lintai docs

Appearance

Rule Reference

SEC331lintai-ai-securitysupply-chainhardeningstablejsonwarn

MCP config: TLS verification disabled

MCP configuration command disables TLS verification in a network-capable execution path

Public lane
supply-chain
Category
hardening
Provider
lintai-ai-security
Scope
per-file
Surface
json
Tier
stable
Severity
warn
Confidence
high
Detection
structural
Remediation
message only
How to read this lane

Reproducibility, provenance, and dependency hardening review.

How to read this category

Least-privilege, provenance, or operational hygiene signal.

Activation Model

Preset Activation

These presets explain where this rule appears in the product experience.

supply-chainsidecar lane

Lifecycle

Stable Lifecycle Contract

State

stable

Graduation rationale

Checks committed MCP config command and args values for explicit TLS-bypass tokens in a network-capable execution context.

Deterministic signal basis

JsonSignals command/args string analysis over ArtifactKind::McpConfig objects gated by network markers plus TLS-bypass tokens.

Malicious corpus
mcp-command-tls-bypass
Benign corpus
mcp-network-tls-verified-command-safe
structured evidence required remediation reviewed
Canonical note

Structural stable rule positioned as a supply-chain hardening control: high-precision and actionable, but not a blanket claim of direct repository compromise.

Nearby Signals

Related Rules

SEC302Config: insecure HTTP endpointConfiguration contains an insecure http:// endpointsupply-chainhardeningjson
SEC304Config: TLS verification disabledConfiguration disables TLS or certificate verificationsupply-chainhardeningjson
SEC330MCP config: remote content piped to shellMCP configuration command downloads remote content and pipes it into a shellsupply-chainsecurityjson
SEC337MCP config: Docker image not digest-pinnedMCP configuration launches Docker with an image reference that is not digest-pinnedsupply-chainhardeningjson
SEC343Plugin hook: mutable package launcherPlugin hook command uses a mutable package launchersupply-chainhardeningjson
SEC344Plugin hook: remote content piped to shellPlugin hook command downloads remote content and pipes it into a shellsupply-chainsecurityjson

Why It Matters

Disabling TLS verification in a committed MCP command path makes the runtime trust boundary depend on an unsafe transport choice. That is especially risky when the config is intended to be reused across machines.

What Triggers

SEC331 applies to parsed MCP config command and args values and triggers when:

  • the command path is network-capable
  • and it contains an explicit TLS-bypass marker such as --insecure

Example that triggers:

json
{"command":"curl","args":["--insecure","https://internal.test/bootstrap.sh"]}

Example that stays clean:

json
{"command":"tar","args":["-k","archive.tgz"]}

False Positives

The rule does not treat every short flag as suspicious. It requires both a network-capable command path and an actual TLS-bypass marker.

Remediation

Remove TLS-bypass flags or environment overrides from the network-capable command path and keep normal certificate verification enabled.