open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/plugins/llm-security-copilot/skills/deep-scan/SKILL.md
Kjell Tore Guttormsen f418a8fe08 feat(llm-security-copilot): port llm-security v5.1.0 to GitHub Copilot CLI 
Full port of llm-security plugin for internal use on Windows with GitHub
Copilot CLI. Protocol translation layer (copilot-hook-runner.mjs)
normalizes Copilot camelCase I/O to Claude Code snake_case format — all
original hook scripts run unmodified.

- 8 hooks with protocol translation (stdin/stdout/exit code)
- 18 SKILL.md skills (Agent Skills Open Standard)
- 6 .agent.md agent definitions
- 20 scanners + 14 scanner lib modules (unchanged)
- 14 knowledge files (unchanged)
- 39 test files including copilot-port-verify.mjs (17 tests)
- Windows-ready: node:path, os.tmpdir(), process.execPath, no bash

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-09 21:56:10 +02:00

42 lines
1.9 KiB
Markdown
Raw Blame History

---
name: security-deep-scan
description: Run deterministic deep-scan — 10 Node.js scanners for Unicode attacks, entropy analysis, permission mapping, dependency auditing, taint tracing, git forensics, network mapping, memory poisoning, supply chain recheck, and toxic flow analysis
---
# Deep Scan
10 deterministic Node.js scanners — entropy, Unicode, typosquatting, git forensics, taint tracing, dep audit, network mapping, memory poisoning, supply chain recheck, toxic flow analysis.
## Step 1: Setup
- If `$ARGUMENTS` is empty, target = current working directory. Otherwise target = `$ARGUMENTS` (strip `--deep` if present).
- Create a temporary file path for results (e.g. using `node -p "require('path').join(require('os').tmpdir(), 'deep-scan-results.json')"`).
## Step 2: Run Orchestrator
```bash
node <plugin-root>/scanners/scan-orchestrator.mjs "<target>" --output-file "<results_file>"
```
Exit codes: 0=ALLOW, 1=WARNING, 2=BLOCK. Stdout = compact aggregate JSON. Full results in file.
## Step 3: Show Banner
```
## Deep Scan: [VERDICT]
Risk Score: X/100 | Findings: XC XH XM XL XI
Scanners: X ok, X error, X skipped
```
## Step 4: Synthesize Report
Read the full results from `<results_file>`. Also read `<plugin-root>/knowledge/mitigation-matrix.md` for remediation context.
Produce a complete report with:
1. **Executive Summary** — 3-5 sentences: posture assessment, dominant issue themes, intent assessment
2. **Per-Scanner Details** — Group findings by severity (CRITICAL first). Highlight important findings, explain implications.
3. **Toxic Flow Analysis** — If toxic-flow findings exist, show the trifecta chain legs (Input, Access, Exfil) with evidence
4. **Recommendations** — Prioritized by urgency. Include finding IDs and actionable fix steps.
5. **OWASP Coverage** — Map findings to OWASP LLM Top 10 and Agentic AI Top 10 categories.
Do NOT invent findings. Do NOT downplay CRITICAL or HIGH severity issues.
Reference in a new issue View git blame Copy permalink