open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/plugins/llm-security-copilot/skills/posture/SKILL.md
Kjell Tore Guttormsen f418a8fe08 feat(llm-security-copilot): port llm-security v5.1.0 to GitHub Copilot CLI 
Full port of llm-security plugin for internal use on Windows with GitHub
Copilot CLI. Protocol translation layer (copilot-hook-runner.mjs)
normalizes Copilot camelCase I/O to Claude Code snake_case format — all
original hook scripts run unmodified.

- 8 hooks with protocol translation (stdin/stdout/exit code)
- 18 SKILL.md skills (Agent Skills Open Standard)
- 6 .agent.md agent definitions
- 20 scanners + 14 scanner lib modules (unchanged)
- 14 knowledge files (unchanged)
- 39 test files including copilot-port-verify.mjs (17 tests)
- Windows-ready: node:path, os.tmpdir(), process.execPath, no bash

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-09 21:56:10 +02:00

54 lines
1.4 KiB
Markdown
Raw Blame History

---
name: security-posture
description: Quick security posture assessment — scorecard with grade, coverage status, and top recommendations
---
# Security Posture
Quick security scorecard — grade, coverage, top recommendations. Deterministic scanner, <2 sec.
## Step 1: Resolve Plugin Root
Plugin root = the directory containing `plugin.json`, found by searching up from this file's location.
## Step 2: Run Scanner
```bash
node <plugin-root>/scanners/posture-scanner.mjs $ARGUMENTS
```
If `$ARGUMENTS` is empty, scan the current working directory.
Parse the JSON output: `scoring.grade` (A-F), `scoring.pass_rate`, `risk.score` (0-100), `risk.band`, `risk.verdict`, `categories[]`, `findings[]`, `counts`.
## Step 3: Format Scorecard
```
# Security Posture — [project name]
| Field | Value |
|-------|-------|
| **Grade** | [A-F] |
| **Risk Score** | [N]/100 ([band]) |
| **Verdict** | [verdict] |
## Category Scorecard
| # | Category | Status | Findings |
|---|----------|--------|----------|
[one row per category, status as PASS/PARTIAL/FAIL/N-A]
## Top Findings
[List critical and high findings with title and recommendation]
## Quick Wins
[List low-effort fixes from findings]
```
## Step 4: Closing
- Grade A/B: "Posture solid. Re-run after major changes."
- Grade C: "Run the audit skill for detailed findings."
- Grade D/F: "Significant exposure. Run audit before production use."
Reference in a new issue View git blame Copy permalink