open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions

feat(llm-security): add /security ide-scan — VS Code / JetBrains extension prescan (v6.3.0)

Browse source 
New standalone scanner (prefix IDE) discovers installed VS Code extensions
across forks (Cursor, Windsurf, VSCodium, code-server, Insiders, Remote-SSH)
and runs 7 IDE-specific threat checks: blocklist match (CRITICAL),
theme-with-code, sideload (unsigned .vsix), dangerous uninstall hook (HIGH),
wildcard activation, extension-pack expansion, typosquat (MEDIUM).

Per-extension reuse of UNI/ENT/NET/TNT/MEM/SCR scanners with bounded
concurrency. Offline-first; --online opt-in. JetBrains discovery stubbed
for v1.1. 22 new tests (1296 total, was 1274).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Kjell Tore Guttormsen 2026-04-17 16:23:35 +02:00
commit 6252e55700
33 changed files with 1849 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

2
plugins/llm-security/commands/security.md
View file

@ -21,6 +21,7 @@ Based on OWASP LLM Top 10 (2025) and OWASP Agentic AI Top 10.
| `/security plugin-audit [path\|url]` | Dedicated plugin security audit with trust verdict | Before installing a third-party plugin |
| `/security mcp-audit [--live]` | Focused audit of all installed MCP servers | After adding MCP servers or on suspicion |
| `/security mcp-inspect` | Live inspection — connect to MCP servers, scan tool descriptions | Verify running servers have safe tool descriptions |
| `/security ide-scan [target]` | Scan installed VS Code / JetBrains extensions for supply-chain risk, typosquats, malicious patterns | After installing new extensions or periodic review |
| `/security posture` | Quick security posture scorecard | Daily/weekly health check |
| `/security threat-model` | Interactive STRIDE/MAESTRO threat modeling session | When designing new architecture |
| `/security diff [path]` | Compare scan against stored baseline — shows new/resolved/moved | Track security changes over time |
@ -37,6 +38,7 @@ Based on OWASP LLM Top 10 (2025) and OWASP Agentic AI Top 10.
- **New to security?** Start with `/security posture` for a quick health check
- **Evaluating a plugin?** Run `/security plugin-audit path/to/plugin` for a full trust assessment
- **Inspecting live MCP servers?** Run `/security mcp-inspect` to connect and scan tool descriptions
- **Installed IDE extensions?** Run `/security ide-scan` to audit VS Code / Cursor / Windsurf extensions
- **Evaluating a remote plugin?** Run `/security plugin-audit https://github.com/user/repo`
- **Scanning a remote repo?** Run `/security scan https://github.com/user/repo`
- **Scanning individual files?** Run `/security scan path/to/file` for targeted analysis