mirror of
https://github.com/anthropics/claude-plugins-official.git
synced 2026-05-11 14:05:52 -03:00
a3e148345f
Adds .github/policy/prompt.md and schema.json (the full security review rubric — malicious code, privacy, deception, safety circumvention, exfiltration; plus network-call and software-install flags) and points scan-plugins at it via the policy-prompt input. With ANTHROPIC_API_KEY now configured on the repo, scan-plugins runs the actual policy review on changed external entries instead of no-op'ing.
25 lines
609 B
YAML
25 lines
609 B
YAML
name: Scan Plugins
|
|
|
|
on:
|
|
pull_request:
|
|
paths:
|
|
- '.claude-plugin/marketplace.json'
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
scan:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
# Non-blocking by default. To enforce, set fail-on-findings: "true".
|
|
- uses: anthropics/claude-plugins-community/.github/actions/scan-plugins@f846a0bcb0e721b1f93d60e8b73e91dafc4a1e87
|
|
with:
|
|
anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
|
|
policy-prompt: .github/policy/prompt.md
|
|
claude-cli-version: latest
|