agent-zero/plugins/_plugin_scan
frdel e138e33ca9 Add file-level DOX docs & update AGENTS indexes
Add comprehensive file-level DOX documentation across the repo and update directory AGENTS.md indexes. Many new `*.py.dox.md` files were added under api, helpers, tools, plugins, extensions, webui, and other dirs to document endpoint purpose, ownership, runtime contracts, work guidance, and verification. Several AGENTS.md files were created or updated (agents profiles, api, docker, extensions, helpers, plugins, skills, webui components, etc.) to list child DOX files and clarify documentation/work guidance. Also add example and bundled profile DOX files (agent0, default, developer, hacker, researcher) and minor updates to helpers/dirty_json.py and its tests. These changes improve on-disk documentation coverage and establish the convention that each direct runtime file should have a matching `*.dox.md` describing its contracts and verification steps.
2026-06-08 12:41:53 +02:00
..
api Remove scan queue and enable parallel plugin scans 2026-03-28 18:52:17 +01:00
extensions/webui/confirm_dialog_after_render update plugin_scan message and styling 2026-03-18 17:08:38 +01:00
helpers add Plugin Validator built-in and harden plugin scanner 2026-03-16 04:05:24 +01:00
webui Refactor: use user locale for time displays 2026-05-21 15:26:00 +02:00
AGENTS.md Add file-level DOX docs & update AGENTS indexes 2026-06-08 12:41:53 +02:00
plugin.yaml refactor - plugin names and builtin plugins 2026-03-10 22:20:53 +01:00
README.md Remove scan queue and enable parallel plugin scans 2026-03-28 18:52:17 +01:00

Plugin Scanner

Run an LLM-guided security review of third-party Agent Zero plugins from a Git repository.

What It Does

This plugin builds a structured scanning prompt from a selectable checklist, runs that prompt in a temporary agent context, and returns a markdown report describing the plugin's security posture.

Main Behavior

  • Prompt-driven scan
    • Loads scan checks and a markdown prompt template from the plugin's webui/ assets.
  • Temporary scan context
    • Creates a temporary chat context, logs the generated prompt into it, starts the agent immediately, and waits for the model result.
  • Parallel-friendly execution
    • Each scan runs in its own chat context; the plugin does not serialize scans behind a "wait for another scan" queue.
  • Selectable checks
    • Supports scanning all checks by default or only the subset selected by the caller.
  • UI integration
    • Includes API endpoints and web UI files for logging the prompt, starting the scan, and running scans synchronously.

Key Files

  • Scan runner
    • api/plugin_scan_run.py performs a synchronous end-to-end scan and returns the report.
  • Prompt builder
    • helpers/prompt.py loads check definitions and renders the final scan prompt.
  • Additional APIs
    • api/plugin_scan_queue.py logs the prompt into the temporary chat.
    • api/plugin_scan_start.py starts the agent in that chat.

Configuration Scope

  • Settings sections: none
  • Per-project config: false
  • Per-agent config: false

Plugin Metadata

  • Name: _plugin_scan
  • Title: Plugin Scanner
  • Description: Security scanner for third-party A0 plugins.