llm-security/templates/archive/posture-scorecard.md
Kjell Tore Guttormsen f153f969a0 feat(ultraplan-local): v1.6.0 — /ultraresearch-local deep research command
Add /ultraresearch-local for structured research combining local codebase
analysis with external knowledge via parallel agent swarms. Produces research
briefs with triangulation, confidence ratings, and source quality assessment.

New command: /ultraresearch-local with modes --quick, --local, --external, --fg.
New agents: research-orchestrator (opus), docs-researcher, community-researcher,
security-researcher, contrarian-researcher, gemini-bridge (all sonnet).
New template: research-brief-template.md.

Integration: --research flag in /ultraplan-local accepts pre-built research
briefs (up to 3), enriches the interview and exploration phases. Planning
orchestrator cross-references brief findings during synthesis.

Design principle: Context Engineering — right information to right agent at
right time. Research briefs are structured artifacts in the pipeline:
ultraresearch → brief → ultraplan --research → plan → ultraexecute.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-08 08:58:35 +02:00

6.6 KiB
Raw Blame History

Security Posture Scorecard


Header

Project: [Name of the project or directory assessed] Assessment date: [ISO 8601 — e.g. 2026-02-19] Assessed by: llm-security plugin v[X.X] — posture-assessor-agent Mode: Quick assessment (for full audit run /security audit)


Overall Score

[N] / 9 categories covered

[==========>    ] [N]/9   [Rating label]

Rating labels by score:

  • 9/9 — Fully secured
  • 78/9 — Well secured
  • 56/9 — Partially secured
  • 34/9 — Significant gaps
  • 02/9 — Critical gaps

One-line verdict: [e.g. "3 gaps require immediate attention before this plugin is safe for production use."]


Category Scorecard

Each category is marked with one of four indicators:

  • COVERED — Control is in place and effective
  • PARTIAL — Control exists but has gaps
  • GAP — Control is absent or broken
  • N/A — Not applicable to this project
# Category Status Notes
1 Deny-First Configuration [COVERED / PARTIAL / GAP / N/A] [12 lines: what is in place or what is missing]
2 Secrets Protection [COVERED / PARTIAL / GAP / N/A] [12 lines]
3 Path Guarding [COVERED / PARTIAL / GAP / N/A] [12 lines]
4 MCP Server Trust [COVERED / PARTIAL / GAP / N/A] [12 lines]
5 Destructive Command Blocking [COVERED / PARTIAL / GAP / N/A] [12 lines]
6 Sandbox Configuration [COVERED / PARTIAL / GAP / N/A] [12 lines]
7 Human Review Requirements [COVERED / PARTIAL / GAP / N/A] [12 lines]
8 Skill and Plugin Sources [COVERED / PARTIAL / GAP / N/A] [12 lines]
9 Session Isolation [COVERED / PARTIAL / GAP / N/A] [12 lines]

Category Detail

1. Deny-First Configuration

[What deny-first controls were found, or what is missing. Reference specific config files if present.]

2. Secrets Protection

[Describe hook coverage, .gitignore patterns, and any hardcoded secrets found. Redact actual values.]

3. Path Guarding

[Which sensitive paths are guarded. List any unprotected paths that should be blocked.]

4. MCP Server Trust

[Number of MCP servers found. Trust status for each: verified / unverified / local-only.]

5. Destructive Command Blocking

[Hook presence. Which destructive patterns are blocked. Any patterns that are missing.]

6. Sandbox Configuration

[Network access scope, file system scope, any overly permissive settings found.]

7. Human Review Requirements

[Whether high-impact operations require confirmation. Examples of confirmation gates found or absent.]

8. Skill and Plugin Sources

[Number of plugins/skills. Source verification status. Any plugins from unverified sources.]

9. Session Isolation

[How context is shared between agents and sessions. Any cross-session state leakage risks.]


Top 3 Recommendations

These are the highest-impact actions to improve posture, ordered by urgency.

1. [Title of recommendation] Category: [Category name] Risk: [What could happen if not addressed] Action: [Specific step to take] Effort: [Low / Medium / High]

2. [Title of recommendation] Category: [Category name] Risk: [What could happen if not addressed] Action: [Specific step to take] Effort: [Low / Medium / High]

3. [Title of recommendation] Category: [Category name] Risk: [What could happen if not addressed] Action: [Specific step to take] Effort: [Low / Medium / High]


Quick Wins

Things that can be fixed in under 5 minutes with no architectural changes.

  • [Quick win action — e.g. "Add .env to .gitignore"]
  • [Quick win action — e.g. "Enable pre-edit-secrets hook from claude-code-essentials"]
  • [Quick win action — e.g. "Remove hardcoded API key on line 42 of config.json"]

If no quick wins are identified, write: "No quick wins identified — improvements require architectural changes."


Baseline Comparison

What a fully secured Claude Code project looks like vs. this project.

Category Fully Secured This Project
Deny-First Configuration defaultPermissionLevel: deny in settings [Current state]
Secrets Protection Hook active + .env gitignored + no hardcoded secrets [Current state]
Path Guarding pre-write-pathguard hook blocks sensitive paths [Current state]
MCP Server Trust All servers verified, minimal scope, auth required [Current state]
Destructive Command Blocking pre-bash-destructive hook with comprehensive patterns [Current state]
Sandbox Configuration Network and filesystem access scoped to project [Current state]
Human Review Requirements Confirmation gates before irreversible operations [Current state]
Skill and Plugin Sources All plugins from verified sources, minimal permissions [Current state]
Session Isolation No cross-session state leakage, minimal context sharing [Current state]

Gap summary: [N] of 9 categories match the fully secured baseline. [N] have partial coverage. [N] have no coverage.


Field Value
llm-security version [e.g. 0.1.0]
Assessment engine posture-assessor-agent
Full audit command /security audit
Report generated [ISO 8601 timestamp]