MCP config: gh repo create auto-approve

MCP configuration auto-approves `Bash(gh repo create:*)` through `autoApprove`

Provider: lintai-ai-security
Surface: json
Scope: per_file
Tier: stable
Severity: warn
Confidence: high
Detection: structural
Remediation: message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

basemembership

mcpmembership

Lifecycle

Stable Lifecycle Contract

State

stable_gated

Graduation rationale

Matches exact `gh repo create` auto-approval in MCP client config.

Deterministic signal basis

JsonSignals exact array-item detection for `autoApprove: ["Bash(gh repo create:*)"]` on parsed MCP configuration.

Malicious corpus

mcp-autoapprove-gh-mutation-family

Benign corpus

mcp-autoapprove-gh-mutation-family-specific-safe

structured evidence required remediation reviewed

Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC301MCP config: shell trampolineMCP configuration shells out through sh -c or bash -cjsonstable

SEC302Config: insecure HTTP endpointConfiguration contains an insecure http:// endpointjsonstable

SEC303MCP config: credential env passthroughMCP configuration passes through credential environment variablesjsonstable

SEC304Config: TLS verification disabledConfiguration disables TLS or certificate verificationjsonstable

SEC305Config: hardcoded auth materialConfiguration embeds static authentication material in a connection or auth valuejsonstable

SEC309Config: literal secrets in configConfiguration commits literal secret material in env, auth, or header valuesjsonstable

SEC561 / MCP-AUTOAPPROVE-GH-REPO-CREATE

SEC561 flags MCP configuration when autoApprove includes the exact tool token Bash(gh repo create:*).

Why It Matters

gh repo create provisions new repositories remotely. Auto-approving it removes review from repository creation flows.

Trigger Shape

the file is a detected MCP configuration surface
autoApprove is a string array
the array contains the exact item Bash(gh repo create:*)

How To Fix

Remove gh repo create from autoApprove and keep repository creation under explicit user review.

MCP config: gh repo create auto-approve

Preset Membership

Stable Lifecycle Contract

Related Rules

SEC561 / MCP-AUTOAPPROVE-GH-REPO-CREATE ​

Why It Matters ​

Trigger Shape ​

How To Fix ​

SEC561 / MCP-AUTOAPPROVE-GH-REPO-CREATE

Why It Matters

Trigger Shape

How To Fix