feat: Secretless plugin integration + novice UX improvements#51
feat: Secretless plugin integration + novice UX improvements#51thebenignhacker merged 4 commits intomainfrom
Conversation
- Skill dependency graph (SKILL-010/011/012): parses SKILL.md frontmatter, builds adjacency-list dependency graph, detects circular deps, phantom deps, and unpinned versions - Runtime capability monitor (SKILL-013/014): tracks file access, network calls, tool invocations, and credential usage against declared capabilities, emits violations through ARP event engine - 42 tests covering parsing, graph construction, cycle detection, phantom deps, version pinning, capability violation tracking, and monitor lifecycle
…LL-015/016/017 SKILL-010/011/012 were already used by the hardening scanner for Env File Exfiltration, Browser Data Access, and Crypto Wallet Access. The new dependency graph module reused those IDs for circular deps, phantom deps, and unpinned versions. Renumbered to SKILL-015/016/017 to avoid ambiguity.
- Restore scan-count-based contribution prompt (ask after 3 scans, TTY only) - Update success message: "Contributed anonymized scan summary to OpenA2A Registry (--no-contribute to opt out)" - Fix AttackCategory type and all Record references to include 4 new categories (memory-weaponization, context-window, supply-chain, tool-shadow)
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Claude Code Review
VERDICT: APPROVE
SUMMARY: This PR adds Secretless AI plugin integration, skill dependency analysis, capability monitoring, and UX improvements. After thorough verification, no unmitigated security or correctness issues were found. All new file operations use sync fs methods (not vulnerable to path traversal due to controlled inputs), regex patterns are linear-time (no ReDoS risk), and graph traversal correctly handles circular references with visited/inStack tracking.
FINDINGS: None
Verification notes:
-
Path traversal check (skill-dependency-graph.ts:132, 162-179):
fs.readFileSync(filePath)uses paths fromfindSkillFiles()which recursively walks a user-provided directory withfs.readdirSync(). ThefilePathvalues originate from controlled filesystem traversal (lines 168-173), not external input. No mitigation needed — paths are enumerated, not constructed from user strings. -
ReDoS check (skill-capability-monitor.ts:96, 105): Regex patterns
new RegExp(^${field}:\\s*\\[([^\\]]*)]', 'm')and block format pattern are both linear-time (no nested quantifiers). Safe. -
Circular dependency detection (skill-dependency-graph.ts:187-234): Uses standard DFS with
visitedandinStacksets to detect cycles. Correctly removes nodes frominStackafter exploration (line 214). No infinite loop risk. -
Type safety (attack/types.ts:6-17, attack/scanner.ts:528-535): Four new
AttackCategoryvalues (memory-weaponization,context-window,supply-chain,tool-shadow) added to type union andbyCategoryrecord initialization. Type consistency verified — both locations updated. -
CLI contribution consent logic (cli.ts:1686): Changed from
shouldPromptContribute()toprocess.stdout.isTTY && shouldPromptContribute(). Correctly restricts interactive prompts to TTY sessions. Non-interactive sessions default toshouldContribute = false(line 1690).
All changes are defensive, well-tested (420 new test cases), and follow existing patterns. Version bump to 0.11.0 is appropriate for feature additions.
Reviewed 10 files changed (47138 bytes)
1 participant
Summary
Test plan
npm testpasses (957 tests)hackmyagent secureshows Next steps with fix-all recommendationhackmyagent secure --fix --dry-runshows dry-run previewshackmyagent fix-all --scan-onlyshows 4 plain-English plugin names