← Back to plugins

security-watchdog

Hook by Entelligentsia · 1 stars

> Automatic security scanner for Claude Code plugins — detects new or updated extensions at session start and scans them for prompt injection, malicious hook scripts, and data exfiltration. ## The Problem LLM extension ecosystems are a novel attack surface. Traditional security tooling does not cover two threats unique to AI extensions: - **Host attacks** — hook scripts run shell commands automatically on session start, with full user privileges - **Mind attacks** — skill and command files are injected directly into the model's reasoning context, enabling prompt injection No existing security scanner understands these threat classes. Security Watchdog is purpose-built for them. ## How It Works ``` You run: /plugin install someone/new-plugin ↓ Next session starts (SessionStart hook fires) ↓ check-new-plugins.sh diffs installed_plugins.json against a snapshot from the previous session ↓ New/updated plugin detected ↓ Injects into session context: "SECURITY WATCHDOG ALERT: forge@forge was installed. Run /scan-plugin forge@forge before proceeding." ↓ Claude runs /scan-plugin, reads all plugin files, applies security checks, and reports findings ``` The snapshot is updated on detection — each change event fires the alert exactly once.

/plugin install security-watchdog@claude-community