docs: add full-depth plugin review (2026-06-20)

Grade A — non-agentic; one v0.1.0 maturity nit (no permissions block). Part of the marketplace-wide review (config-audit v5.4.0 + llm-security + structure + version). Read-only; this file is the only artifact.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01Ter3E2JSi1Khgmuf2kady8
This commit is contained in:
Kjell Tore Guttormsen 2026-06-20 09:14:07 +02:00
commit 5c75bd5de7

29
docs/review-2026-06-20.md Normal file
View file

@ -0,0 +1,29 @@
# Plugin review — claude-design v0.1.0 (2026-06-20)
> Full-depth review (part of the marketplace-wide sweep; pilot was okr). Tooling: config-audit
> v5.4.0 scanners (from source) + llm-security posture assessor + structure/version checks.
> Read-only; this file is the only artifact.
## Verdict
**Clean, grade A — deliberately non-agentic.** Emits a copy-paste design prompt for a human to
paste into claude.ai/design; never executes the prompt, drives a browser, or touches the
filesystem. One v0.1.0 maturity nit. No blockers.
## Results by dimension
| Dimension | Result |
|-----------|--------|
| config-audit posture | **A** (Feature Coverage F 26, Token-Efficiency B 80 — expected for an early single-skill plugin) |
| config-audit plugin-health | **0 findings** |
| llm-security posture | **A** — only F-1 below. Strongest axis is Excessive Agency: `SKILL.md:151-156` explicitly disclaims code-gen, browser automation, and file writes. Unicode sweep clean; ~9 community-blog URLs are inert citations (never fetch targets). Scope-fence against Anthropic's official design plugin is test-enforced. |
| structure / hygiene | README ✓, CHANGELOG ✓, CLAUDE.md ✓, LICENSE ✓ |
| version consistency | **OK** (gate) |
## Findings
| ID | Severity | Location | Finding |
|----|----------|----------|---------|
| F-1 | Low (maturity) | `plugin.json:1-18` | No explicit `permissions` block. Not exploitable now (ships no hooks/MCP/commands; the skill invokes no tools), but new components added post-v0.1.0 would inherit session permissions with no deny-by-default baseline. **Recommend:** a minimal explicit `permissions` block before GA. |
Citation discipline and the command-name scope-fence are test-gated strengths, not findings.