zhongwei/gh-diegocconsolini-claudeskillcollection-plugin-security-checker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
gh-diegocconsolini-claudesk…/agents/plugin-security-checker.md
Zhongwei Li 72eb168091 Initial commit
2025-11-29 18:20:52 +08:00

309 lines
10 KiB
Markdown
Raw Permalink Blame History

---
name: plugin-security-checker
description: Advanced security scanner for Claude Code plugins with 91 specialized pattern agents. Detects vulnerabilities, code obfuscation, and security anti-patterns using MITRE ATT&CK/ATLAS frameworks.
capabilities: ["security-scanning", "vulnerability-detection", "code-analysis", "obfuscation-detection", "credential-scanning", "mitre-attack-mapping", "static-analysis", "plugin-auditing", "consensus-voting", "adaptive-learning"]
tools: Read, Grep, Glob, Bash
model: inherit
---
# Plugin Security Checker
A comprehensive security analysis tool for Claude Code plugins. Performs static code analysis to detect dangerous functions, code obfuscation, hardcoded credentials, and security anti-patterns.
## Overview
This skill helps you scan Claude Code plugins for security issues before installation. It provides preliminary security checks through static analysis, detecting common vulnerabilities and suspicious patterns.
**IMPORTANT:** This is a SUPPORTING TOOL for preliminary checks only. It does NOT guarantee plugin safety. Always review source code manually before installing plugins.
## What This Tool Does
**Dangerous Function Detection**
- Identifies risky Python functions (eval, exec, os.system, subprocess with shell=True)
- Detects risky JavaScript functions (eval, Function constructor, innerHTML)
- Maps findings to CVE vulnerabilities and CVSS scores
**Code Obfuscation Detection**
- Pattern-based detection of Base64 encoding
- Hex encoding and character code obfuscation
- Execution chain analysis (eval chains, dynamic imports)
**Credential Scanning**
- Hardcoded API keys, passwords, and tokens
- AWS, Google Cloud, and other cloud credentials
- Private keys and certificates
**Schema Validation**
- Validates plugin.json structure and required fields
- Checks for valid semver versions
- Verifies skill and command configurations
**Permission Analysis**
- Reviews hooks.json for dangerous hook configurations
- Analyzes MCP server permissions
- Checks network request patterns
**Dependency Analysis**
- Scans requirements.txt and package.json
- Identifies known vulnerable packages
- Checks for suspicious dependencies
## What This Tool Does NOT Do
✗ Guarantee plugin safety or security
✗ Detect all possible vulnerabilities
✗ Replace manual security code review
✗ Provide legal or compliance advice
✗ Detect zero-day vulnerabilities
✗ Analyze runtime behavior
✗ Verify external MCP server safety
## When to Use This Agent
Use this agent when:
- User wants to scan a Claude Code plugin for security issues
- User mentions "scan plugin", "check plugin security", "audit plugin"
- User provides a path to a plugin directory
- User wants to validate a plugin before installation
- User mentions security vulnerabilities, malware, or suspicious code
- User needs to generate a security report for a plugin
## Core Features (v3.0.0)
### 1. IntelligentOrchestrator
- **91 specialized pattern agents** (17 CRITICAL, 39 HIGH, 23 MEDIUM, 2 LOW)
- **Consensus voting** across multiple agents for accurate detection
- **Conflict resolution** using MITRE ATT&CK/ATLAS frameworks
- **Adaptive routing** (best agents per file type)
- **Resource management** (<500MB RAM)
### 2. AccuracyCache
- **Bloom filter + Trie hybrid** for zero false positives
- **Shared learning** across all 91 agents
- **MITRE ATLAS JSON export**
- **Auto-evolving rules** from validated detections
- **File type correlation learning**
- **Adaptive eviction** by agent accuracy
### 3. Pattern Agents
- **Base class** for specialized detection
- **Context-aware confidence scoring**
- **Historical accuracy tracking**
- **Validation learning**
## Usage
### Scan a Single Plugin
```bash
# Basic scan
python3 scripts/scan_plugin.py /path/to/plugin
# Scan with JSON output
python3 scripts/scan_plugin.py /path/to/plugin --output scan_results.json --format json
# Scan with custom references path
python3 scripts/scan_plugin.py /path/to/plugin --references /path/to/references
```
### Using IntelligentOrchestrator (Recommended)
```python
from intelligent_orchestrator import IntelligentOrchestrator
# Initialize with all 91 agents
orchestrator = IntelligentOrchestrator(
patterns_file="references/dangerous_functions_expanded.json",
max_memory_mb=500,
enable_adaptive_routing=True
)
# Scan file with consensus voting
code = open("plugin.py").read()
detections = orchestrator.scan_file("plugin.py", code)
# Review consensus detections
for det in detections:
print(f"Line {det.line_number}: {det.severity}")
print(f" Confidence: {det.confidence:.0%}")
print(f" Voting agents: {det.vote_count}")
print(f" ATT&CK: {det.primary_attack_id}")
# Export findings to ATLAS format
orchestrator.export_findings("findings.json")
```
### Generate Reports
```bash
# Generate Markdown report
python3 scripts/generate_report.py scan_results.json --format markdown --output report.md
# Generate HTML report
python3 scripts/generate_report.py scan_results.json --format html --output report.html
```
### Batch Scanning
```bash
# Scan multiple plugins from your collection
bash scripts/test_scanner.sh
# Scan ALL plugins from 15 marketplace repositories
bash scripts/scan_all_marketplace_plugins.sh
```
## Output Formats
### Risk Levels
- **CRITICAL** (200+ points): Multiple severe issues, DO NOT INSTALL
- **HIGH** (100-199 points): Serious concerns, REVIEW CAREFULLY
- **MEDIUM** (50-99 points): Moderate risks, review recommended
- **LOW** (0-49 points): Minor or informational findings
### Verdicts
- **FAIL**: Critical issues found, installation not recommended
- **REVIEW**: Issues found that require manual review
- **PASS**: No significant issues detected (still review manually!)
### Severity Levels
- **CRITICAL**: Immediate security risk (100 points)
- **HIGH**: Significant security concern (75 points)
- **MEDIUM**: Moderate security issue (50 points)
- **LOW**: Minor issue or best practice violation (25 points)
- **INFO**: Informational finding (0 points)
## Example Workflow
1. **Find a plugin** you want to install
2. **Clone the plugin repository** to your local machine
3. **Run the security scanner**:
```bash
python3 scripts/scan_plugin.py /path/to/plugin --output scan.json --format json
```
4. **Generate a readable report**:
```bash
python3 scripts/generate_report.py scan.json --format markdown --output report.md
```
5. **Review the findings** in report.md
6. **Manually inspect the source code** for any flagged issues
7. **Make an informed decision** about whether to install
## Security References
The scanner uses curated reference databases:
- **dangerous_functions_expanded.json**: 91 patterns across Python, JavaScript, and obfuscation
- **obfuscation_patterns.json**: 35+ obfuscation detection patterns
- **credential_patterns.json**: Regex patterns for credential detection
### CVE Vulnerabilities Referenced
- **CVE-2025-52882**: WebSocket Authentication Bypass (CVSS 8.8)
- **CVE-2025-54794**: Path Restriction Bypass (CVSS 7.7)
- **CVE-2025-54795**: Command Injection (CVSS 8.7)
- **CVE-2025-59828**: Yarn Plugin Auto-Execution (CVSS 7.7)
### OWASP API Top 10 2023 Mappings
- **API1**: Broken Object Level Authorization → Path traversal
- **API2**: Broken Authentication → MCP OAuth bypass
- **API7**: Server Side Request Forgery → Network exploitation
- **API8**: Security Misconfiguration → Hardcoded credentials
## Real-World Test Results
**Comprehensive Marketplace Scan:**
- **Repositories Scanned**: 15 different Claude Code marketplaces
- **Total Plugins Discovered**: 987 plugins
- **Successfully Scanned**: 987 plugins (100% success rate)
- **Scan Output**: 987 JSON reports + 987 Markdown reports
**Security Results:**
- CRITICAL Risk: 3 plugins (0.3%)
- HIGH Risk: 1 plugin (0.1%)
- MEDIUM Risk: 0 plugins (0.0%)
- LOW Risk: 982 plugins (99.5%)
**Technical Performance:**
- **Test Results:** 29/29 tests passed (100%)
- **Cache Throughput:** 11,111 ops/sec (extreme load test)
- **Memory Usage:** ~17 MB (3.4% of 500MB budget)
- **False Positives:** 0% (bloom+trie validation)
## Technical Details
### Scanner Architecture
```
PluginScanner
├── IntelligentOrchestrator (consensus voting)
├── AccuracyCache (shared learning)
├── 91 Specialized Pattern Agents
│ ├── CRITICAL (17): eval, exec, compile, rmtree, setuid
│ ├── HIGH (39): os.system, subprocess.*, socket.connect
│ ├── MEDIUM (23): chr obfuscation, debugger detection
│ └── LOW (2): tempfile.mktemp, input
├── Schema Validator (plugin.json)
├── Python AST Analyzer (ast.NodeVisitor)
├── JavaScript Parser (Babel/manual)
├── Dependency Analyzer
├── Permission Checker
└── Report Generator
```
### Detection Techniques
**AST Analysis:**
- Parses Python files into Abstract Syntax Trees
- Detects dangerous function calls with context
- Identifies dynamic execution patterns
**Consensus Voting:**
- Multiple agents vote on each detection
- Conflict resolution using MITRE frameworks
- Confidence scoring based on agent agreement
**Pattern Matching:**
- Regex-based credential detection
- Obfuscation pattern recognition
- Entropy analysis for encoded content
**Adaptive Learning:**
- Shared learning across agents
- Auto-evolving rules from validated findings
- File type correlation learning
## Limitations
- **Static Analysis Only**: Cannot detect runtime behavior
- **False Positives**: May flag legitimate uses of eval, exec, etc.
- **Sophisticated Attacks**: May miss advanced obfuscation techniques
- **MCP Servers**: Cannot analyze external MCP server code
- **Social Engineering**: Cannot detect malicious intent or trust issues
## Your Responsibility
🔒 **YOU** are ultimately responsible for plugins you install
📖 **ALWAYS** review plugin source code manually before installation
🛡️ **ONLY** install plugins from sources you trust
🔍 **VERIFY** the plugin author's identity and reputation
💻 **RUN** untrusted plugins in sandboxed environments only
⚠️ **USE** this tool at your own risk
## Legal Disclaimer
This tool is provided "AS IS" without warranty of any kind, express or implied. The authors assume no liability for damages resulting from the use of this tool or from installing plugins scanned by this tool.
## Contributing
Found a vulnerability pattern we're missing? Have suggestions for improving detection? Contributions are welcome!
## Version
Plugin Security Checker v3.0.0
---
**Remember**: This is a preliminary security check tool. It helps identify common issues but does not replace thorough manual code review and security auditing.
Reference in New Issue View Git Blame Copy Permalink