lintai docs

Appearance

Rule Reference

SEC400lintai-ai-securitystableclaude_settingswarn

Claude settings: shared enabledMcpjsonServers

Claude settings enable `enabledMcpjsonServers` in a shared committed config

Provider
lintai-ai-security
Surface
claude_settings
Scope
per_file
Tier
stable
Severity
warn
Confidence
high
Detection
structural
Remediation
message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

previewmembership
claudemembership

Lifecycle

Stable Lifecycle Contract

State

stable_gated

Graduation rationale

Checks shared committed Claude settings for exact `enabledMcpjsonServers` enablement.

Deterministic signal basis

ClaudeSettingsSignals exact non-empty `enabledMcpjsonServers` detection in parsed Claude settings JSON.

Malicious corpus
claude-settings-enabled-mcpjson-servers
Benign corpus
claude-settings-empty-enabled-mcpjson-servers-safe
structured evidence required remediation reviewed
Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC362Claude settings: wildcard Bash permissionsClaude settings permissions allow `Bash(*)` in a shared committed configclaude_settingsstable
SEC364Claude settings: bypassPermissions default modeClaude settings set `permissions.defaultMode` to `bypassPermissions` in a shared committed configclaude_settingsstable
SEC367Claude settings: wildcard WebFetch permissionsClaude settings permissions allow `WebFetch(*)` in a shared committed configclaude_settingsstable
SEC369Claude settings: wildcard Write permissionsClaude settings permissions allow `Write(*)` in a shared committed configclaude_settingsstable
SEC372Claude settings: wildcard Read permissionsClaude settings permissions allow `Read(*)` in a shared committed configclaude_settingsstable
SEC373Claude settings: wildcard Edit permissionsClaude settings permissions allow `Edit(*)` in a shared committed configclaude_settingsstable

SEC400 / CLAUDE-ENABLED-MCPJSON-SERVERS

SEC400 flags shared Claude settings when enabledMcpjsonServers is pre-populated.

Why It Matters

enabledMcpjsonServers moves MCP server enablement into shared committed config. That shifts a trust and approval decision into team defaults, making external server activation easier to cargo-cult without local review.

Trigger Shape

The rule triggers only when all of these are true:

  • the file is a detected Claude settings surface
  • the path is not fixture-like
  • enabledMcpjsonServers is a non-empty array
  • or enabledMcpjsonServers is a non-empty string

Clean Cases

These stay clean:

  • enabledMcpjsonServers: []
  • settings files that omit enabledMcpjsonServers
  • fixture-like examples under test or fixture paths

Example Trigger

json
{
  "enabledMcpjsonServers": ["claude-flow", "ruv-swarm"]
}

Safer Example

json
{
  "enabledMcpjsonServers": []
}

How To Fix

Remove shared enabledMcpjsonServers defaults, or keep MCP server enablement as a locally reviewed opt-in step.