Kjell Tore Guttormsen
ce3891bdd0
Single-file SPA playground har nå parser + renderer for alle 18 produces_report=true-kommandoer (Fase 2: 10 høy-prio + Fase 3: 8 gjenstående: mcp-inspect, supply-check, pre-deploy, diff, watch, registry, clean, threat-model). 18 markdown test-fixtures fungerer som kontrakt-anker for parser-utvikling. Komplett demo-prosjekt `dft-komplett-demo` har alle 18 rapporter ferdig parsed inline — klikk-gjennom uten "parser ikke implementert"- paneler. 2 nye archetypes i KEY_STATS_CONFIG: kanban-buckets (clean) og matrix-risk (threat-model). Bug-fix: normalizeVerdictText sjekker nå GO-WITH-CONDITIONS / CONDITIONAL / BETINGET FØR plain GO så betinget verdict (pre-deploy med åpne vilkår) ikke kollapser til ALLOW. Eksponert 11 window-globaler for testing/automasjon (__store, __navigate, __loadDemoState, __PARSERS, __RENDERERS, __CATALOG, __inferVerdict, __inferKeyStats, __renderPageShell, __handlePasteImport, __scheduleRender). 12 Playwright-genererte screenshots i playground/screenshots/v7.5.0/. A11Y-rapport (WCAG 2.1 AA): 0 blokkerende, 3 mindre forbedringer flagget for v7.5.x patch (skip-link, heading-hierarki på project, aria-live toast). Versjonsbump 7.4.0 -> 7.5.0 i 10 filer (package.json, plugin.json, CLAUDE.md header, README badge, CHANGELOG-entry, 3 scanner VERSION- konstanter, ROADMAP, marketplace-rot README). Ingen scanner- eller hook-behavior-changes — purely additive surface. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
112 lines
4.1 KiB
Markdown
112 lines
4.1 KiB
Markdown
# Skill Signature Registry
|
|
|
|
---
|
|
|
|
## Header
|
|
|
|
| Field | Value |
|
|
|-------|-------|
|
|
| **Report type** | registry |
|
|
| **Target** | ~/.claude/skills (local registry) |
|
|
| **Date** | 2026-05-05 |
|
|
| **Mode** | scan |
|
|
| **Version** | llm-security v7.4.0 |
|
|
| **Scope** | skill-signature fingerprint registry |
|
|
| **Triggered by** | /security registry scan |
|
|
|
|
---
|
|
|
|
## Risk Dashboard
|
|
|
|
| Metric | Value |
|
|
|--------|-------|
|
|
| **Risk Score** | 18/100 |
|
|
| **Risk Band** | Medium |
|
|
| **Grade** | B |
|
|
| **Verdict** | WARNING |
|
|
|
|
| Severity | Count |
|
|
|----------|------:|
|
|
| Critical | 0 |
|
|
| High | 1 |
|
|
| Medium | 2 |
|
|
| Low | 2 |
|
|
| Info | 5 |
|
|
| **Total** | **10** |
|
|
|
|
**Verdict rationale:** 1 HIGH on a known-malicious skill fingerprint match (`malicious-pdf-helper@1.0.0`). 2 MEDIUM on signature drift for previously-trusted skills.
|
|
|
|
---
|
|
|
|
## Registry Stats
|
|
|
|
| Metric | Value |
|
|
|--------|------:|
|
|
| **Skills tracked** | 87 |
|
|
| **Known-good fingerprints** | 79 |
|
|
| **Known-bad fingerprints** | 4 |
|
|
| **Unknown fingerprints** | 4 |
|
|
| **Drift events (30d)** | 7 |
|
|
| **Registry file** | reports/skill-registry.json |
|
|
|
|
---
|
|
|
|
## Signature Table
|
|
|
|
| Skill | Source | Fingerprint (SHA-256, 8-hex) | Status | First seen |
|
|
|-------|--------|------------------------------|--------|-----------|
|
|
| pdf-helper | builtin | a8f3e21d | known-good | 2026-01-12 |
|
|
| story | user | 4c2b89f0 | known-good | 2026-02-08 |
|
|
| malicious-pdf-helper | npm | 7e91d3a4 | KNOWN-BAD | 2026-04-22 |
|
|
| story-v2 | user | 9f1c2e8b | DRIFT (was 4c2b89f0) | 2026-05-04 |
|
|
| audit-helper | community | b3a7f29c | DRIFT (was c814e7a1) | 2026-05-03 |
|
|
| pptx | builtin | d7e4a1f3 | known-good | 2026-01-12 |
|
|
| capability-auditor | community | e2f9b483 | unknown (new) | 2026-05-05 |
|
|
| persona-creator | builtin | 1a4c8e07 | known-good | 2026-01-12 |
|
|
|
|
---
|
|
|
|
## Findings
|
|
|
|
### High
|
|
|
|
| ID | Category | Skill | File | Description | OWASP |
|
|
|----|----------|-------|------|-------------|-------|
|
|
| REG-001 | Known-bad | malicious-pdf-helper | ~/.claude/skills/malicious-pdf-helper/SKILL.md | Fingerprint matches 2026-04-22 advisory (data exfiltration via PDF metadata) | LLM05 |
|
|
|
|
### Medium
|
|
|
|
| ID | Category | Skill | File | Description | OWASP |
|
|
|----|----------|-------|------|-------------|-------|
|
|
| REG-002 | Drift | story-v2 | ~/.claude/skills/story-v2/SKILL.md | Fingerprint changed since registry — verify legitimacy | LLM05 |
|
|
| REG-003 | Drift | audit-helper | ~/.claude/skills/audit-helper/SKILL.md | Fingerprint changed since registry — verify legitimacy | LLM05 |
|
|
|
|
### Low
|
|
|
|
| ID | Category | Skill | File | Description | OWASP |
|
|
|----|----------|-------|------|-------------|-------|
|
|
| REG-004 | Unknown | capability-auditor | ~/.claude/skills/capability-auditor/SKILL.md | New community skill, no prior fingerprint — recommend manual review | — |
|
|
| REG-005 | Stale | unused-skill | ~/.claude/skills/unused-skill/SKILL.md | No invocations in 90 days — candidate for removal | — |
|
|
|
|
### Info
|
|
|
|
| ID | Category | Skill | File | Description | OWASP |
|
|
|----|----------|-------|------|-------------|-------|
|
|
| REG-006 | Coverage | (registry) | reports/skill-registry.json | 87 skills tracked across 4 sources (builtin/user/community/npm) | — |
|
|
| REG-007 | Coverage | (cache) | ~/.cache/llm-security/registry/ | Cache size: 412 KB | — |
|
|
| REG-008 | Coverage | (cache) | (TTL) | Registry cache TTL: 24h | — |
|
|
| REG-009 | Coverage | (cache) | (next sync) | 17h until next registry sync | — |
|
|
| REG-010 | History | (audit) | reports/registry-audit.jsonl | 7 drift events in last 30 days, all on community skills | — |
|
|
|
|
---
|
|
|
|
## Recommendations
|
|
|
|
1. **Immediate:** Disable or remove `malicious-pdf-helper` skill. Cross-reference with `~/.claude/skills/` and check if any agents reference it.
|
|
2. **High:** Investigate signature drift on `story-v2` and `audit-helper`. Compare against last-known-good fingerprint and re-register if legitimate update.
|
|
3. **Medium:** Manually review `capability-auditor` (new, unknown). Run `/security scan ~/.claude/skills/capability-auditor` for full analysis.
|
|
4. **Low:** Audit unused skills — `unused-skill` has had no invocations in 90d.
|
|
|
|
---
|
|
|
|
*Registry scan complete. 87 skills, 1 known-bad, 2 drift events.*
|