open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/plugins/llm-security-copilot/skills/clean/SKILL.md
Kjell Tore Guttormsen f418a8fe08 feat(llm-security-copilot): port llm-security v5.1.0 to GitHub Copilot CLI 
Full port of llm-security plugin for internal use on Windows with GitHub
Copilot CLI. Protocol translation layer (copilot-hook-runner.mjs)
normalizes Copilot camelCase I/O to Claude Code snake_case format — all
original hook scripts run unmodified.

- 8 hooks with protocol translation (stdin/stdout/exit code)
- 18 SKILL.md skills (Agent Skills Open Standard)
- 6 .agent.md agent definitions
- 20 scanners + 14 scanner lib modules (unchanged)
- 14 knowledge files (unchanged)
- 39 test files including copilot-port-verify.mjs (17 tests)
- Windows-ready: node:path, os.tmpdir(), process.execPath, no bash

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-09 21:56:10 +02:00

1.8 KiB
Raw Blame History

name description
security-clean Scan and remediate security findings — auto-fixes deterministic issues, confirms semi-auto with user, reports manual findings

Security Clean

Scan, classify, and remediate security findings with user confirmation.

Step 1: Parse Arguments

  • Target path = $ARGUMENTS or current working directory
  • --dry-run flag = report only, no changes

Step 2: Create Backup

node <plugin-root>/scanners/lib/fs-utils.mjs backup "<target>"

Step 3: Run Scan

node <plugin-root>/scanners/lib/fs-utils.mjs tmppath clean-findings.json
node <plugin-root>/scanners/scan-orchestrator.mjs "<target>" --output-file "<findings_file>"

Show banner with verdict, risk score, finding counts.

Step 4: Auto-fix Deterministic Issues

node <plugin-root>/scanners/auto-cleaner.mjs "<target>" --findings "<findings_file>" [--dry-run]

Report: Applied, Skipped, Failed counts.

Step 5: Semi-auto Remediation

For findings classified as semi-auto (entropy strings, permission mismatches, typosquatted deps, ghost hooks, suspicious URLs, credential access, hidden MCP directives, homoglyphs):

  1. Read the referenced files and understand the surrounding context
  2. Propose specific, minimal changes grouped by fix type
  3. Present each proposal to the user for confirmation before applying
  4. Apply confirmed changes via Edit tool

Step 6: LLM Threat Scan

Read <plugin-root>/knowledge/skill-threat-patterns.md. Scan modified files for remaining threats. Report manual findings that require human judgment.

Step 7: Validate and Report

Re-scan to verify fixes didn't introduce new issues. If validation fails, offer to restore from backup:

node <plugin-root>/scanners/lib/fs-utils.mjs restore "<target>"

Final report: pre/post comparison, fix summaries, remaining manual findings, rollback instructions.