open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/plugins/llm-security-copilot/skills/security/SKILL.md
Kjell Tore Guttormsen f418a8fe08 feat(llm-security-copilot): port llm-security v5.1.0 to GitHub Copilot CLI 
Full port of llm-security plugin for internal use on Windows with GitHub
Copilot CLI. Protocol translation layer (copilot-hook-runner.mjs)
normalizes Copilot camelCase I/O to Claude Code snake_case format — all
original hook scripts run unmodified.

- 8 hooks with protocol translation (stdin/stdout/exit code)
- 18 SKILL.md skills (Agent Skills Open Standard)
- 6 .agent.md agent definitions
- 20 scanners + 14 scanner lib modules (unchanged)
- 14 knowledge files (unchanged)
- 39 test files including copilot-port-verify.mjs (17 tests)
- Windows-ready: node:path, os.tmpdir(), process.execPath, no bash

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-09 21:56:10 +02:00

3 KiB
Raw Blame History

name description
security LLM Security — security scanning, auditing, and threat modeling for AI coding agent projects

LLM Security Plugin

Security scanning, auditing, and threat modeling. Based on OWASP LLM Top 10 (2025), Agentic AI Top 10, Skills Top 10, MCP Top 10, and DeepMind Agent Traps.

Skills

Skill Description When to use
scan [path|url] Scan skills, MCP servers, directories, or repos Before installing a new skill or MCP server
scan [path|url] --deep Enhanced scan: LLM + 10 deterministic scanners Deep analysis with entropy, taint, git forensics
deep-scan [path] 10 deterministic scanners only (no LLM agents) Fast, reproducible, deterministic-only analysis
audit Full project security audit with A-F grading Periodic review (monthly recommended)
plugin-audit [path|url] Plugin security audit with trust verdict Before installing a third-party plugin
mcp-audit [--live] MCP server config audit After adding MCP servers or on suspicion
mcp-inspect Live MCP server inspection Verify running servers have safe tool descriptions
posture Quick security posture scorecard Daily/weekly health check
threat-model Interactive STRIDE/MAESTRO threat modeling When designing new architecture
diff [path] Compare scan against stored baseline Track security changes over time
watch [path] [--interval 6h] Continuous monitoring — diff on interval Ongoing security monitoring
clean [path] Scan and remediate findings Sanitizing third-party plugin before install
supply-check [path] Re-audit installed deps Periodic dependency audit
dashboard Cross-project security dashboard Machine-wide health check
harden [path] Generate Grade A security config Hardening a new or existing project
red-team [--category] Attack simulation against hooks Verify hooks block what they claim
pre-deploy Pre-deployment security checklist Before pushing to production
registry [scan|search] Skill signature registry Track scanned skills

What's Protected (Hooks)

This plugin includes automated security hooks that run on every operation:

Hook Protects Against
Secret detection API keys, tokens, passwords in code
Path guarding Writes to .env, .ssh, credentials files
Destructive command blocking rm -rf, force push, pipe-to-shell
Supply chain protection Compromised packages, typosquats
Prompt injection scanning Injection attempts in user prompts
MCP output verification Data leakage in tool outputs
Session monitoring Lethal trifecta detection (untrusted input + sensitive data + exfil)

Quick Start

  • New to security? Start with posture for a quick health check
  • Evaluating a plugin? Run plugin-audit path/to/plugin
  • Full analysis? Run scan . --deep to combine LLM + deterministic scanners
  • Machine-wide overview? Run dashboard