open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/plugins/llm-security-copilot/skills/clean/SKILL.md
Kjell Tore Guttormsen f418a8fe08 feat(llm-security-copilot): port llm-security v5.1.0 to GitHub Copilot CLI 
Full port of llm-security plugin for internal use on Windows with GitHub
Copilot CLI. Protocol translation layer (copilot-hook-runner.mjs)
normalizes Copilot camelCase I/O to Claude Code snake_case format — all
original hook scripts run unmodified.

- 8 hooks with protocol translation (stdin/stdout/exit code)
- 18 SKILL.md skills (Agent Skills Open Standard)
- 6 .agent.md agent definitions
- 20 scanners + 14 scanner lib modules (unchanged)
- 14 knowledge files (unchanged)
- 39 test files including copilot-port-verify.mjs (17 tests)
- Windows-ready: node:path, os.tmpdir(), process.execPath, no bash

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-09 21:56:10 +02:00

58 lines
1.8 KiB
Markdown
Raw Blame History

---
name: security-clean
description: Scan and remediate security findings — auto-fixes deterministic issues, confirms semi-auto with user, reports manual findings
---
# Security Clean
Scan, classify, and remediate security findings with user confirmation.
## Step 1: Parse Arguments
- Target path = `$ARGUMENTS` or current working directory
- `--dry-run` flag = report only, no changes
## Step 2: Create Backup
```bash
node <plugin-root>/scanners/lib/fs-utils.mjs backup "<target>"
```
## Step 3: Run Scan
```bash
node <plugin-root>/scanners/lib/fs-utils.mjs tmppath clean-findings.json
node <plugin-root>/scanners/scan-orchestrator.mjs "<target>" --output-file "<findings_file>"
```
Show banner with verdict, risk score, finding counts.
## Step 4: Auto-fix Deterministic Issues
```bash
node <plugin-root>/scanners/auto-cleaner.mjs "<target>" --findings "<findings_file>" [--dry-run]
```
Report: Applied, Skipped, Failed counts.
## Step 5: Semi-auto Remediation
For findings classified as semi-auto (entropy strings, permission mismatches, typosquatted deps, ghost hooks, suspicious URLs, credential access, hidden MCP directives, homoglyphs):
1. Read the referenced files and understand the surrounding context
2. Propose specific, minimal changes grouped by fix type
3. Present each proposal to the user for confirmation before applying
4. Apply confirmed changes via Edit tool
## Step 6: LLM Threat Scan
Read `<plugin-root>/knowledge/skill-threat-patterns.md`. Scan modified files for remaining threats. Report manual findings that require human judgment.
## Step 7: Validate and Report
Re-scan to verify fixes didn't introduce new issues. If validation fails, offer to restore from backup:
```bash
node <plugin-root>/scanners/lib/fs-utils.mjs restore "<target>"
```
Final report: pre/post comparison, fix summaries, remaining manual findings, rollback instructions.
Reference in a new issue View git blame Copy permalink