Rule Reference

SEC578lintai-ai-securitygovernancehardeningstablejsonwarn

MCP config: Grep unsafe path auto-approve

MCP configuration auto-approves `Grep(...)` over an unsafe path through `autoApprove`

Public lane: governance
Category: hardening
Provider: lintai-ai-security
Scope: per-file
Surface: json
Tier: stable
Severity: warn
Confidence: high
Detection: structural
Remediation: message only

How to read this lane

Shared authority and workflow policy review.

How to read this category

Least-privilege, provenance, or operational hygiene signal.

Activation Model

Preset Activation

These presets explain where this rule appears in the product experience.

governancesidecar lane

mcpsurface preset

Lifecycle

Stable Lifecycle Contract

State

stable

Graduation rationale

Matches exact unsafe-path `Grep(...)` auto-approval in MCP client config.

Deterministic signal basis

JsonSignals exact array-item predicate detection for `autoApprove` entries where `Grep(...)` targets an absolute, home-relative, parent-traversing, or drive-qualified path.

Malicious corpus

mcp-autoapprove-unsafe-path-family

Benign corpus

mcp-autoapprove-unsafe-path-family-specific-safe

structured evidence required remediation reviewed

Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC303MCP config: credential env passthroughMCP configuration passes through credential environment variablesgovernancehardeningjson

SEC394MCP config: wildcard auto-approveMCP configuration auto-approves all tools with `autoApprove: ["*"]`governancehardeningjson

SEC395MCP config: autoApproveTools trueMCP configuration auto-approves all tools with `autoApproveTools: true`governancehardeningjson

SEC396MCP config: trustTools trueMCP configuration fully trusts tools with `trustTools: true`governancehardeningjson

SEC397MCP config: sandbox disabledMCP configuration disables sandboxing with `sandbox: false` or `disableSandbox: true`governancehardeningjson

SEC398MCP config: wildcard capabilitiesMCP configuration grants all capabilities with `capabilities: ["*"]` or `capabilities: "*"`governancehardeningjson

SEC578 / MCP-AUTOAPPROVE-GREP-UNSAFE-PATH

SEC578 flags MCP configuration when autoApprove includes Grep(...) with an absolute, home-relative, parent-traversing, or drive-qualified path.

Why It Matters

Unsafe Grep(...) scopes widen content search beyond repository-scoped expectations. Auto-approving them removes review from broad inspection authority.

Trigger Shape

the file is a detected MCP configuration surface
autoApprove is a string array
an entry matches Grep(...)
the inner path is absolute, home-relative, parent-traversing, or drive-qualified

How To Fix

Replace unsafe Grep(...) auto-approval with repository-scoped allowlists or remove it from shared auto-approval.

MCP config: Grep unsafe path auto-approve

Preset Activation

Stable Lifecycle Contract

Related Rules

SEC578 / MCP-AUTOAPPROVE-GREP-UNSAFE-PATH ​

Why It Matters ​

Trigger Shape ​

How To Fix ​

SEC578 / MCP-AUTOAPPROVE-GREP-UNSAFE-PATH

Why It Matters

Trigger Shape

How To Fix