open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions

feat(llm-security-copilot): port llm-security v5.1.0 to GitHub Copilot CLI

Browse source 
Full port of llm-security plugin for internal use on Windows with GitHub
Copilot CLI. Protocol translation layer (copilot-hook-runner.mjs)
normalizes Copilot camelCase I/O to Claude Code snake_case format — all
original hook scripts run unmodified.

- 8 hooks with protocol translation (stdin/stdout/exit code)
- 18 SKILL.md skills (Agent Skills Open Standard)
- 6 .agent.md agent definitions
- 20 scanners + 14 scanner lib modules (unchanged)
- 14 knowledge files (unchanged)
- 39 test files including copilot-port-verify.mjs (17 tests)
- Windows-ready: node:path, os.tmpdir(), process.execPath, no bash

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Kjell Tore Guttormsen 2026-04-09 21:56:10 +02:00
commit f418a8fe08
169 changed files with 37631 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

180
plugins/llm-security-copilot/templates/archive/deep-scan-report.md Normal file
View file

@ -0,0 +1,180 @@
# Deep Scan Report — {{TARGET}}
**Date:** {{TIMESTAMP}}
**Node.js:** {{NODE_VERSION}}
**Duration:** {{TOTAL_DURATION_MS}}ms
---
## Verdict: {{VERDICT}}
**Risk Score:** {{RISK_SCORE}}/100
**Total Findings:** {{TOTAL_FINDINGS}} ({{CRITICAL}}C {{HIGH}}H {{MEDIUM}}M {{LOW}}L {{INFO}}I)
**Scanners:** {{SCANNERS_OK}} ok, {{SCANNERS_ERROR}} error, {{SCANNERS_SKIPPED}} skipped
### Verdict Logic
| Condition | Threshold | Result |
|-----------|-----------|--------|
| Any CRITICAL or >=3 HIGH | Hard block | **BLOCK** |
| Any HIGH or >=5 MEDIUM | Review required | **WARNING** |
| Otherwise | Clean | **ALLOW** |
---
## Executive Summary
<!-- Synthesizer agent: Write 3-5 sentences summarizing the key security posture.
Focus on: what types of issues dominate, which scanners found the most,
whether findings suggest intentional malice vs. poor hygiene. -->
{{EXECUTIVE_SUMMARY}}
---
## Scanner Results
### 1. Unicode Analysis (UNI)
**Status:** {{UNI_STATUS}} | **Files:** {{UNI_FILES}} | **Findings:** {{UNI_FINDINGS}} | **Time:** {{UNI_DURATION}}ms
Detects hidden Unicode characters used for prompt injection and code obfuscation:
zero-width chars, Unicode Tag steganography, BIDI overrides (Trojan Source), homoglyphs.
<!-- List UNI findings here, grouped by severity -->
{{UNI_DETAILS}}
### 2. Entropy Analysis (ENT)
**Status:** {{ENT_STATUS}} | **Files:** {{ENT_FILES}} | **Findings:** {{ENT_FINDINGS}} | **Time:** {{ENT_DURATION}}ms
Detects encoded payloads via Shannon entropy: base64 blobs, hex-encoded data,
encrypted content, hardcoded secrets with high randomness.
<!-- List ENT findings here. Note: high false-positive rate on knowledge files is expected. -->
{{ENT_DETAILS}}
### 3. Permission Mapping (PRM)
**Status:** {{PRM_STATUS}} | **Files:** {{PRM_FILES}} | **Findings:** {{PRM_FINDINGS}} | **Time:** {{PRM_DURATION}}ms
Claude Code plugin analysis: purpose-vs-tools mismatches, dangerous tool combinations,
ghost hooks, haiku on sensitive agents, overprivileged components.
<!-- List PRM findings here -->
{{PRM_DETAILS}}
### 4. Dependency Audit (DEP)
**Status:** {{DEP_STATUS}} | **Files:** {{DEP_FILES}} | **Findings:** {{DEP_FINDINGS}} | **Time:** {{DEP_DURATION}}ms
CVE detection (npm/pip audit), typosquatting (Levenshtein vs top packages),
malicious install scripts, unpinned versions.
<!-- List DEP findings here, or note "skipped" if no package manager files -->
{{DEP_DETAILS}}
### 5. Taint Tracing (TNT)
**Status:** {{TNT_STATUS}} | **Files:** {{TNT_FILES}} | **Findings:** {{TNT_FINDINGS}} | **Time:** {{TNT_DURATION}}ms
Data flow analysis from untrusted sources (env vars, request bodies, tool input)
to dangerous sinks (eval, exec, fetch, writeFile). Regex-based, ~70% recall.
<!-- List TNT findings here -->
{{TNT_DETAILS}}
### 6. Git Forensics (GIT)
**Status:** {{GIT_STATUS}} | **Files:** {{GIT_FILES}} | **Findings:** {{GIT_FINDINGS}} | **Time:** {{GIT_DURATION}}ms
Supply chain rug pull signals: force pushes, description drift, hook modifications,
new outbound URLs, author changes, binary additions, suspicious commit patterns.
<!-- List GIT findings here, or note "skipped" if not a git repo -->
{{GIT_DETAILS}}
### 7. Network Mapping (NET)
**Status:** {{NET_STATUS}} | **Files:** {{NET_FILES}} | **Findings:** {{NET_FINDINGS}} | **Time:** {{NET_DURATION}}ms
Outbound URL discovery and classification: trusted (allow-listed), suspicious
(exfiltration endpoints, tunneling services), IP-based, unknown domains.
<!-- List NET findings here -->
{{NET_DETAILS}}
---
## Risk Matrix
| Scanner | CRITICAL | HIGH | MEDIUM | LOW | INFO |
|---------|----------|------|--------|-----|------|
| Unicode (UNI) | {{UNI_C}} | {{UNI_H}} | {{UNI_M}} | {{UNI_L}} | {{UNI_I}} |
| Entropy (ENT) | {{ENT_C}} | {{ENT_H}} | {{ENT_M}} | {{ENT_L}} | {{ENT_I}} |
| Permission (PRM) | {{PRM_C}} | {{PRM_H}} | {{PRM_M}} | {{PRM_L}} | {{PRM_I}} |
| Dependency (DEP) | {{DEP_C}} | {{DEP_H}} | {{DEP_M}} | {{DEP_L}} | {{DEP_I}} |
| Taint (TNT) | {{TNT_C}} | {{TNT_H}} | {{TNT_M}} | {{TNT_L}} | {{TNT_I}} |
| Git (GIT) | {{GIT_C}} | {{GIT_H}} | {{GIT_M}} | {{GIT_L}} | {{GIT_I}} |
| Network (NET) | {{NET_C}} | {{NET_H}} | {{NET_M}} | {{NET_L}} | {{NET_I}} |
| **TOTAL** | **{{CRITICAL}}** | **{{HIGH}}** | **{{MEDIUM}}** | **{{LOW}}** | **{{INFO}}** |
---
## OWASP Coverage
| OWASP Category | Findings | Scanners |
|----------------|----------|----------|
| LLM01 — Prompt Injection | {{LLM01_COUNT}} | UNI, ENT, TNT |
| LLM02 — Sensitive Info Disclosure | {{LLM02_COUNT}} | TNT, NET |
| LLM03 — Supply Chain | {{LLM03_COUNT}} | ENT, DEP, GIT, NET |
| LLM06 — Excessive Agency | {{LLM06_COUNT}} | PRM |
---
## Recommendations
<!-- Synthesizer agent: Prioritized action items based on findings.
Group by urgency: Immediate (CRITICAL/HIGH), Short-term (MEDIUM), Improve (LOW/INFO).
Be specific — reference finding IDs and files. -->
### Immediate (CRITICAL + HIGH)
{{IMMEDIATE_ACTIONS}}
### Short-term (MEDIUM)
{{SHORTTERM_ACTIONS}}
### Improvements (LOW + INFO)
{{IMPROVEMENT_ACTIONS}}
---
## Methodology
This report was generated by 7 deterministic Node.js scanners (zero external dependencies).
Scanner results are factual and reproducible. The Executive Summary and Recommendations
sections are synthesized by an LLM agent interpreting the raw findings.
| Scanner | Algorithm | Limitations |
|---------|-----------|-------------|
| Unicode | Codepoint iteration, Tag decoding | None — deterministic |
| Entropy | Shannon H per string literal | FP on knowledge files, data URIs |
| Permission | Frontmatter parsing, cross-reference | Claude Code plugins only |
| Dependency | npm/pip audit, Levenshtein | Requires package manager CLI |
| Taint | Regex variable tracking, 3-pass | ~70% recall, no AST, no cross-file |
| Git | History analysis, reflog, diff | Max 500 commits, 15s timeout |
| Network | URL extraction, DNS resolution | Max 50 DNS lookups, 3s timeout |
---
*Generated by llm-security deep-scan v1.2.0*