Dieser Inhalt ist noch nicht in Ihrer Sprache verfügbar und wird auf Englisch angezeigt.

Security Guidance

Plugin Warnung Aktiv

Security reminder hook that warns about potential security issues when editing files, including command injection, XSS, and unsafe code patterns

Zweck

To proactively alert developers to potential security vulnerabilities in their code as they edit files, fostering safer coding practices.

Funktionen

Detects command injection, XSS, and unsafe code patterns
Warns users via stderr during file edits
Blocks file edits upon detecting critical security patterns
Manages per-session warning states locally
Includes GitHub Actions workflow security checks

Anwendungsfälle

Use when editing sensitive files like GitHub Actions workflows or code that executes external commands.
Incorporate into development workflows to catch common security mistakes before they are committed.
Leverage for code reviews to ensure adherence to security best practices.

Nicht-Ziele

Does not replace static analysis security scanners (SAST).
Does not actively sanitize code or automatically fix vulnerabilities.
Does not perform runtime security analysis.

Documentation

info:Configuration & parameter referenceThe plugin mentions an `ENABLE_SECURITY_REMINDER` environment variable but does not explicitly document its default value or precedence order.
warning:Feature TransparencyThe `plugin.json` declares a `PreToolUse` hook, but the README does not mention or describe this hook or the security guidance it provides.

License

critical:License usabilityThe plugin's LICENSE.md states 'All rights reserved. Use is subject to Anthropic's Commercial Terms of Service', indicating a proprietary license that restricts redistribution and use, not a permissive OSS license.

Trust

info:Issues AttentionThe repository has 9462 open issues and 22831 closed issues in the last 90 days, indicating high activity but potentially slow response times for new issues.

Code Execution

warning:ValidationThe script parses JSON input and checks for file paths and substrings but lacks explicit schema validation for all inputs and does not sanitize outputs beyond printing to stderr.
info:LoggingThe plugin logs debug messages to a local file `/tmp/security-warnings-log.txt` and also writes warnings to stderr. It includes a periodic cleanup of old state files.

Install

info:Installation instructionThe main README provides installation instructions for Claude Code but does not detail how to install or enable this specific plugin, nor does it mention authentication requirements for this plugin.

Errors

warning:Actionable error messagesErrors from JSON parsing or file operations are handled, but the `ENABLE_SECURITY_REMINDER` environment variable is not documented with a clear remediation step if it's causing unexpected behavior.

Invocation

info:Hooks-off mechanismThe plugin provides an `ENABLE_SECURITY_REMINDER` environment variable to disable warnings, but this is not explicitly documented as a hooks-off mechanism in the README.

Installation

Zuerst Marketplace hinzufügen

/plugin marketplace add anthropics/claude-code

/plugin install security-guidance@claude-code-plugins

Qualitätspunktzahl

Warnung

75 /100

Analysiert 2 days ago

Vertrauenssignale

Letzter Commit3 days ago

GitHub-Inhaber anthropics

Sterne123.1k

Websitecode.claude.com

Status

Quellcode ansehen

Security Guidance

Funktionen

Anwendungsfälle

Nicht-Ziele

Documentation

License

Trust

Code Execution

Install

Errors

Invocation

Qualitätspunktzahl

Vertrauenssignale

Ähnliche Erweiterungen

Karpathy Coder

Autoresearch Agent

Cc Safe Setup

Claude Code Hooks

Tdd

Claude Recap