lintai docs

Appearance

Rule Reference

SEC311lintai-ai-securitycompatqualitystablejsonwarn

Cursor plugin: unsafe path traversal

Cursor plugin manifest contains an unsafe absolute or parent-traversing path

Public lane
compat
Category
quality
Provider
lintai-ai-security
Scope
per-file
Surface
json
Tier
stable
Severity
warn
Confidence
high
Detection
structural
Remediation
message only
How to read this lane

Config, schema, and policy contract review.

How to read this category

Contract, schema, or config correctness signal.

Activation Model

Preset Activation

These presets explain where this rule appears in the product experience.

compatsidecar lane
mcpsurface preset

Lifecycle

Stable Lifecycle Contract

State

stable

Graduation rationale

Matches absolute or parent-traversing paths in committed Cursor plugin manifest path fields.

Deterministic signal basis

JsonSignals plugin-manifest path observation limited to known plugin path fields.

Malicious corpus
cursor-plugin-unsafe-path
Benign corpus
cursor-plugin-safe-paths
structured evidence required remediation reviewed
Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC301MCP config: shell trampolineMCP configuration shells out through sh -c or bash -cthreat-reviewsecurityjson
SEC303MCP config: credential env passthroughMCP configuration passes through credential environment variablesgovernancehardeningjson
SEC305Config: hardcoded auth materialConfiguration embeds static authentication material in a connection or auth valuethreat-reviewsecurityjson
SEC309Config: literal secrets in configConfiguration commits literal secret material in env, auth, or header valuesthreat-reviewsecurityjson
SEC310Config: metadata or private-network hostConfiguration endpoint targets a metadata or private-network host literalthreat-reviewsecurityjson
SEC329MCP config: dynamic package launchMCP config launches an external package dynamically at runtimerecommendedsecurityjson

Why It Matters

Committed plugin manifests should keep referenced paths inside the plugin or repository boundary. Parent-traversing or absolute paths make the plugin depend on ambient filesystem layout in ways that are harder to review safely.

What Triggers

SEC311 applies to known Cursor plugin manifest path fields and triggers on absolute or parent-traversing paths.

Example that triggers:

json
{"skills":"../shared-skills","logo":"assets/logo.png"}

Example that stays clean:

json
{"skills":"./skills","logo":"assets/logo.png"}

False Positives

The rule is structural and limited to known plugin path fields. It does not flag every arbitrary string that happens to contain ../.

Remediation

Keep plugin manifest paths project-relative and inside the plugin root.