Kjell Tore Guttormsen
ce3891bdd0
Single-file SPA playground har nå parser + renderer for alle 18 produces_report=true-kommandoer (Fase 2: 10 høy-prio + Fase 3: 8 gjenstående: mcp-inspect, supply-check, pre-deploy, diff, watch, registry, clean, threat-model). 18 markdown test-fixtures fungerer som kontrakt-anker for parser-utvikling. Komplett demo-prosjekt `dft-komplett-demo` har alle 18 rapporter ferdig parsed inline — klikk-gjennom uten "parser ikke implementert"- paneler. 2 nye archetypes i KEY_STATS_CONFIG: kanban-buckets (clean) og matrix-risk (threat-model). Bug-fix: normalizeVerdictText sjekker nå GO-WITH-CONDITIONS / CONDITIONAL / BETINGET FØR plain GO så betinget verdict (pre-deploy med åpne vilkår) ikke kollapser til ALLOW. Eksponert 11 window-globaler for testing/automasjon (__store, __navigate, __loadDemoState, __PARSERS, __RENDERERS, __CATALOG, __inferVerdict, __inferKeyStats, __renderPageShell, __handlePasteImport, __scheduleRender). 12 Playwright-genererte screenshots i playground/screenshots/v7.5.0/. A11Y-rapport (WCAG 2.1 AA): 0 blokkerende, 3 mindre forbedringer flagget for v7.5.x patch (skip-link, heading-hierarki på project, aria-live toast). Versjonsbump 7.4.0 -> 7.5.0 i 10 filer (package.json, plugin.json, CLAUDE.md header, README badge, CHANGELOG-entry, 3 scanner VERSION- konstanter, ROADMAP, marketplace-rot README). Ingen scanner- eller hook-behavior-changes — purely additive surface. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2.2 KiB
2.2 KiB
Security Dashboard — Machine-wide
Header
| Field | Value |
|---|---|
| Report type | dashboard |
| Target | machine-wide (5 projects) |
| Date | 2026-05-05 |
| Version | llm-security v7.4.0 |
| Scope | all Claude Code projects under ~/ + ~/.claude/plugins/ |
| Frameworks | OWASP LLM Top 10 |
| Triggered by | /security dashboard |
Risk Dashboard
| Metric | Value |
|---|---|
| Machine Grade | C (weakest link) |
| Projects Scanned | 5 |
| Total Findings | 87 |
| Scan Time | 8.4s |
| Cache | Cached (3h old) |
| Severity | Count |
|---|---|
| Critical | 1 |
| High | 12 |
| Medium | 28 |
| Low | 24 |
| Info | 22 |
| Total | 87 |
Verdict rationale: Machine grade is weakest-link rule. The from-ai-to-chitta project (Grade D) drags machine to C. Resolving that project would lift machine to B.
Project Overview
| Project | Grade | Risk | Worst Category | Findings |
|---|---|---|---|---|
| from-ai-to-chitta | D | 56 | MCP Trust | 32 |
| dft-marketplace | C | 31 | Logging & Audit | 28 |
| airbnb-mcp-plugin | C | 41 | Permissions | 14 |
| ktg-plugin-marketplace | B | 22 | Skill Hygiene | 9 |
| nightly-utils | A | 4 | — | 4 |
Trend (since last scan)
| Project | Trend | Δ Risk | Δ Findings |
|---|---|---|---|
| from-ai-to-chitta | worse | +12 | +6 |
| dft-marketplace | stable | 0 | -1 |
| airbnb-mcp-plugin | stable | -2 | 0 |
| ktg-plugin-marketplace | better | -7 | -3 |
| nightly-utils | stable | 0 | 0 |
Errors
No projects failed to scan in this run.
Recommendations
- Priority: Investigate
from-ai-to-chitta— only Grade D project. Run/security audit ~/repos/from-ai-to-chittafor category-level breakdown. - Quick win: Apply audit-trail fix to
dft-marketplace(already identified, 30 min) → likely lifts to Grade B. - Maintenance: Re-run
/security plugin-auditonairbnb-mcp-pluginafter maintainer responds to permission-clarification issue.
Estimated effort to Machine Grade B: 4 hours (focused on from-ai-to-chitta + dft-marketplace).
Dashboard complete. 5 projects, machine grade C.