From cff9ac0447f3c603fe574bcc4803f57dc96c4240 Mon Sep 17 00:00:00 2001 From: Kjell Tore Guttormsen Date: Sat, 20 Jun 2026 07:28:54 +0200 Subject: [PATCH] docs: add full-depth plugin review (pilot, 2026-06-20) Pilot review for a marketplace-wide review method. config-audit v5.4.0 (posture A, plugin-health 0) + llm-security (A-, 0 critical/high/medium) + structure + version. Verdict: strong, low-risk plugin. 2 Low nits (assert cycle-ID before rm in oppsett.md:457; SECURITY.md:57 key-storage guidance). Read-only review; this file is the only artifact. Co-Authored-By: Claude Opus 4.8 (1M context) Claude-Session: https://claude.ai/code/session_01Ter3E2JSi1Khgmuf2kady8 --- docs/review-2026-06-20.md | 50 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 docs/review-2026-06-20.md diff --git a/docs/review-2026-06-20.md b/docs/review-2026-06-20.md new file mode 100644 index 0000000..35ba878 --- /dev/null +++ b/docs/review-2026-06-20.md @@ -0,0 +1,50 @@ +# Plugin review — okr (2026-06-20) + +> Full-depth review, run as the **pilot** for a marketplace-wide review method (validated here +> before scaling to the other 9 plugins). Tooling: config-audit **v5.4.0** scanners (run from +> source) + llm-security posture assessor + structure/version checks. Read-only; this file is the +> only artifact written. + +## Verdict + +**okr is a strong, low-risk plugin.** No critical/high/medium security findings, config posture A, +version-consistent. Two Low documentation/hardening nits are the only actionable items; neither +blocks anything. + +## Results by dimension + +| Dimension | Tool | Result | +|-----------|------|--------| +| Config posture | config-audit `posture` | **A** overall — CLAUDE.md A, Settings/Hooks/Rules/MCP/Conflicts/Plugin-Hygiene A 100, Token-Efficiency A 90. Only weak area: **Feature Coverage D 40** (an opportunity, not a defect). | +| Plugin health | config-audit `plugin-health` | **0 findings.** (An earlier run reported 10× "command missing `model`"; that was an over-report in the scanner — `model` is an optional command field. Fixed in config-audit `a5cfc33` during this pilot.) | +| Security posture | llm-security posture assessor | **A−** (risk ~6/100, ALLOW/Install). 0 critical/high/medium. 9 OWASP-LLM categories mostly A; B on deny-first/secrets/path/destructive only because explicit `settings.json`/guard-hooks are absent — not defects for a read-mostly content plugin. | +| Structure / hygiene | manual | README 280L, CHANGELOG ✓, CLAUDE.md 77L, LICENSE ✓. All 7 agents carry `name`+`description`+`model`; all 10 commands carry `name`+`description`+`allowed-tools` (no `model` — which is fine, it's optional). | +| Version consistency | catalog version-gate | **OK** — `plugin.json` 1.3.0 == README badge == catalog `ref` v1.3.0… see note below. | + +## Actionable findings + +| ID | Severity | Location | Finding | +|----|----------|----------|---------| +| OKR-01 | Low | `commands/oppsett.md:457` | `rm -rf .claude/okr/syklus/[id]/` is human-gated (`AskUserQuestion`, line 450) and path-scoped, but a malformed/empty `[id]` could collapse the glob. **Recommend:** assert `[id]` is non-empty and matches the cycle-ID regex (`T[1-3]-YYYY`) before the `rm`. | +| OKR-02 | Low | `SECURITY.md:57` | Says Linear API keys are "stored locally in `okr.local.md`", while the template/best-practice text recommends env vars. Mitigated (`*.local.md` is gitignored), but the guidance could lead a user to paste a token. **Recommend:** steer keys to `.mcp.json`/env only. | +| — | Info | `agents/fremdriftssporer-agent.md`, `commands/oppsett.md:193`, `hooks/scripts/inject-okr-context.mjs` | Linear MCP write-back (user's own credentials), a read-only `~/.claude/settings.json` detection, and a bounded (≤50 files) hook context-injection — all traced to evidence and **cleared** (not risks). | + +## Note — version drift (separate from this review) + +`plugin.json` is 1.3.0 and the catalog `ref` is v1.3.0 → consistent. (Earlier in the marketplace +sweep, okr showed as version-OK in `catalog/scripts/check-versions.mjs`; the 2 WARN plugins were +linkedin-studio and ms-ai-architect, not okr.) + +## What the pilot validated (for the other 9 plugins) + +1. **The method works from config-audit source (v5.4.0)** — no dependency on the installed plugin + version. The 4 dimensions ran cleanly against a sibling repo, read-only. +2. **It surfaced a real tooling bug, not just plugin findings** — config-audit's plugin-health + required optional CC frontmatter fields (`model`/`tools`/`name`/`allowed-tools`). Fixed before + scaling, so the other 9 reviews get signal, not 10–29 spurious medium findings each. +3. **The security pass clears false-positive-prone patterns** (MCP tool calls, a gated `rm -rf`, a + global-settings read, documentation URLs) by tracing each to evidence rather than flagging on + pattern alone — confirmed on this near-clean baseline. +4. **Expect heavier exercise on write/Bash-heavy plugins** (e.g. ms-ai-architect, voyage, + linkedin-studio) — okr's 7 agents are Read/Glob-only, so destructive-command and path-guard + categories were lightly tested here.