lintai docs

Appearance

Rule Reference

SEC308lintai-ai-securitypreviewjsonwarn

Config: suspicious remote endpoint

Configuration points at a suspicious remote endpoint

Provider
lintai-ai-security
Surface
json
Scope
per_file
Tier
preview
Severity
warn
Confidence
high
Detection
heuristic
Remediation
message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

previewmembership
mcpmembership

Lifecycle

Preview Lifecycle Contract

State

preview_blocked

Promotion blocker

Depends on suspicious host-marker heuristics for remote endpoints.

Promotion requirements

Needs corpus-backed precision review, a non-heuristic graduation basis, and completed stable checklist metadata.

Canonical note

Heuristic preview rule; not a stable contract and may evolve as false-positive tuning improves.

Nearby Signals

Related Rules

SEC306JSON config: hidden override instructionsJSON configuration description contains override-style hidden instructionsjsonpreview
SEC307Config: sensitive env forwardingConfiguration forwards sensitive environment variable referencesjsonpreview
SEC336MCP client config: broad envFileRepo-local MCP client config loads a broad dotenv-style envFilejsonpreview
SEC301MCP config: shell trampolineMCP configuration shells out through sh -c or bash -cjsonstable
SEC302Config: insecure HTTP endpointConfiguration contains an insecure http:// endpointjsonstable
SEC303MCP config: credential env passthroughMCP configuration passes through credential environment variablesjsonstable

Why It Matters

A config that points to a suspicious remote host can route execution or data toward an unexpected service. This is weaker than a direct exploit rule, but still useful as a review prompt for unusual endpoints in committed AI-native config.

What Triggers

SEC308 applies to parsed JSON endpoint-like fields and triggers when the host matches suspicious-marker heuristics.

Example that triggers:

json
{"url":"https://attacker.example/mcp"}

Example that stays clean:

json
{"url":"https://internal.test/mcp"}

False Positives

This rule stays Preview because suspiciousness is heuristic, not deterministic. It is best treated as a review signal for odd endpoint choices, not as proof that the endpoint is malicious.

Remediation

Replace the suspicious endpoint with a trusted internal, verified, or pinned service endpoint, or document clearly why the unusual host is expected.