docs: add full-depth plugin review (pilot, 2026-06-20)
Pilot review for a marketplace-wide review method. config-audit v5.4.0 (posture A, plugin-health 0) + llm-security (A-, 0 critical/high/medium) + structure + version. Verdict: strong, low-risk plugin. 2 Low nits (assert cycle-ID before rm in oppsett.md:457; SECURITY.md:57 key-storage guidance). Read-only review; this file is the only artifact. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01Ter3E2JSi1Khgmuf2kady8
This commit is contained in:
parent
ea2827ef1c
commit
cff9ac0447
1 changed files with 50 additions and 0 deletions
50
docs/review-2026-06-20.md
Normal file
50
docs/review-2026-06-20.md
Normal file
|
|
@ -0,0 +1,50 @@
|
|||
# Plugin review — okr (2026-06-20)
|
||||
|
||||
> Full-depth review, run as the **pilot** for a marketplace-wide review method (validated here
|
||||
> before scaling to the other 9 plugins). Tooling: config-audit **v5.4.0** scanners (run from
|
||||
> source) + llm-security posture assessor + structure/version checks. Read-only; this file is the
|
||||
> only artifact written.
|
||||
|
||||
## Verdict
|
||||
|
||||
**okr is a strong, low-risk plugin.** No critical/high/medium security findings, config posture A,
|
||||
version-consistent. Two Low documentation/hardening nits are the only actionable items; neither
|
||||
blocks anything.
|
||||
|
||||
## Results by dimension
|
||||
|
||||
| Dimension | Tool | Result |
|
||||
|-----------|------|--------|
|
||||
| Config posture | config-audit `posture` | **A** overall — CLAUDE.md A, Settings/Hooks/Rules/MCP/Conflicts/Plugin-Hygiene A 100, Token-Efficiency A 90. Only weak area: **Feature Coverage D 40** (an opportunity, not a defect). |
|
||||
| Plugin health | config-audit `plugin-health` | **0 findings.** (An earlier run reported 10× "command missing `model`"; that was an over-report in the scanner — `model` is an optional command field. Fixed in config-audit `a5cfc33` during this pilot.) |
|
||||
| Security posture | llm-security posture assessor | **A−** (risk ~6/100, ALLOW/Install). 0 critical/high/medium. 9 OWASP-LLM categories mostly A; B on deny-first/secrets/path/destructive only because explicit `settings.json`/guard-hooks are absent — not defects for a read-mostly content plugin. |
|
||||
| Structure / hygiene | manual | README 280L, CHANGELOG ✓, CLAUDE.md 77L, LICENSE ✓. All 7 agents carry `name`+`description`+`model`; all 10 commands carry `name`+`description`+`allowed-tools` (no `model` — which is fine, it's optional). |
|
||||
| Version consistency | catalog version-gate | **OK** — `plugin.json` 1.3.0 == README badge == catalog `ref` v1.3.0… see note below. |
|
||||
|
||||
## Actionable findings
|
||||
|
||||
| ID | Severity | Location | Finding |
|
||||
|----|----------|----------|---------|
|
||||
| OKR-01 | Low | `commands/oppsett.md:457` | `rm -rf .claude/okr/syklus/[id]/` is human-gated (`AskUserQuestion`, line 450) and path-scoped, but a malformed/empty `[id]` could collapse the glob. **Recommend:** assert `[id]` is non-empty and matches the cycle-ID regex (`T[1-3]-YYYY`) before the `rm`. |
|
||||
| OKR-02 | Low | `SECURITY.md:57` | Says Linear API keys are "stored locally in `okr.local.md`", while the template/best-practice text recommends env vars. Mitigated (`*.local.md` is gitignored), but the guidance could lead a user to paste a token. **Recommend:** steer keys to `.mcp.json`/env only. |
|
||||
| — | Info | `agents/fremdriftssporer-agent.md`, `commands/oppsett.md:193`, `hooks/scripts/inject-okr-context.mjs` | Linear MCP write-back (user's own credentials), a read-only `~/.claude/settings.json` detection, and a bounded (≤50 files) hook context-injection — all traced to evidence and **cleared** (not risks). |
|
||||
|
||||
## Note — version drift (separate from this review)
|
||||
|
||||
`plugin.json` is 1.3.0 and the catalog `ref` is v1.3.0 → consistent. (Earlier in the marketplace
|
||||
sweep, okr showed as version-OK in `catalog/scripts/check-versions.mjs`; the 2 WARN plugins were
|
||||
linkedin-studio and ms-ai-architect, not okr.)
|
||||
|
||||
## What the pilot validated (for the other 9 plugins)
|
||||
|
||||
1. **The method works from config-audit source (v5.4.0)** — no dependency on the installed plugin
|
||||
version. The 4 dimensions ran cleanly against a sibling repo, read-only.
|
||||
2. **It surfaced a real tooling bug, not just plugin findings** — config-audit's plugin-health
|
||||
required optional CC frontmatter fields (`model`/`tools`/`name`/`allowed-tools`). Fixed before
|
||||
scaling, so the other 9 reviews get signal, not 10–29 spurious medium findings each.
|
||||
3. **The security pass clears false-positive-prone patterns** (MCP tool calls, a gated `rm -rf`, a
|
||||
global-settings read, documentation URLs) by tracing each to evidence rather than flagging on
|
||||
pattern alone — confirmed on this near-clean baseline.
|
||||
4. **Expect heavier exercise on write/Bash-heavy plugins** (e.g. ms-ai-architect, voyage,
|
||||
linkedin-studio) — okr's 7 agents are Read/Glob-only, so destructive-command and path-guard
|
||||
categories were lightly tested here.
|
||||
Loading…
Add table
Add a link
Reference in a new issue