okr/docs/review-2026-06-20.md
Kjell Tore Guttormsen cff9ac0447 docs: add full-depth plugin review (pilot, 2026-06-20)
Pilot review for a marketplace-wide review method. config-audit v5.4.0 (posture A,
plugin-health 0) + llm-security (A-, 0 critical/high/medium) + structure + version.
Verdict: strong, low-risk plugin. 2 Low nits (assert cycle-ID before rm in oppsett.md:457;
SECURITY.md:57 key-storage guidance). Read-only review; this file is the only artifact.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01Ter3E2JSi1Khgmuf2kady8
2026-06-20 07:28:54 +02:00

4.1 KiB
Raw Blame History

Plugin review — okr (2026-06-20)

Full-depth review, run as the pilot for a marketplace-wide review method (validated here before scaling to the other 9 plugins). Tooling: config-audit v5.4.0 scanners (run from source) + llm-security posture assessor + structure/version checks. Read-only; this file is the only artifact written.

Verdict

okr is a strong, low-risk plugin. No critical/high/medium security findings, config posture A, version-consistent. Two Low documentation/hardening nits are the only actionable items; neither blocks anything.

Results by dimension

Dimension Tool Result
Config posture config-audit posture A overall — CLAUDE.md A, Settings/Hooks/Rules/MCP/Conflicts/Plugin-Hygiene A 100, Token-Efficiency A 90. Only weak area: Feature Coverage D 40 (an opportunity, not a defect).
Plugin health config-audit plugin-health 0 findings. (An earlier run reported 10× "command missing model"; that was an over-report in the scanner — model is an optional command field. Fixed in config-audit a5cfc33 during this pilot.)
Security posture llm-security posture assessor A (risk ~6/100, ALLOW/Install). 0 critical/high/medium. 9 OWASP-LLM categories mostly A; B on deny-first/secrets/path/destructive only because explicit settings.json/guard-hooks are absent — not defects for a read-mostly content plugin.
Structure / hygiene manual README 280L, CHANGELOG ✓, CLAUDE.md 77L, LICENSE ✓. All 7 agents carry name+description+model; all 10 commands carry name+description+allowed-tools (no model — which is fine, it's optional).
Version consistency catalog version-gate OKplugin.json 1.3.0 == README badge == catalog ref v1.3.0… see note below.

Actionable findings

ID Severity Location Finding
OKR-01 Low commands/oppsett.md:457 rm -rf .claude/okr/syklus/[id]/ is human-gated (AskUserQuestion, line 450) and path-scoped, but a malformed/empty [id] could collapse the glob. Recommend: assert [id] is non-empty and matches the cycle-ID regex (T[1-3]-YYYY) before the rm.
OKR-02 Low SECURITY.md:57 Says Linear API keys are "stored locally in okr.local.md", while the template/best-practice text recommends env vars. Mitigated (*.local.md is gitignored), but the guidance could lead a user to paste a token. Recommend: steer keys to .mcp.json/env only.
Info agents/fremdriftssporer-agent.md, commands/oppsett.md:193, hooks/scripts/inject-okr-context.mjs Linear MCP write-back (user's own credentials), a read-only ~/.claude/settings.json detection, and a bounded (≤50 files) hook context-injection — all traced to evidence and cleared (not risks).

Note — version drift (separate from this review)

plugin.json is 1.3.0 and the catalog ref is v1.3.0 → consistent. (Earlier in the marketplace sweep, okr showed as version-OK in catalog/scripts/check-versions.mjs; the 2 WARN plugins were linkedin-studio and ms-ai-architect, not okr.)

What the pilot validated (for the other 9 plugins)

  1. The method works from config-audit source (v5.4.0) — no dependency on the installed plugin version. The 4 dimensions ran cleanly against a sibling repo, read-only.
  2. It surfaced a real tooling bug, not just plugin findings — config-audit's plugin-health required optional CC frontmatter fields (model/tools/name/allowed-tools). Fixed before scaling, so the other 9 reviews get signal, not 1029 spurious medium findings each.
  3. The security pass clears false-positive-prone patterns (MCP tool calls, a gated rm -rf, a global-settings read, documentation URLs) by tracing each to evidence rather than flagging on pattern alone — confirmed on this near-clean baseline.
  4. Expect heavier exercise on write/Bash-heavy plugins (e.g. ms-ai-architect, voyage, linkedin-studio) — okr's 7 agents are Read/Glob-only, so destructive-command and path-guard categories were lightly tested here.