open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/plugins/llm-security/commands/audit.md
Kjell Tore Guttormsen d3b1157a08 docs(scoring): unify scan/audit/mcp-scanner/posture-assessor to v2 formula 
Closes the v7.1.1 out-of-scope item: commands/scan.md:113-114 retained
the v1 formula. Exploration found two more v1 surfaces that v7.1.1
missed: commands/audit.md:46 and agents/mcp-scanner-agent.md:419, plus
agents/posture-assessor-agent.md:376 (caught by the new doc-consistency
test). Four files unified to v2 in one atomic commit.

Three-way → four-way verdict-divergence is now closed:
- scanners/lib/severity.mjs (v2, BLOCK ≥65, WARNING ≥15) — authoritative
- agents/skill-scanner-agent.md (v2 since v7.1.1)
- templates/unified-report.md (v2 since v7.1.1)
- commands/scan.md (v2 — this commit)
- commands/audit.md (v2 — this commit)
- agents/mcp-scanner-agent.md (v2 — this commit)
- agents/posture-assessor-agent.md (v2 — this commit)

New: tests/lib/doc-consistency.test.mjs walks commands/ + agents/ and
asserts NO file contains v1 formula tokens. Pinned regex set:
  - score >= 61, score >= 21, score ≥ 61, score ≥ 21
  - critical * 25, Critical × 25
  - min(100, critical*25 ...)

Plus three v2-cutoff anchors asserting commands/scan.md, commands/audit.md,
and agents/mcp-scanner-agent.md document the v2 BLOCK ≥65 cutoff (or
reference riskScore() helper).

Tests: 1523 → 1551 (+28 from doc-consistency: 25 file walks + 3 anchors).
All green.
2026-04-29 13:58:25 +02:00

1.8 KiB
Raw Blame History

name description allowed-tools model
security:audit Full project security audit with OWASP LLM Top 10 assessment, scoring, and remediation plan Read, Glob, Grep, Bash, Agent sonnet

/security audit

Full security audit — 10 categories, OWASP LLM Top 10 aligned, A-F grade.

Step 1: Run Posture Scanner

Run the deterministic posture scanner first for instant category results:

node <this plugin's scanners/posture-scanner.mjs> [cwd]

Parse JSON output. Record: grade, risk score, all category statuses, all findings.

Step 2: Gather Context

  1. Read CLAUDE.md for project name and type
  2. Glob for: commands/*.md, agents/*.md, .mcp.json, **/.mcp.json, .claude-plugin/plugin.json
  3. Determine: has skills/commands? has MCP servers?

Step 3: Skill Scan (if commands/agents found)

Spawn subagent_type: "llm-security:skill-scanner-agent", model: "sonnet":

Scan all commands/ and agents/ at [cwd]. Read: <plugin-root>/knowledge/skill-threat-patterns.md Return findings: file, issue, severity, OWASP ref.

Step 4: MCP Scan (if MCP servers found)

After skill scan, spawn subagent_type: "llm-security:mcp-scanner-agent", model: "sonnet":

Audit MCP configs at [cwd]. Read: <plugin-root>/knowledge/mcp-threat-patterns.md Return trust table and findings with severity.

Step 5: Generate Report

Merge posture scanner JSON + agent findings. Use the posture scanner's grade as the baseline. Recalculate risk_score = riskScore(counts) (severity-dominated v2 model — see scanners/lib/severity.mjs) including agent findings.

Output: Risk Dashboard, Executive Summary, 10 Category Sections (use scanner evidence + agent narrative), Summary Table, Action Items (IMMEDIATE → HIGH → MEDIUM).

Close with top 2-3 action items. If grade C or lower: suggest /security threat-model.