github-actions[bot]
013e200061
bump(netlify-skills): b922fd4d → 780dcd24 ( #3593 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-07-01 13:17:00 -05:00
github-actions[bot]
b18e7e5505
bump(sentry-cli): b34a052e → 160788c0 ( #3598 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-07-01 13:16:37 -05:00
github-actions[bot]
2581e649ec
bump(expo): f5ed81a2 → 4b6a0d8b ( #3585 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-07-01 13:16:12 -05:00
github-actions[bot]
678fbeb80c
bump(fastly-agent-toolkit): f410cb74 → 9a273f0b ( #3586 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-07-01 13:15:31 -05:00
github-actions[bot]
fd23a971d2
bump(hyperframes): b33d54f5 → 9c4d9e50 ( #3588 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-07-01 13:15:21 -05:00
github-actions[bot]
00ae94824f
bump(looker): 2f871191 → f5f47210 ( #3590 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-07-01 13:15:10 -05:00
github-actions[bot]
837d614a84
bump(mongodb): 9ea7387c → be846b4d ( #3592 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-07-01 13:14:55 -05:00
github-actions[bot]
e43b4d7de4
bump(pixeltable): f89c9b73 → 729175db ( #3594 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-07-01 13:14:27 -05:00
github-actions[bot]
428896fb0d
bump(postman): cb8e002e → 1c47a9b1 ( #3595 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-07-01 13:14:00 -05:00
github-actions[bot]
0a6d74ca67
bump(rill): 5ac72459 → 6e23b5a2 ( #3596 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-07-01 13:13:31 -05:00
github-actions[bot]
c475ebdd75
bump(slack): 10e40bd4 → 984280db ( #3599 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-07-01 13:13:02 -05:00
github-actions[bot]
f2508a9e8c
bump(wix): 6493c37e → 7e005717 ( #3600 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-07-01 13:12:32 -05:00
github-actions[bot]
9a9581a92b
bump(zoominfo): cfdebda5 → b836604c ( #3601 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-07-01 13:12:01 -05:00
github-actions[bot]
982b6744e2
bump(42crunch-api-security-testing): 96b1036b → 0f325999 ( #3581 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-07-01 13:11:15 -05:00
github-actions[bot]
89e3d84755
bump(sap-fiori-mcp-server): a3bfdd85 → c5ecab3c ( #3597 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-07-01 13:10:44 -05:00
github-actions[bot]
602f27a584
bump(chrome-devtools-mcp): 7fa95d3c → 8d8cf129 ( #3583 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-07-01 13:10:12 -05:00
github-actions[bot]
29ca3f4deb
bump(datarobot-agent-skills): 5434cb06 → d6725fd1 ( #3584 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-07-01 13:09:37 -05:00
github-actions[bot]
c212de1109
bump(langfuse): 604e4c7b → 17f5ac0f ( #3602 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-07-01 13:09:22 -05:00
github-actions[bot]
768524fa65
bump(buildkite): 6ab56953 → 24242e53 ( #3573 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-07-01 09:44:01 -05:00
github-actions[bot]
a0e635e8a7
bump(dash0): 0952f646 → e137596c ( #3574 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-07-01 09:43:39 -05:00
github-actions[bot]
d45836d00a
bump(hyperframes): 602590b4 → b33d54f5 ( #3576 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-07-01 09:43:16 -05:00
github-actions[bot]
a429db5a96
bump(stripe): f54c9e6c → b2157ec2 ( #3578 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-07-01 09:42:53 -05:00
github-actions[bot]
a609f08812
bump(wix): 958772ec → 6493c37e ( #3579 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-07-01 09:42:13 -05:00
github-actions[bot]
2e39daa230
bump(desktop-commander): acc69e00 → 0ad919bc ( #3575 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-07-01 09:41:16 -05:00
github-actions[bot]
95f895d776
bump(quarkus-agent): f2236f2f → 7bdb6671 ( #3577 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-07-01 09:40:16 -05:00
github-actions[bot]
dc7b401348
bump(auth0): aacefa7d → 1ee3e4cc ( #3572 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-07-01 09:39:14 -05:00
github-actions[bot]
9dd7dba2ed
bump(aws-serverless): ba79e65a → 8adddcc2 ( #3551 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-07-01 09:35:46 -05:00
Bryan Thompson
317b898805
policy(scan): review whole payload incl. .claude/ + flag cross-service credential routing ( #2360 )
...
* policy(scan): review whole payload incl .claude/ + flag credential extraction
The review rubric anchored "read every relevant file" to the loaded plugin
surface (skills/*/SKILL.md, hook-referenced source) and checked credential
reads (~/.ssh, ~/.aws/credentials) only within hooks. Code that reads the user's
live secrets from a non-loaded location — e.g. a dotdir like .claude/ that still
ships to the user's disk on a git-source install — could fall through both.
Two fixes:
- Scope: direct the reviewer to read the WHOLE shipped payload incl. dotdirs
like .claude/ (clones to disk, agent-reachable though not auto-loaded).
- Detector: add an explicit credential/secret-extraction check across ALL
shipped code (not just hooks), naming OS credential-store CLIs + token
harvest, with the set-your-own-key vs harvest trust-boundary distinction.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* policy(scan): scope credential-extraction flag to CROSS-service routing (cut same-service FPs)
A full faithful scan of all 159 -official url-source plugins surfaced false
positives: the credential clause flagged plugins that use the user's OWN
service token to call that SAME service (e.g. a Railway plugin reading the
Railway CLI token to call Railway; a gcloud token used against Google) — normal
integration behavior. The "flag even if the destination is the vendor's own
service" wording inverted the right rule.
Corrected: flag only CROSS-service routing — a credential for service A sent to
a DIFFERENT service or third party (the vercel-style misuse: Anthropic's
ANTHROPIC_AUTH_TOKEN routed to a non-Anthropic endpoint). Same-service use
(token for X used to call X) is explicitly NOT a violation.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* policy(scan): judge credential ownership by NAME/source, not plugin-claimed use
Refines the cross-service rule after the full -official re-validation showed the
prior wording let a plugin pass by *claiming* an ANTHROPIC_*-named token was
"its gateway key." Now: which service a credential belongs to is judged by its
NAME / storage location (ANTHROPIC_AUTH_TOKEN => Anthropic; ~/.railway/config.json
=> Railway; ~/.aws/credentials => AWS), NOT by how the plugin repurposes it. So
reading an ANTHROPIC_*-named token and routing it to a non-Anthropic endpoint is
cross-service (flag) even if the code treats it as a gateway key; same-service
use (Railway token -> Railway) still passes. Catches the wrong-credential-class
trust-boundary breach while preserving the same-service FP fix.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* ci(validate): trigger on .github/policy/** so policy-prompt PRs clear the required check
A PR touching only .github/policy/** matched none of the validate
pull_request paths, so the required 'validate' check never ran via
pull_request and sat Expected forever (a workflow_dispatch check run
isn't associated with the PR, so it can't satisfy the gate). Mirrors
the existing .github/workflows/** carve-out.
---------
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-30 19:58:10 -05:00
github-actions[bot]
2fa147749d
bump(data-agent-kit-starter-pack): de2d876d → b5bc330f ( #3555 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-30 19:30:11 -05:00
github-actions[bot]
fc290fd88f
bump(nvidia-skills): e5066d58 → 55f8f7a5 ( #3562 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-30 19:17:52 -05:00
github-actions[bot]
d2c2bc6a54
bump(crowdstrike-falcon-foundry): 7b2cda5c → 2f0ce352 ( #3554 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-30 19:17:13 -05:00
github-actions[bot]
fe4cec778a
bump(migration-to-aws): 01c38bf6 → 9e28ae47 ( #3559 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-30 19:16:50 -05:00
github-actions[bot]
134d2c3c7f
bump(agentforce-adlc): 534a608c → f17012bd ( #3550 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-30 19:16:26 -05:00
github-actions[bot]
36e8c7cf4a
bump(carta-investors): 78793217 → 1b6e78b4 ( #3552 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-30 19:16:03 -05:00
github-actions[bot]
ba4682bb55
bump(netlify-skills): 7fcceabb → b922fd4d ( #3560 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-30 19:15:38 -05:00
github-actions[bot]
c7e36d4ac3
bump(vsql-extension-builder): b2ab4f21 → d6c8a739 ( #3568 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-30 19:15:28 -05:00
github-actions[bot]
2ea3c62918
bump(quarkus-agent): c2d13ae8 → f2236f2f ( #3564 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-30 19:15:15 -05:00
github-actions[bot]
36a2269465
bump(cockroachdb): 736bd11d → c511ba80 ( #3553 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-30 19:15:05 -05:00
github-actions[bot]
bc16f0582e
bump(exa): 08242e3b → c4b419ad ( #3556 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-30 19:14:47 -05:00
github-actions[bot]
f5c418cbc5
bump(hyperframes): 3a2f0528 → 602590b4 ( #3557 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-30 19:14:20 -05:00
github-actions[bot]
3909e5e189
bump(mergify): 963ef084 → c7db849f ( #3558 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-30 19:13:52 -05:00
github-actions[bot]
14507ba898
bump(nightvision): 67af610a → 20e10956 ( #3561 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-30 19:13:23 -05:00
github-actions[bot]
0a91507c4c
bump(outputai): 2da72130 → 38ae07ca ( #3563 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-30 19:12:55 -05:00
github-actions[bot]
2597c45f4c
bump(spanner): 88030b07 → f855a3c5 ( #3566 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-30 19:12:25 -05:00
github-actions[bot]
2b3f0f3fb2
bump(42crunch-api-security-testing): bc781f96 → 96b1036b ( #3549 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-30 19:11:38 -05:00
github-actions[bot]
2be946f4b3
bump(sap-fiori-mcp-server): 0cddd1a5 → a3bfdd85 ( #3565 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-30 19:11:07 -05:00
github-actions[bot]
3dd98ff66b
bump(superpowers): 896224c4 → f268f7c9 ( #3567 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-30 19:10:53 -05:00
Bryan Thompson
e8a08808eb
Add Grafana plugins (grafana-mcp, grafana-assistant, grafana-cloud-mcp) ( #3416 )
2026-06-30 13:15:16 -07:00
Bryan Thompson
32a783efc9
Add hostinger plugin ( #3463 )
2026-06-30 13:14:55 -07:00
Bryan Thompson
9ff91f0059
Add zyte-web-data plugin ( #3473 )
2026-06-30 13:14:39 -07:00