open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/plugins/llm-security-copilot/skills/plugin-audit/SKILL.md
Kjell Tore Guttormsen f418a8fe08 feat(llm-security-copilot): port llm-security v5.1.0 to GitHub Copilot CLI 
Full port of llm-security plugin for internal use on Windows with GitHub
Copilot CLI. Protocol translation layer (copilot-hook-runner.mjs)
normalizes Copilot camelCase I/O to Claude Code snake_case format — all
original hook scripts run unmodified.

- 8 hooks with protocol translation (stdin/stdout/exit code)
- 18 SKILL.md skills (Agent Skills Open Standard)
- 6 .agent.md agent definitions
- 20 scanners + 14 scanner lib modules (unchanged)
- 14 knowledge files (unchanged)
- 39 test files including copilot-port-verify.mjs (17 tests)
- Windows-ready: node:path, os.tmpdir(), process.execPath, no bash

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-09 21:56:10 +02:00

57 lines
2 KiB
Markdown
Raw Blame History

---
name: security-plugin-audit
description: Audit a plugin for security risks, permission analysis, and trust assessment before installation
---
# Plugin Audit
Dedicated plugin security audit with trust verdict. Accepts local paths or repository URLs.
## Step 1: Resolve Target
- If `$ARGUMENTS` starts with `https://` → clone the repo:
```bash
node <plugin-root>/scanners/lib/git-clone.mjs clone "<url>" [--branch <branch>]
```
Set `clone_path` and `target`.
- Otherwise → `target = $ARGUMENTS` or current directory
## IMPORTANT: Cleanup Guarantee (remote)
If cloned, cleanup MUST run regardless of outcome:
```bash
node <plugin-root>/scanners/lib/git-clone.mjs cleanup "<clone_path>"
```
## Step 2: Pre-extraction (remote only)
```bash
node <plugin-root>/scanners/lib/fs-utils.mjs tmppath "plugin-extract.json"
node <plugin-root>/scanners/content-extractor.mjs "<target>" --output-file "<evidence_file>"
```
## Step 3: Inventory
Read plugin manifest (plugin.json). Glob for all components: commands, agents, hooks, skills, MCP configs. Build permission matrix: what tools each component can access.
## Step 4: Security Analysis
Read `<plugin-root>/knowledge/skill-threat-patterns.md` and `<plugin-root>/knowledge/secrets-patterns.md`.
Analyze all files for 7 threat categories. If remote, analyze from evidence package (never read untrusted files directly). Check hook registration vs scripts (ghost hooks). Cross-reference description vs tools permissions.
## Step 5: Report
Output: Plugin metadata, component inventory, permission matrix, hook analysis, all findings by severity.
**Trust Verdict:**
- **Install** — No critical or high findings, permissions appropriate
- **Review** — High findings present but potentially justified, manual review recommended
- **Do Not Install** — Critical findings, active exfiltration, or injection detected
## Step 6: Cleanup
```bash
node <plugin-root>/scanners/lib/git-clone.mjs cleanup "<clone_path>"
node <plugin-root>/scanners/lib/fs-utils.mjs cleanup "<evidence_file>"
```
Reference in a new issue View git blame Copy permalink