open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/plugins/llm-security/playground/test-fixtures/registry.md
Kjell Tore Guttormsen ce3891bdd0 feat(llm-security): playground Fase 3 — v7.5.0 med 18 parsere/renderere 
Single-file SPA playground har nå parser + renderer for alle 18
produces_report=true-kommandoer (Fase 2: 10 høy-prio + Fase 3: 8
gjenstående: mcp-inspect, supply-check, pre-deploy, diff, watch,
registry, clean, threat-model). 18 markdown test-fixtures fungerer
som kontrakt-anker for parser-utvikling.

Komplett demo-prosjekt `dft-komplett-demo` har alle 18 rapporter
ferdig parsed inline — klikk-gjennom uten "parser ikke implementert"-
paneler. 2 nye archetypes i KEY_STATS_CONFIG: kanban-buckets (clean)
og matrix-risk (threat-model).

Bug-fix: normalizeVerdictText sjekker nå GO-WITH-CONDITIONS /
CONDITIONAL / BETINGET FØR plain GO så betinget verdict (pre-deploy
med åpne vilkår) ikke kollapser til ALLOW.

Eksponert 11 window-globaler for testing/automasjon (__store,
__navigate, __loadDemoState, __PARSERS, __RENDERERS, __CATALOG,
__inferVerdict, __inferKeyStats, __renderPageShell,
__handlePasteImport, __scheduleRender). 12 Playwright-genererte
screenshots i playground/screenshots/v7.5.0/.

A11Y-rapport (WCAG 2.1 AA): 0 blokkerende, 3 mindre forbedringer
flagget for v7.5.x patch (skip-link, heading-hierarki på project,
aria-live toast).

Versjonsbump 7.4.0 -> 7.5.0 i 10 filer (package.json, plugin.json,
CLAUDE.md header, README badge, CHANGELOG-entry, 3 scanner VERSION-
konstanter, ROADMAP, marketplace-rot README).

Ingen scanner- eller hook-behavior-changes — purely additive surface.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-05 22:15:47 +02:00

4.1 KiB
Raw Blame History

Skill Signature Registry

Header

Field Value
Report type registry
Target ~/.claude/skills (local registry)
Date 2026-05-05
Mode scan
Version llm-security v7.4.0
Scope skill-signature fingerprint registry
Triggered by /security registry scan

Risk Dashboard

Metric Value
Risk Score 18/100
Risk Band Medium
Grade B
Verdict WARNING
Severity Count
Critical 0
High 1
Medium 2
Low 2
Info 5
Total 10

Verdict rationale: 1 HIGH on a known-malicious skill fingerprint match (malicious-pdf-helper@1.0.0). 2 MEDIUM on signature drift for previously-trusted skills.

Registry Stats

Metric Value
Skills tracked 87
Known-good fingerprints 79
Known-bad fingerprints 4
Unknown fingerprints 4
Drift events (30d) 7
Registry file reports/skill-registry.json

Signature Table

Skill Source Fingerprint (SHA-256, 8-hex) Status First seen
pdf-helper builtin a8f3e21d known-good 2026-01-12
story user 4c2b89f0 known-good 2026-02-08
malicious-pdf-helper npm 7e91d3a4 KNOWN-BAD 2026-04-22
story-v2 user 9f1c2e8b DRIFT (was 4c2b89f0) 2026-05-04
audit-helper community b3a7f29c DRIFT (was c814e7a1) 2026-05-03
pptx builtin d7e4a1f3 known-good 2026-01-12
capability-auditor community e2f9b483 unknown (new) 2026-05-05
persona-creator builtin 1a4c8e07 known-good 2026-01-12

Findings

High

ID Category Skill File Description OWASP
REG-001 Known-bad malicious-pdf-helper ~/.claude/skills/malicious-pdf-helper/SKILL.md Fingerprint matches 2026-04-22 advisory (data exfiltration via PDF metadata) LLM05

Medium

ID Category Skill File Description OWASP
REG-002 Drift story-v2 ~/.claude/skills/story-v2/SKILL.md Fingerprint changed since registry — verify legitimacy LLM05
REG-003 Drift audit-helper ~/.claude/skills/audit-helper/SKILL.md Fingerprint changed since registry — verify legitimacy LLM05

Low

ID Category Skill File Description OWASP
REG-004 Unknown capability-auditor ~/.claude/skills/capability-auditor/SKILL.md New community skill, no prior fingerprint — recommend manual review
REG-005 Stale unused-skill ~/.claude/skills/unused-skill/SKILL.md No invocations in 90 days — candidate for removal

Info

ID Category Skill File Description OWASP
REG-006 Coverage (registry) reports/skill-registry.json 87 skills tracked across 4 sources (builtin/user/community/npm)
REG-007 Coverage (cache) ~/.cache/llm-security/registry/ Cache size: 412 KB
REG-008 Coverage (cache) (TTL) Registry cache TTL: 24h
REG-009 Coverage (cache) (next sync) 17h until next registry sync
REG-010 History (audit) reports/registry-audit.jsonl 7 drift events in last 30 days, all on community skills

Recommendations

  1. Immediate: Disable or remove malicious-pdf-helper skill. Cross-reference with ~/.claude/skills/ and check if any agents reference it.
  2. High: Investigate signature drift on story-v2 and audit-helper. Compare against last-known-good fingerprint and re-register if legitimate update.
  3. Medium: Manually review capability-auditor (new, unknown). Run /security scan ~/.claude/skills/capability-auditor for full analysis.
  4. Low: Audit unused skills — unused-skill has had no invocations in 90d.

Registry scan complete. 87 skills, 1 known-bad, 2 drift events.