mirror of
https://github.com/anthropics/claude-plugins-official.git
synced 2026-05-11 14:05:52 -03:00
a3e148345f
Adds .github/policy/prompt.md and schema.json (the full security review rubric — malicious code, privacy, deception, safety circumvention, exfiltration; plus network-call and software-install flags) and points scan-plugins at it via the policy-prompt input. With ANTHROPIC_API_KEY now configured on the repo, scan-plugins runs the actual policy review on changed external entries instead of no-op'ing.
33 lines
1.2 KiB
JSON
33 lines
1.2 KiB
JSON
{
|
|
"type": "object",
|
|
"properties": {
|
|
"passes": {
|
|
"type": "boolean",
|
|
"description": "true if the plugin is safe and policy-compliant, false if there are violations"
|
|
},
|
|
"summary": {
|
|
"type": "string",
|
|
"description": "Brief summary of what the plugin does and whether it's safe"
|
|
},
|
|
"violations": {
|
|
"type": "string",
|
|
"description": "Description of any policy violations found, or empty string if none"
|
|
},
|
|
"may_make_external_network_calls": {
|
|
"type": "boolean",
|
|
"description": "true if the plugin makes or prompts the model to make external network calls (e.g. via MCP remote servers, curl, wget, fetch, HTTP requests, or instructs the model to make network requests)"
|
|
},
|
|
"may_download_additional_software": {
|
|
"type": "boolean",
|
|
"description": "true if the plugin may result in downloading or installing additional software (e.g. npm install, pip install, apt-get, brew install, cargo install, or instructs the model to install packages)"
|
|
}
|
|
},
|
|
"required": [
|
|
"passes",
|
|
"summary",
|
|
"violations",
|
|
"may_make_external_network_calls",
|
|
"may_download_additional_software"
|
|
]
|
|
}
|