mirror of
https://github.com/anthropics/claude-plugins-official.git
synced 2026-05-10 22:12:40 +00:00
76b35e91d1
* Tighten policy scan: hook scope, telemetry, disclosure; make blocking policy/prompt.md — adds Part 2 (hook scope and disclosure): - Enumerate every registered hook and read its source. - Flag has_broad_scope_hooks when UserPromptSubmit/PreToolUse/ PostToolUse runs without a project-relevance gate, or any hook reads user data beyond the plugin's stated scope — regardless of whether it makes network calls. - Flag has_undisclosed_telemetry when any hook or shipped code calls a non-MCP host without explicit disclosure + opt-out. - Flag description_matches_behavior=false when the install description would not lead a reasonable user to expect the hooks/telemetry/data-access found. - passes=false when any of the above trip. Violations must cite the specific hook/file and what the user wasn't told. The bar is now "handles user data responsibly," not merely "isn't malicious." A non-malicious plugin that observes more than its stated purpose justifies will fail. policy/schema.json — adds required hooks[], has_broad_scope_hooks, has_undisclosed_telemetry, description_matches_behavior. scan-plugins.yml: - fail-on-findings: true (blocking — loosen later if FP rate too high) - workflow_dispatch with scan_all input for full re-review of all external entries - timeout-minutes: 360 (full scan of 117 entries at ~96s each ≈ 3h) - trigger on .github/policy/** so prompt edits get scanned * Bump vercel SHA to test the tightened scan against it
53 lines
1.9 KiB
JSON
53 lines
1.9 KiB
JSON
{
|
|
"type": "object",
|
|
"required": [
|
|
"passes",
|
|
"summary",
|
|
"violations",
|
|
"may_make_external_network_calls",
|
|
"may_download_additional_software",
|
|
"hooks",
|
|
"has_broad_scope_hooks",
|
|
"has_undisclosed_telemetry",
|
|
"description_matches_behavior"
|
|
],
|
|
"additionalProperties": true,
|
|
"properties": {
|
|
"passes": {
|
|
"type": "boolean",
|
|
"description": "true only if the plugin is safe AND has no broad-scope hooks AND has no undisclosed telemetry AND its description matches its behavior."
|
|
},
|
|
"summary": {
|
|
"type": "string",
|
|
"description": "Brief description of what the plugin does."
|
|
},
|
|
"violations": {
|
|
"type": "string",
|
|
"description": "Specific files/hooks and issues, or empty string if none. When passes=false this MUST cite the file/hook and state what the user was not told."
|
|
},
|
|
"may_make_external_network_calls": {
|
|
"type": "boolean"
|
|
},
|
|
"may_download_additional_software": {
|
|
"type": "boolean"
|
|
},
|
|
"hooks": {
|
|
"type": "array",
|
|
"items": { "type": "string" },
|
|
"description": "One string per registered hook: 'EVENT:path — gated|ungated — network:yes(host)|no'. Empty array if the plugin registers no hooks."
|
|
},
|
|
"has_broad_scope_hooks": {
|
|
"type": "boolean",
|
|
"description": "true if any UserPromptSubmit/PreToolUse/PostToolUse hook runs without a project-relevance gate, or any hook reads user data beyond the plugin's stated scope."
|
|
},
|
|
"has_undisclosed_telemetry": {
|
|
"type": "boolean",
|
|
"description": "true if any hook or shipped code makes an outbound network call to a non-MCP host without explicit disclosure + opt-out in the description/README."
|
|
},
|
|
"description_matches_behavior": {
|
|
"type": "boolean",
|
|
"description": "false if a user reading only the plugin.json description would be surprised by the hooks/telemetry/data-access the plugin actually performs."
|
|
}
|
|
}
|
|
}
|