feat(llm-security-copilot): port llm-security v5.1.0 to GitHub Copilot CLI

Full port of llm-security plugin for internal use on Windows with GitHub Copilot CLI. Protocol translation layer (copilot-hook-runner.mjs) normalizes Copilot camelCase I/O to Claude Code snake_case format — all original hook scripts run unmodified. - 8 hooks with protocol translation (stdin/stdout/exit code) - 18 SKILL.md skills (Agent Skills Open Standard) - 6 .agent.md agent definitions - 20 scanners + 14 scanner lib modules (unchanged) - 14 knowledge files (unchanged) - 39 test files including copilot-port-verify.mjs (17 tests) - Windows-ready: node:path, os.tmpdir(), process.execPath, no bash Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-09 21:56:10 +02:00 · 2026-04-09 21:56:10 +02:00 · f418a8fe08
commit f418a8fe08
parent 901bf0ae12
169 changed files with 37631 additions and 0 deletions
--- a/plugins/llm-security-copilot/skills/mcp-audit/SKILL.md
+++ b/plugins/llm-security-copilot/skills/mcp-audit/SKILL.md
@ -0,0 +1,47 @@
+---
+name: security-mcp-audit
+description: Audit all installed MCP server configurations for security risks, trust verification, and permission analysis
+---
+
+# MCP Audit
+
+Comprehensive audit of all installed MCP server configurations.
+
+## Step 1: Parse Arguments
+
+Check for `--live` flag in `$ARGUMENTS`.
+
+## Step 2: Discover MCP Configs
+
+Search these locations for MCP server configurations:
+- `.mcp.json` in project root
+- `.vscode/mcp.json`
+- Settings files with `mcpServers` sections
+- Global MCP configuration files
+
+## Step 3: Analyze Each Server
+
+Read `<plugin-root>/knowledge/mcp-threat-patterns.md`.
+
+For each discovered MCP server, perform 5-phase analysis:
+1. **Tool Description Analysis** — Check for hidden instructions, excessive length (>500 chars), Unicode anomalies, dynamic description loading
+2. **Source Code Analysis** — Code execution (eval/exec), network calls, file system access, credential access, time-conditional behavior
+3. **Dependency Analysis** — Run `npm audit` or `pip audit` as appropriate. Check for typosquatting, suspicious packages
+4. **Configuration Analysis** — Permission surface, declared vs actual scope, auth configuration
+5. **Rug Pull Detection** — Dynamic tool metadata, config self-modification, remote flag control, self-update mechanisms
+
+Trust rating per server: Trusted / Cautious / Untrusted / Dangerous.
+
+## Step 4: Live Inspection (if --live)
+
+```bash
+node <plugin-root>/scanners/mcp-live-inspect.mjs
+```
+
+Connect to running MCP servers, scan live tool descriptions, detect injection and shadowing.
+
+## Step 5: Report
+
+Output: MCP Landscape Summary table, per-server trust rating, findings grouped by severity. Group servers into: Keep (Trusted) / Review (Cautious) / Remove (Untrusted/Dangerous).
+
+If static finding + live injection on same server = CRITICAL escalation.