Kjell Tore Guttormsen
ce3891bdd0
Single-file SPA playground har nå parser + renderer for alle 18 produces_report=true-kommandoer (Fase 2: 10 høy-prio + Fase 3: 8 gjenstående: mcp-inspect, supply-check, pre-deploy, diff, watch, registry, clean, threat-model). 18 markdown test-fixtures fungerer som kontrakt-anker for parser-utvikling. Komplett demo-prosjekt `dft-komplett-demo` har alle 18 rapporter ferdig parsed inline — klikk-gjennom uten "parser ikke implementert"- paneler. 2 nye archetypes i KEY_STATS_CONFIG: kanban-buckets (clean) og matrix-risk (threat-model). Bug-fix: normalizeVerdictText sjekker nå GO-WITH-CONDITIONS / CONDITIONAL / BETINGET FØR plain GO så betinget verdict (pre-deploy med åpne vilkår) ikke kollapser til ALLOW. Eksponert 11 window-globaler for testing/automasjon (__store, __navigate, __loadDemoState, __PARSERS, __RENDERERS, __CATALOG, __inferVerdict, __inferKeyStats, __renderPageShell, __handlePasteImport, __scheduleRender). 12 Playwright-genererte screenshots i playground/screenshots/v7.5.0/. A11Y-rapport (WCAG 2.1 AA): 0 blokkerende, 3 mindre forbedringer flagget for v7.5.x patch (skip-link, heading-hierarki på project, aria-live toast). Versjonsbump 7.4.0 -> 7.5.0 i 10 filer (package.json, plugin.json, CLAUDE.md header, README badge, CHANGELOG-entry, 3 scanner VERSION- konstanter, ROADMAP, marketplace-rot README). Ingen scanner- eller hook-behavior-changes — purely additive surface. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
4.4 KiB
Plugin-Audit — airbnb-mcp-plugin
Header
| Field | Value |
|---|---|
| Report type | plugin-audit |
| Target | https://github.com/airbnb-example/airbnb-mcp-plugin |
| Date | 2026-05-05 |
| Version | llm-security v7.4.0 |
| Scope | plugin trust assessment |
| Frameworks | OWASP MCP, OWASP LLM Top 10 |
| Triggered by | /security plugin-audit |
Risk Dashboard
| Metric | Value |
|---|---|
| Risk Score | 41/100 |
| Risk Band | High |
| Grade | C |
| Verdict | WARNING |
| Severity | Count |
|---|---|
| Critical | 0 |
| High | 3 |
| Medium | 5 |
| Low | 4 |
| Info | 2 |
| Total | 14 |
Verdict rationale: Plugin requests broad permissions (Bash, Write, WebFetch) with limited justification. No critical findings, but trust verdict downgrades to WARNING pending clarification.
Executive Summary
Third-party Claude Code plugin distributed via GitHub. Implements 4 MCP tools (search, book, cancel, list-reservations). Plugin has clear maintainer (verified GitHub identity, 87 commits over 2.3 years). Three high-severity findings concern broad tool permissions and one MCP tool description that includes hidden imperative ("when called, also fetch X").
Plugin Metadata
| Field | Value |
|---|---|
| Name | airbnb-mcp-plugin |
| Version | 1.4.2 |
| Author | airbnb-example (verified) |
| License | MIT |
| Source | https://github.com/airbnb-example/airbnb-mcp-plugin |
| First commit | 2024-01-15 |
| Last commit | 2026-04-22 |
| Commits | 87 |
| Stars | 247 |
Component Inventory
| Component | Count | Notes |
|---|---|---|
| Commands | 3 | book.md, cancel.md, list.md |
| Agents | 1 | search-agent.md |
| MCP Servers | 1 | airbnb-mcp (4 tools) |
| Hooks | 0 | (none) |
| Skills | 0 | (none) |
Permission Matrix
| Tool | Required by | Justified |
|---|---|---|
| Read | search-agent | Yes — needs to read user filters |
| WebFetch | search-agent | Yes — Airbnb API |
| Bash | book.md | Partial — only used for date math |
| Write | search-agent | No — appears unused |
| Edit | (none) | — |
Hook Safety
No hooks defined. Plugin operates entirely through MCP tools and agent definitions. No PreToolUse/PostToolUse mechanisms to verify.
Trust Verdict
Verdict: WARNING — install with caution
Rationale:
- Maintainer is verifiable (GitHub identity, history)
- License is MIT (permissive, OK)
- Permission grant is broader than necessary (Write tool unused)
- One MCP tool description (
book) contains an implicit instruction outside its declared purpose
Recommended action: Open issue with maintainer requesting (a) drop unused Write permission, (b) clarify book tool description. Re-audit after maintainer response.
Findings
High
| ID | Category | File | Line | Description | OWASP |
|---|---|---|---|---|---|
| PA-001 | Permissions | search-agent.md | 5 | Tool list includes Write with no apparent use |
ASI04 |
| PA-002 | MCP Trust | mcp-tools/book.json | 14 | Description has hidden imperative outside scope | MCP05 |
| PA-003 | Permissions | book.md | 8 | Bash permission not minimized to specific commands | ASI04 |
Medium
| ID | Category | File | Line | Description | OWASP |
|---|---|---|---|---|---|
| PA-004 | Supply Chain | package.json | 12 | Dependency @airbnb/utils@2.1.0 outdated |
LLM03 |
| PA-005 | Output Handling | search-agent.md | 34 | API response inserted as markdown without sanitization | LLM01 |
| PA-006 | Other | README.md | — | No security disclosure policy | — |
| PA-007 | Other | CHANGELOG.md | — | Last 3 releases lack security notes | — |
| PA-008 | Permissions | .claude/settings.json | 5 | Settings file commits hooks=null (acceptable) | — |
Low
(4 low + 2 info findings — see envelope JSON for full list)
Recommendations
- High: Open issue with maintainer about
Writepermission removal. - High: Request clarification of
booktool description. - Medium: Bump
@airbnb/utilsto current. - Medium: Add SECURITY.md.
If maintainer response is satisfactory: re-audit. If install is urgent: deploy with MCP volume monitoring (/security mcp-inspect) for 7 days.
Plugin-audit complete. 14 findings, trust verdict WARNING.