f418a8fe08
Full port of llm-security plugin for internal use on Windows with GitHub Copilot CLI. Protocol translation layer (copilot-hook-runner.mjs) normalizes Copilot camelCase I/O to Claude Code snake_case format — all original hook scripts run unmodified. - 8 hooks with protocol translation (stdin/stdout/exit code) - 18 SKILL.md skills (Agent Skills Open Standard) - 6 .agent.md agent definitions - 20 scanners + 14 scanner lib modules (unchanged) - 14 knowledge files (unchanged) - 39 test files including copilot-port-verify.mjs (17 tests) - Windows-ready: node:path, os.tmpdir(), process.execPath, no bash Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
52 lines
3 KiB
Markdown
52 lines
3 KiB
Markdown
---
|
|
name: security
|
|
description: LLM Security — security scanning, auditing, and threat modeling for AI coding agent projects
|
|
---
|
|
|
|
# LLM Security Plugin
|
|
|
|
Security scanning, auditing, and threat modeling. Based on OWASP LLM Top 10 (2025), Agentic AI Top 10, Skills Top 10, MCP Top 10, and DeepMind Agent Traps.
|
|
|
|
## Skills
|
|
|
|
| Skill | Description | When to use |
|
|
|-------|-------------|-------------|
|
|
| `scan [path\|url]` | Scan skills, MCP servers, directories, or repos | Before installing a new skill or MCP server |
|
|
| `scan [path\|url] --deep` | Enhanced scan: LLM + 10 deterministic scanners | Deep analysis with entropy, taint, git forensics |
|
|
| `deep-scan [path]` | 10 deterministic scanners only (no LLM agents) | Fast, reproducible, deterministic-only analysis |
|
|
| `audit` | Full project security audit with A-F grading | Periodic review (monthly recommended) |
|
|
| `plugin-audit [path\|url]` | Plugin security audit with trust verdict | Before installing a third-party plugin |
|
|
| `mcp-audit [--live]` | MCP server config audit | After adding MCP servers or on suspicion |
|
|
| `mcp-inspect` | Live MCP server inspection | Verify running servers have safe tool descriptions |
|
|
| `posture` | Quick security posture scorecard | Daily/weekly health check |
|
|
| `threat-model` | Interactive STRIDE/MAESTRO threat modeling | When designing new architecture |
|
|
| `diff [path]` | Compare scan against stored baseline | Track security changes over time |
|
|
| `watch [path] [--interval 6h]` | Continuous monitoring — diff on interval | Ongoing security monitoring |
|
|
| `clean [path]` | Scan and remediate findings | Sanitizing third-party plugin before install |
|
|
| `supply-check [path]` | Re-audit installed deps | Periodic dependency audit |
|
|
| `dashboard` | Cross-project security dashboard | Machine-wide health check |
|
|
| `harden [path]` | Generate Grade A security config | Hardening a new or existing project |
|
|
| `red-team [--category]` | Attack simulation against hooks | Verify hooks block what they claim |
|
|
| `pre-deploy` | Pre-deployment security checklist | Before pushing to production |
|
|
| `registry [scan\|search]` | Skill signature registry | Track scanned skills |
|
|
|
|
## What's Protected (Hooks)
|
|
|
|
This plugin includes automated security hooks that run on every operation:
|
|
|
|
| Hook | Protects Against |
|
|
|------|-----------------|
|
|
| Secret detection | API keys, tokens, passwords in code |
|
|
| Path guarding | Writes to .env, .ssh, credentials files |
|
|
| Destructive command blocking | rm -rf, force push, pipe-to-shell |
|
|
| Supply chain protection | Compromised packages, typosquats |
|
|
| Prompt injection scanning | Injection attempts in user prompts |
|
|
| MCP output verification | Data leakage in tool outputs |
|
|
| Session monitoring | Lethal trifecta detection (untrusted input + sensitive data + exfil) |
|
|
|
|
## Quick Start
|
|
|
|
- **New to security?** Start with `posture` for a quick health check
|
|
- **Evaluating a plugin?** Run `plugin-audit path/to/plugin`
|
|
- **Full analysis?** Run `scan . --deep` to combine LLM + deterministic scanners
|
|
- **Machine-wide overview?** Run `dashboard`
|