Skill

pop-assessment-security

Assesses PopKit plugin security with automated secret and injection scans, vulnerability patterns, OWASP checklists, and risk scoring. Outputs JSON reports with severity and fixes.

Python

security

From popkit-ops

Install

Run in your terminal

npx claudepluginhub jrc1883/popkit-ai --plugin popkit-ops

Tool Access

This skill uses the workspace's default tool permissions.

Supporting Assets

View in Repository

checklists/injection-patterns.json

checklists/owasp-alignment.json

checklists/secret-detection.json

scripts/calculate_risk.py

scripts/scan_injection.py

scripts/scan_secrets.py

standards/access-control.md

standards/injection-prevention.md

standards/input-validation.md

standards/secret-patterns.md

Skill Content

Similar Skills

agent-harness-construction

Designs and optimizes AI agent action spaces, tool definitions, observation formats, error recovery, and context for higher task completion rates.

ecc

145.8k

agent-introspection-debugging

Implements structured self-debugging workflow for AI agent failures: capture errors, diagnose patterns like loops or context overflow, apply contained recoveries, and generate introspection reports.

ecc

145.8k

agent-eval

Compares coding agents like Claude Code and Aider on custom YAML-defined codebase tasks using git worktrees, measuring pass rate, cost, time, and consistency.

ecc

145.8k

Stats

Parent Repo Stars5

Parent Repo Forks0

Last CommitJan 13, 2026

Actions

View Source View Plugin View on GitHub View README

Security Assessment Skill

Purpose

Provides concrete, reproducible security assessment for PopKit plugins using:

Machine-readable vulnerability patterns
Automated secret and injection scanning
OWASP-aligned security checklists
Deterministic scoring

How to Use

Step 1: Run Automated Security Scan

python skills/pop-assessment-security/scripts/scan_secrets.py packages/plugin/
python skills/pop-assessment-security/scripts/scan_injection.py packages/plugin/
python skills/pop-assessment-security/scripts/calculate_risk.py packages/plugin/

Step 2: Apply Security Checklists

Read and apply checklists in order:

checklists/secret-detection.json - Hardcoded credentials
checklists/injection-patterns.json - Command/path injection
checklists/owasp-alignment.json - OWASP Top 10 mapping

Step 3: Generate Report

Combine automated findings with checklist results for final security report.

Standards Reference

Standard	File	Key Checks
Secret Detection	`standards/secret-patterns.md`	SD-001 through SD-010
Injection Prevention	`standards/injection-prevention.md`	IP-001 through IP-008
Access Control	`standards/access-control.md`	AC-001 through AC-006
Input Validation	`standards/input-validation.md`	IV-001 through IV-008

Severity Classification

Level	Score	Description	Action
Critical	9-10	Immediately exploitable	Block release
High	7-8	Likely exploitable	Must fix
Medium	4-6	Conditionally exploitable	Should fix
Low	1-3	Minor risk	Consider fixing
Info	0	Best practice	Optional

Output

Returns JSON with:

risk_score: 0-100 (higher = more risk)
vulnerabilities: List with severity, location, CWE
passed_checks: Security controls that passed
recommendations: Prioritized fix list