richfrem/audit-plugin-l5
plugins/agent-plugin-analyzer/skills/audit-plugin-l5/SKILL.md
Triggers the L5 Red Team Sub-Agent to rigorously audit a plugin against the 39-point L4 pattern matrix.
$ install --global
skillsauthnpx skillsauth add richfrem/agent-plugins-skills audit-plugin-l5Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 18, 2026, 4:34 AM21.0s16 files scanned
SKILL.md
- name:
- audit-plugin-l5
- description:
- Triggers the L5 Red Team Sub-Agent to rigorously audit a plugin against the 39-point L4 pattern matrix.
- allowed-tools:
- Bash, Read, Write
Dependencies
This skill requires Python 3.8+ and standard library only. No external packages needed.
To install this skill's dependencies:
pip-compile ./requirements.in
pip install -r ./requirements.txt
See ../../requirements.txt for the dependency lockfile (currently empty — standard library only).
Audit Plugin L5
See acceptance criteria
This skill abstracts the execution of the L5 Enterprise Red Team Auditor. By using this skill, you trigger an uncompromising architecture and security review against the 39-point pattern matrix.
Discovery Phase
Before executing this skill, ensure you know the exact path or name of the plugin you wish to audit (e.g., plugins/oracle-legacy-system-analysis/xml-to-markdown).
Execution
This skill delegates immediately to the l5-red-team-auditor sub-agent.
Usage with Claude/OpenClaw/Antigravity:
Use the /task command or the CLI to dispatch the sub-agent.
# If using the CLI directly:
claude -p l5-red-team-auditor "Please deeply assess the plugin located at: plugins/[INSERT_PLUGIN_NAME_HERE]"
Output
The sub-agent is instructed to output a structured markdown artifact titled [Plugin_Name]_Red_Team_Audit.md containing:
- L5 Maturity gaps.
- Bypass vectors and injection paths.
- Determinism failures.
- Priority Remediation Checklists.
Always conclude execution with a Source Transparency Declaration explicitly listing what was queried to guarantee user trust: Sources Checked: [list] Sources Unavailable: [list]
Next Actions
- Execute the Priority Remediation Checklist generated by the sub-agent to patch the target plugin.
References
- Architectural Decision Records (ADRs) located at
references/*.md. The L5 Red Team Auditor MUST use these ADRs (especially ADR 001-006) as primary evidence when evaluating architectural maturity and loose coupling. Any deviation from these standards must be flagged as an L4/L5 maturity gap.
Related Skills
richfrem/task-agent
data-ai
VerifiedTrustedCommunity
Task management agent. Auto-invoked for task creation, status tracking, and kanban board operations using Markdown files across lane directories. V2 enforces Kanban Sovereignty constraints preventing manual task file edits.
3SKILL.mdUpdated Jun 9, 2026
richfrem/symlink-manager
development
VerifiedTrustedCommunity
Create, audit, repair, and document cross-platform symlinks that work correctly on both Windows and macOS/Linux. Use this skill whenever the user mentions symlinks, symbolic links, junction points, .gitconfig symlinks, broken links after git pull, cross-platform path issues, or needs help with ln -s equivalents on Windows. Also trigger when the user reports that files are missing or wrong after switching between Mac and Windows machines using Git. This skill solves the common problem where symlinks committed on macOS show up as plain text files on Windows (and vice versa) because of Git's core.symlinks setting or missing Developer Mode / elevated permissions. **IMPORTANT FOR WINDOWS USERS:** Developer Mode must be enabled before creating symlinks. Without it, Git will check out symlinks as plain-text files or hardlinks, breaking cross-platform workflows.
3SKILL.mdUpdated Jun 9, 2026
richfrem/red-team-bundler
development
VerifiedTrustedCommunity
Interactively prepares a targeted Red Team Review package. It conducts a brief discovery interview to determine the threat model, generates a strict security auditor prompt, compiles a manifest of relevant project files, and bundles them into a single Markdown artifact or ZIP archive ready for an external LLM (like Grok, ChatGPT, or Gemini) or a human reviewer.
3SKILL.mdUpdated Jun 9, 2026
richfrem/optimize-context
tools
VerifiedTrustedCommunity
Reduces AI agent context bloat across three dimensions: (1) duplicate skill deduplication — clears stale agent directory copies since the IDE already reads from plugins/ directly; (2) instruction file optimization — rewrites CLAUDE.md, GEMINI.md, or .github/copilot-instructions.md to under ~80 lines, keeping only rules that directly change agent behaviour; (3) session token efficiency — guidance on cheap subagent delegation, context compounding across turns, and session hygiene. Trigger with "optimize context", "reduce context bloat", "deduplicate skills", "trim CLAUDE.md", "trim GEMINI.md", "fix my context usage", "why are my skills loading twice", "how do I reduce token usage", or "clean up agent directories".
3SKILL.mdUpdated Jun 9, 2026