Pilot review for a marketplace-wide review method. config-audit v5.4.0 (posture A, plugin-health 0) + llm-security (A-, 0 critical/high/medium) + structure + version. Verdict: strong, low-risk plugin. 2 Low nits (assert cycle-ID before rm in oppsett.md:457; SECURITY.md:57 key-storage guidance). Read-only review; this file is the only artifact. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01Ter3E2JSi1Khgmuf2kady8
4.1 KiB
4.1 KiB
Plugin review — okr (2026-06-20)
Full-depth review, run as the pilot for a marketplace-wide review method (validated here before scaling to the other 9 plugins). Tooling: config-audit v5.4.0 scanners (run from source) + llm-security posture assessor + structure/version checks. Read-only; this file is the only artifact written.
Verdict
okr is a strong, low-risk plugin. No critical/high/medium security findings, config posture A, version-consistent. Two Low documentation/hardening nits are the only actionable items; neither blocks anything.
Results by dimension
| Dimension | Tool | Result |
|---|---|---|
| Config posture | config-audit posture |
A overall — CLAUDE.md A, Settings/Hooks/Rules/MCP/Conflicts/Plugin-Hygiene A 100, Token-Efficiency A 90. Only weak area: Feature Coverage D 40 (an opportunity, not a defect). |
| Plugin health | config-audit plugin-health |
0 findings. (An earlier run reported 10× "command missing model"; that was an over-report in the scanner — model is an optional command field. Fixed in config-audit a5cfc33 during this pilot.) |
| Security posture | llm-security posture assessor | A− (risk ~6/100, ALLOW/Install). 0 critical/high/medium. 9 OWASP-LLM categories mostly A; B on deny-first/secrets/path/destructive only because explicit settings.json/guard-hooks are absent — not defects for a read-mostly content plugin. |
| Structure / hygiene | manual | README 280L, CHANGELOG ✓, CLAUDE.md 77L, LICENSE ✓. All 7 agents carry name+description+model; all 10 commands carry name+description+allowed-tools (no model — which is fine, it's optional). |
| Version consistency | catalog version-gate | OK — plugin.json 1.3.0 == README badge == catalog ref v1.3.0… see note below. |
Actionable findings
| ID | Severity | Location | Finding |
|---|---|---|---|
| OKR-01 | Low | commands/oppsett.md:457 |
rm -rf .claude/okr/syklus/[id]/ is human-gated (AskUserQuestion, line 450) and path-scoped, but a malformed/empty [id] could collapse the glob. Recommend: assert [id] is non-empty and matches the cycle-ID regex (T[1-3]-YYYY) before the rm. |
| OKR-02 | Low | SECURITY.md:57 |
Says Linear API keys are "stored locally in okr.local.md", while the template/best-practice text recommends env vars. Mitigated (*.local.md is gitignored), but the guidance could lead a user to paste a token. Recommend: steer keys to .mcp.json/env only. |
| — | Info | agents/fremdriftssporer-agent.md, commands/oppsett.md:193, hooks/scripts/inject-okr-context.mjs |
Linear MCP write-back (user's own credentials), a read-only ~/.claude/settings.json detection, and a bounded (≤50 files) hook context-injection — all traced to evidence and cleared (not risks). |
Note — version drift (separate from this review)
plugin.json is 1.3.0 and the catalog ref is v1.3.0 → consistent. (Earlier in the marketplace
sweep, okr showed as version-OK in catalog/scripts/check-versions.mjs; the 2 WARN plugins were
linkedin-studio and ms-ai-architect, not okr.)
What the pilot validated (for the other 9 plugins)
- The method works from config-audit source (v5.4.0) — no dependency on the installed plugin version. The 4 dimensions ran cleanly against a sibling repo, read-only.
- It surfaced a real tooling bug, not just plugin findings — config-audit's plugin-health
required optional CC frontmatter fields (
model/tools/name/allowed-tools). Fixed before scaling, so the other 9 reviews get signal, not 10–29 spurious medium findings each. - The security pass clears false-positive-prone patterns (MCP tool calls, a gated
rm -rf, a global-settings read, documentation URLs) by tracing each to evidence rather than flagging on pattern alone — confirmed on this near-clean baseline. - Expect heavier exercise on write/Bash-heavy plugins (e.g. ms-ai-architect, voyage, linkedin-studio) — okr's 7 agents are Read/Glob-only, so destructive-command and path-guard categories were lightly tested here.