that it now lives in threat-review rather than the softer general preview lane.

Remediation

Replace metadata or private-network host literals with a trusted public endpoint or a local stdio transport if the integration does not truly require infrastructure-local access.