Performs a comprehensive security audit on a Claude Code plugin, detecting leaked secrets, unsafe paths, shell injection risks, sensitive files, and insecure scripts. Trigger: audit security, security scan, check for secrets, find vulnerabilities.
From pqanpx claudepluginhub javimontano/jm-adk --plugin plugin-qaThis skill is limited to using the following tools:
examples/security-findings.mdprompts/security-scan.mdreferences/security-patterns.mdSearches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.
Searches prompts.chat for AI prompt templates by keyword or category, retrieves by ID with variable handling, and improves prompts via AI. Use for discovering or enhancing prompts.
Enables AI agents to execute x402 payments with per-task budgets, spending controls, and non-custodial wallets via MCP tools. Use when agents pay for APIs, services, or other agents.
"Security is not a feature -- it is a property of the entire system."
Performs a 6-category security scan on a Claude Code plugin: secret patterns, path security, hook command injection, sensitive files, and script safety. Produces a severity-classified report with specific remediation for each finding.
Receive target plugin path -- accept the plugin root directory as input. Confirm the directory exists and contains a plugin.json (or .claude-plugin/plugin.json) or recognizable plugin structure before proceeding.
Secret pattern detection -- scan all files for high-risk credential patterns:
sk-*, AKIA*, ghp_*, xox[bsp]-*password\s*=, secret\s*=, token\s*= (outside comments)BEGIN RSA PRIVATE KEY, BEGIN EC PRIVATE KEY, BEGIN OPENSSH PRIVATE KEY.env files containing KEY=, SECRET=, TOKEN=, PASSWORD=Path security analysis -- search for hardcoded or unsafe path usage:
/Users/, /home/, /opt/, C:\../ outside of comments and documentation${CLAUDE_PLUGIN_ROOT} -- flag any path that should be relative but is absoluteHook command security -- inspect all hook definitions for shell injection risks:
eval usage in hook commands$VAR instead of "$VAR")sh, bash, or execSensitive file detection -- glob for files that should not be in a plugin:
.env, .env.*.pem, .key, .p12, .pfxcredentials.json, service-account.jsonid_rsa, id_ed25519, *.pub (private key pairs)Script security -- evaluate shell scripts in scripts/ and hooks:
o+w)curl or wget without checksum or signature verificationchmod 777Generate security report -- compile all findings into a structured list with:
password=) in documentation or example files is mitigated by context checking, but edge cases remain.Bad finding:
WARNING: Possible secret found.
Missing: no file path, no line number, no pattern, no remediation.
Good finding:
CRITICAL | hooks/hooks.json:12 | Pattern: `sk-proj-*` (OpenAI API key) | Remediation: Remove the key, rotate it immediately, and use environment variables instead.
Includes: severity, exact file and line, matched pattern with classification, specific remediation.
.pem or .key files because only text content was searched.../ usage is benign because "it's in a comment" without actually verifying.${API_KEY} or <YOUR_TOKEN> in example files should be classified as INFO, not CRITICAL, since they are placeholders.