open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/plugins/llm-security/commands/audit.md
Kjell Tore Guttormsen d3b1157a08 docs(scoring): unify scan/audit/mcp-scanner/posture-assessor to v2 formula 
Closes the v7.1.1 out-of-scope item: commands/scan.md:113-114 retained
the v1 formula. Exploration found two more v1 surfaces that v7.1.1
missed: commands/audit.md:46 and agents/mcp-scanner-agent.md:419, plus
agents/posture-assessor-agent.md:376 (caught by the new doc-consistency
test). Four files unified to v2 in one atomic commit.

Three-way → four-way verdict-divergence is now closed:
- scanners/lib/severity.mjs (v2, BLOCK ≥65, WARNING ≥15) — authoritative
- agents/skill-scanner-agent.md (v2 since v7.1.1)
- templates/unified-report.md (v2 since v7.1.1)
- commands/scan.md (v2 — this commit)
- commands/audit.md (v2 — this commit)
- agents/mcp-scanner-agent.md (v2 — this commit)
- agents/posture-assessor-agent.md (v2 — this commit)

New: tests/lib/doc-consistency.test.mjs walks commands/ + agents/ and
asserts NO file contains v1 formula tokens. Pinned regex set:
  - score >= 61, score >= 21, score ≥ 61, score ≥ 21
  - critical * 25, Critical × 25
  - min(100, critical*25 ...)

Plus three v2-cutoff anchors asserting commands/scan.md, commands/audit.md,
and agents/mcp-scanner-agent.md document the v2 BLOCK ≥65 cutoff (or
reference riskScore() helper).

Tests: 1523 → 1551 (+28 from doc-consistency: 25 file walks + 3 anchors).
All green.
2026-04-29 13:58:25 +02:00

50 lines
1.8 KiB
Markdown
Raw Blame History

---
name: security:audit
description: Full project security audit with OWASP LLM Top 10 assessment, scoring, and remediation plan
allowed-tools: Read, Glob, Grep, Bash, Agent
model: sonnet
---
# /security audit
Full security audit — 10 categories, OWASP LLM Top 10 aligned, A-F grade.
## Step 1: Run Posture Scanner
Run the deterministic posture scanner first for instant category results:
```
node <this plugin's scanners/posture-scanner.mjs> [cwd]
```
Parse JSON output. Record: grade, risk score, all category statuses, all findings.
## Step 2: Gather Context
1. Read `CLAUDE.md` for project name and type
2. Glob for: `commands/*.md`, `agents/*.md`, `.mcp.json`, `**/.mcp.json`, `.claude-plugin/plugin.json`
3. Determine: has skills/commands? has MCP servers?
## Step 3: Skill Scan (if commands/agents found)
Spawn `subagent_type: "llm-security:skill-scanner-agent"`, `model: "sonnet"`:
> Scan all commands/ and agents/ at [cwd].
> Read: \<plugin-root\>/knowledge/skill-threat-patterns.md
> Return findings: file, issue, severity, OWASP ref.
## Step 4: MCP Scan (if MCP servers found)
After skill scan, spawn `subagent_type: "llm-security:mcp-scanner-agent"`, `model: "sonnet"`:
> Audit MCP configs at [cwd]. Read: \<plugin-root\>/knowledge/mcp-threat-patterns.md
> Return trust table and findings with severity.
## Step 5: Generate Report
Merge posture scanner JSON + agent findings. Use the posture scanner's grade as the baseline.
Recalculate `risk_score = riskScore(counts)` (severity-dominated v2 model — see `scanners/lib/severity.mjs`) including agent findings.
Output: Risk Dashboard, Executive Summary, 10 Category Sections (use scanner evidence + agent narrative), Summary Table, Action Items (IMMEDIATE → HIGH → MEDIUM).
Close with top 2-3 action items. If grade C or lower: suggest `/security threat-model`.
Reference in a new issue View git blame Copy permalink