mirror of
https://github.com/anthropics/claude-plugins-official.git
synced 2026-05-10 13:52:39 +00:00
76b35e91d1
* Tighten policy scan: hook scope, telemetry, disclosure; make blocking policy/prompt.md — adds Part 2 (hook scope and disclosure): - Enumerate every registered hook and read its source. - Flag has_broad_scope_hooks when UserPromptSubmit/PreToolUse/ PostToolUse runs without a project-relevance gate, or any hook reads user data beyond the plugin's stated scope — regardless of whether it makes network calls. - Flag has_undisclosed_telemetry when any hook or shipped code calls a non-MCP host without explicit disclosure + opt-out. - Flag description_matches_behavior=false when the install description would not lead a reasonable user to expect the hooks/telemetry/data-access found. - passes=false when any of the above trip. Violations must cite the specific hook/file and what the user wasn't told. The bar is now "handles user data responsibly," not merely "isn't malicious." A non-malicious plugin that observes more than its stated purpose justifies will fail. policy/schema.json — adds required hooks[], has_broad_scope_hooks, has_undisclosed_telemetry, description_matches_behavior. scan-plugins.yml: - fail-on-findings: true (blocking — loosen later if FP rate too high) - workflow_dispatch with scan_all input for full re-review of all external entries - timeout-minutes: 360 (full scan of 117 entries at ~96s each ≈ 3h) - trigger on .github/policy/** so prompt edits get scanned * Bump vercel SHA to test the tightened scan against it