open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/plugins/llm-security/commands/security.md
Kjell Tore Guttormsen 001df2ebe8 feat(commands): E14 part 3 — /security mcp-baseline-reset slash command 
Wave C step C3: closes E14 with the user-facing reset command.

After a legitimate MCP server upgrade the sticky baseline (added in C1)
becomes a stale "what the tool used to say" anchor and every subsequent
post-mcp-verify advisory will re-flag the change. /security mcp-baseline-reset
lets the user acknowledge the upgrade so the next call seeds a fresh
baseline.

New files:
- scanners/mcp-baseline-reset.mjs — small CLI wrapper around clearBaseline /
  listBaselines. Modes: --list (read-only), --target <name>, no-args (all).
  Outputs JSON summary on stdout. Exit 0 always (idempotent).
- commands/mcp-baseline-reset.md — dispatcher following mcp-inspect.md
  shape. Frontmatter: name=security:mcp-baseline-reset, sonnet model,
  Read/Bash/AskUserQuestion tools. 4-step body (list -> confirm scope
  -> execute -> confirm result).
- tests/scanners/mcp-baseline-reset.test.mjs — 10 CLI tests across
  --list, --target, clear-all, idempotency, history preservation, and
  bare-positional sugar.

Updated:
- commands/security.md — new row in commands table after mcp-inspect.
- CLAUDE.md — new commands-table row + new v7.3.0 narrative section
  describing the baseline schema, cumulative-drift detection, reset
  semantics, and the LLM_SECURITY_MCP_CACHE_FILE override.
- Plugin README.md — new MCP-baseline-reset row in commands table,
  scanner count 12 standalone -> 13 standalone, new "MCP Description
  Drift (E14, v7.3.0)" subsection explaining the sticky baseline,
  cumulative threshold, reset semantics, and env-var override.
- Root marketplace README.md — scanner count 22 -> 23 (10 orchestrated +
  13 standalone), command count 19 -> 20, test count 1511 -> 1768.

Wave C complete: 1738 -> 1768 tests (+30 across C1/C2/C3). Per plan,
Wave C does NOT bump the plugin version — that lands at the wave-bundle
release. The advisory text in post-mcp-verify already references the
new command path so the user has a ready remediation step.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-30 16:49:01 +02:00

5.3 KiB
Raw Permalink Blame History

name description allowed-tools model
security LLM Security — security scanning, auditing, and threat modeling for Claude Code projects Read, Glob sonnet

LLM Security Plugin

Security scanning, auditing, and threat modeling for Claude Code projects. Based on OWASP LLM Top 10 (2025) and OWASP Agentic AI Top 10.

Commands

Command Description When to use
/security scan [path|url] Scan skills, MCP servers, directories, or GitHub repos Before installing a new skill or MCP server
/security scan [path|url] --deep Enhanced scan: LLM agents + 7 deterministic scanners Deep analysis with entropy, taint, git forensics
/security deep-scan [path] Run 7 deterministic scanners only (no LLM agents) Fast, reproducible, deterministic-only analysis
/security audit Full project security audit with A-F grading Periodic review (monthly recommended)
/security plugin-audit [path|url] Dedicated plugin security audit with trust verdict Before installing a third-party plugin
/security mcp-audit [--live] Focused audit of all installed MCP servers After adding MCP servers or on suspicion
/security mcp-inspect Live inspection — connect to MCP servers, scan tool descriptions Verify running servers have safe tool descriptions
/security mcp-baseline-reset Reset MCP description baseline cache After legitimate MCP server upgrade
/security ide-scan [target] Scan installed VS Code / JetBrains extensions for supply-chain risk, typosquats, malicious patterns After installing new extensions or periodic review
/security posture Quick security posture scorecard Daily/weekly health check
/security threat-model Interactive STRIDE/MAESTRO threat modeling session When designing new architecture
/security diff [path] Compare scan against stored baseline — shows new/resolved/moved Track security changes over time
/security watch [path] [--interval 6h] Monitor path continuously — runs diff on interval Ongoing security monitoring
/security clean [path] Clean/remediate security findings — auto-fixes, confirms semi-auto, reports manual Sanitizing third-party plugin before install
/security supply-check [path] Re-audit installed deps — lockfiles vs blocklists, OSV.dev CVEs, typosquats Periodic dependency audit
/security dashboard Cross-project security dashboard — machine-wide posture overview Machine-wide security health check
/security harden [path] Generate Grade A security config — settings.json, CLAUDE.md, .gitignore Hardening a new or existing project
/security red-team [--category] Attack simulation — test hook defenses with crafted payloads Verify hooks actually block what they claim
/security pre-deploy Pre-deployment security checklist Before pushing to production

Quick Start

  • New to security? Start with /security posture for a quick health check
  • Evaluating a plugin? Run /security plugin-audit path/to/plugin for a full trust assessment
  • Inspecting live MCP servers? Run /security mcp-inspect to connect and scan tool descriptions
  • Installed IDE extensions? Run /security ide-scan to audit VS Code / Cursor / Windsurf extensions
  • Evaluating a remote plugin? Run /security plugin-audit https://github.com/user/repo
  • Scanning a remote repo? Run /security scan https://github.com/user/repo
  • Scanning individual files? Run /security scan path/to/file for targeted analysis
  • Want deterministic analysis? Run /security deep-scan . for 7 automated scanners (entropy, unicode, taint, git, deps, permissions, network)
  • Tracking changes? Run /security diff . to compare against a stored baseline
  • Continuous monitoring? Run /security watch . for interval-based security diffs (default 6h)
  • Full analysis? Run /security scan . --deep to combine LLM + deterministic scanners
  • Sanitizing a plugin? /security clean path/to/plugin — auto-fix + confirm + report
  • Hardening a project? Run /security harden . to generate Grade A configuration
  • Machine-wide overview? Run /security dashboard for a cross-project security dashboard
  • Testing your defenses? Run /security red-team to simulate 38 attacks against your hooks
  • Heading to production? Run /security pre-deploy for the checklist
  • Need deep analysis? Run /security threat-model for guided threat modeling

What's Protected (Hooks)

This plugin includes automated security hooks that run on every operation:

Hook Protects Against
Secret detection API keys, tokens, passwords in code
Path guarding Writes to .env, .ssh, credentials files
Destructive command blocking rm -rf, force push, pipe-to-shell
MCP output verification Data leakage in MCP tool outputs

These hooks are always active when the plugin is installed — no commands needed.

Knowledge Base

Built on research-backed threat intelligence:

  • OWASP LLM Top 10 (2025) — 10 LLM-specific risk categories
  • OWASP Agentic AI Top 10 — Agent-specific threats (ASI01-ASI10)
  • ToxicSkills study — Real-world malicious skill patterns
  • MCPTox research — MCP server vulnerability patterns
  • Mitigation matrix — Threat-to-control mapping for Claude Code