f418a8fe08
Full port of llm-security plugin for internal use on Windows with GitHub Copilot CLI. Protocol translation layer (copilot-hook-runner.mjs) normalizes Copilot camelCase I/O to Claude Code snake_case format — all original hook scripts run unmodified. - 8 hooks with protocol translation (stdin/stdout/exit code) - 18 SKILL.md skills (Agent Skills Open Standard) - 6 .agent.md agent definitions - 20 scanners + 14 scanner lib modules (unchanged) - 14 knowledge files (unchanged) - 39 test files including copilot-port-verify.mjs (17 tests) - Windows-ready: node:path, os.tmpdir(), process.execPath, no bash Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1.4 KiB
1.4 KiB
| name | description |
|---|---|
| security-posture | Quick security posture assessment — scorecard with grade, coverage status, and top recommendations |
Security Posture
Quick security scorecard — grade, coverage, top recommendations. Deterministic scanner, <2 sec.
Step 1: Resolve Plugin Root
Plugin root = the directory containing plugin.json, found by searching up from this file's location.
Step 2: Run Scanner
node <plugin-root>/scanners/posture-scanner.mjs $ARGUMENTS
If $ARGUMENTS is empty, scan the current working directory.
Parse the JSON output: scoring.grade (A-F), scoring.pass_rate, risk.score (0-100), risk.band, risk.verdict, categories[], findings[], counts.
Step 3: Format Scorecard
# Security Posture — [project name]
| Field | Value |
|-------|-------|
| **Grade** | [A-F] |
| **Risk Score** | [N]/100 ([band]) |
| **Verdict** | [verdict] |
## Category Scorecard
| # | Category | Status | Findings |
|---|----------|--------|----------|
[one row per category, status as PASS/PARTIAL/FAIL/N-A]
## Top Findings
[List critical and high findings with title and recommendation]
## Quick Wins
[List low-effort fixes from findings]
Step 4: Closing
- Grade A/B: "Posture solid. Re-run after major changes."
- Grade C: "Run the audit skill for detailed findings."
- Grade D/F: "Significant exposure. Run audit before production use."