Skip to content

Align plugin-review criteria with local-exec risk tag #143

Description

@Osraka

I noticed a small spec/reviewer drift while checking the Base MCP plugin review flow.

skills/base-mcp/references/plugin-spec.md defines local-exec as a valid risk tag for plugins that run third-party code locally, especially local MCP servers or CLI packages. The same spec also says local MCPs should carry risk: [local-exec] and explain the local execution boundary.

However, .claude/skills/plugin-review/references/evaluation-criteria.md still lists valid risk tags as {liquidation, slippage, low-liquidity, pii, irreversible} and omits local-exec.

This can make the review skill either flag a correct local-exec tag as invalid or miss a local-execution safety check during plugin review.

Suggested small fix:

  • Add local-exec to the risk enum in evaluation-criteria.md.
  • Add a short Security checklist item for local MCP / cliPackage paths: pinned versions, env var names only, no secret values, shell-less surfaces stop clearly, and ## Risks & Warnings explains local third-party code execution.

Happy to open a narrow docs-only PR if that direction is useful.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions