Plugin hook: Linux capability manipulation

Plugin hook command manipulates Linux capabilities

Provider: lintai-ai-security
Surface: json
Scope: per_file
Tier: stable
Severity: warn
Confidence: high
Detection: structural
Remediation: message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

basemembership

mcpmembership

Lifecycle

Stable Lifecycle Contract

State

stable_gated

Graduation rationale

Checks committed plugin hook command values for explicit Linux capability manipulation payloads.

Deterministic signal basis

JsonSignals command-string analysis over ArtifactKind::CursorPluginHooks for `setcap` or dangerous Linux capability tokens such as `cap_setuid` and `cap_sys_admin`.

Malicious corpus

plugin-hook-command-privilege-escalation-payloads

Benign corpus

plugin-hook-command-safe

structured evidence required remediation reviewed

Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC301MCP config: shell trampolineMCP configuration shells out through sh -c or bash -cjsonstable

SEC302Config: insecure HTTP endpointConfiguration contains an insecure http:// endpointjsonstable

SEC303MCP config: credential env passthroughMCP configuration passes through credential environment variablesjsonstable

SEC304Config: TLS verification disabledConfiguration disables TLS or certificate verificationjsonstable

SEC305Config: hardcoded auth materialConfiguration embeds static authentication material in a connection or auth valuejsonstable

SEC309Config: literal secrets in configConfiguration commits literal secret material in env, auth, or header valuesjsonstable

Why It Matters

Dangerous Linux capabilities can grant elevated host privileges from repository-delivered plugin automation.

What Triggers

SEC672 matches plugin hook command strings that run setcap or include dangerous capability tokens such as cap_setuid, cap_setgid, cap_sys_admin, or cap_net_admin.

False Positives

Capability assignment may be legitimate in specialized admin plugins, but it still requires explicit review rather than silent plugin execution.

Remediation

Remove Linux capability manipulation from the plugin hook and keep capability assignment in a separate reviewed administrative path.

Plugin hook: Linux capability manipulation

Preset Membership

Stable Lifecycle Contract

Related Rules

Why It Matters ​

What Triggers ​

False Positives ​

Remediation ​

Why It Matters

What Triggers

False Positives

Remediation