vrr/agent-zero
2
0
Fork 0
mirror of https://github.com/agent0ai/agent-zero.git synced 2026-05-25 06:27:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
agent-zero/plugins/_plugin_scan
History
Alessandro 30315f5227 Reduce plugin scanner false positives 
Calibrate scanner prompts around demonstrated risk instead of the mere presence of common plugin capabilities. Treat scoped credentials, network calls, filesystem access, subprocesses, prompts, and generated assets as expected behavior when they match the declared plugin purpose, while keeping warnings and failures for ambiguity, unsafe handling, concealment, exploitability, or purpose mismatch.

Add regression coverage for the rendered scanner prompt so this calibration is preserved.
2026-05-21 04:02:43 +02:00
..
api Remove scan queue and enable parallel plugin scans 2026-03-28 18:52:17 +01:00
extensions/webui/confirm_dialog_after_render update plugin_scan message and styling 2026-03-18 17:08:38 +01:00
helpers add Plugin Validator built-in and harden plugin scanner 2026-03-16 04:05:24 +01:00
webui Reduce plugin scanner false positives 2026-05-21 04:02:43 +02:00
plugin.yaml refactor - plugin names and builtin plugins 2026-03-10 22:20:53 +01:00
README.md Remove scan queue and enable parallel plugin scans 2026-03-28 18:52:17 +01:00

README.md

Plugin Scanner

Run an LLM-guided security review of third-party Agent Zero plugins from a Git repository.

What It Does

This plugin builds a structured scanning prompt from a selectable checklist, runs that prompt in a temporary agent context, and returns a markdown report describing the plugin's security posture.

Main Behavior

  • Prompt-driven scan
    • Loads scan checks and a markdown prompt template from the plugin's webui/ assets.
  • Temporary scan context
    • Creates a temporary chat context, logs the generated prompt into it, starts the agent immediately, and waits for the model result.
  • Parallel-friendly execution
    • Each scan runs in its own chat context; the plugin does not serialize scans behind a "wait for another scan" queue.
  • Selectable checks
    • Supports scanning all checks by default or only the subset selected by the caller.
  • UI integration
    • Includes API endpoints and web UI files for logging the prompt, starting the scan, and running scans synchronously.

Key Files

  • Scan runner
    • api/plugin_scan_run.py performs a synchronous end-to-end scan and returns the report.
  • Prompt builder
    • helpers/prompt.py loads check definitions and renders the final scan prompt.
  • Additional APIs
    • api/plugin_scan_queue.py logs the prompt into the temporary chat.
    • api/plugin_scan_start.py starts the agent in that chat.

Configuration Scope

  • Settings sections: none
  • Per-project config: false
  • Per-agent config: false

Plugin Metadata

  • Name: _plugin_scan
  • Title: Plugin Scanner
  • Description: Security scanner for third-party A0 plugins.