zhanj/claude-plugins-official
1
0
Fork 0
mirror of https://github.com/anthropics/claude-plugins-official.git synced 2026-05-12 07:22:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Tighten policy scan: hook scope, telemetry, disclosure; make blocking (#1771)

Browse Source 
* Tighten policy scan: hook scope, telemetry, disclosure; make blocking

policy/prompt.md — adds Part 2 (hook scope and disclosure):
- Enumerate every registered hook and read its source.
- Flag has_broad_scope_hooks when UserPromptSubmit/PreToolUse/
  PostToolUse runs without a project-relevance gate, or any hook
  reads user data beyond the plugin's stated scope — regardless of
  whether it makes network calls.
- Flag has_undisclosed_telemetry when any hook or shipped code calls
  a non-MCP host without explicit disclosure + opt-out.
- Flag description_matches_behavior=false when the install
  description would not lead a reasonable user to expect the
  hooks/telemetry/data-access found.
- passes=false when any of the above trip. Violations must cite the
  specific hook/file and what the user wasn't told.

The bar is now "handles user data responsibly," not merely "isn't
malicious." A non-malicious plugin that observes more than its stated
purpose justifies will fail.

policy/schema.json — adds required hooks[], has_broad_scope_hooks,
has_undisclosed_telemetry, description_matches_behavior.

scan-plugins.yml:
- fail-on-findings: true (blocking — loosen later if FP rate too high)
- workflow_dispatch with scan_all input for full re-review of all
  external entries
- timeout-minutes: 360 (full scan of 117 entries at ~96s each ≈ 3h)
- trigger on .github/policy/** so prompt edits get scanned

* Bump vercel SHA to test the tightened scan against it
This commit is contained in:
Tobin South
2026-05-07 15:34:32 -07:00
committed by GitHub
parent ccd0c95a3d
commit 76b35e91d1
4 changed files with 143 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
.github/workflows/scan-plugins.yml vendored
View File

@@ -4,6 +4,13 @@ on:
pull_request:
paths:
- '.claude-plugin/marketplace.json'
- '.github/policy/**'
workflow_dispatch:
inputs:
scan_all:
description: Scan every external entry (full re-review). Slow.
type: boolean
default: false
permissions:
contents: read
@@ -11,14 +18,18 @@ permissions:
jobs:
scan:
runs-on: ubuntu-latest
timeout-minutes: 360
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
# Non-blocking by default. To enforce, set fail-on-findings: "true".
# Blocking: policy failures fail the job. Loosen by removing
# fail-on-findings if the false-positive rate is too high.
- uses: anthropics/claude-plugins-community/.github/actions/scan-plugins@b277757588871fe55b2620de8c6dfda470e2e9d8
with:
anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
policy-prompt: .github/policy/prompt.md
fail-on-findings: "true"
scan-all-external: ${{ inputs.scan_all || 'false' }}
claude-cli-version: latest