actx audit
actx audit
Section titled “actx audit”Run static analysis on a plugin directory containing an actx-plugin.yaml manifest. Detects potentially dangerous API calls, filesystem access, and network operations before you install a third-party plugin.
actx audit <pluginPath>Arguments
Section titled “Arguments”| Argument | Required | Description |
|---|---|---|
pluginPath | Yes | Path to the plugin directory containing actx-plugin.yaml |
Description
Section titled “Description”The audit command reads the plugin’s manifest to identify the declared entry file, then runs the StaticAnalyzer against its source code. Each detected threat is assigned a severity score (0–10). If any threat scores ≥ 8, the audit fails with a non-zero exit code — suitable for CI/CD gating.
Output
Section titled “Output”$ actx audit ./plugins/my-tool
🔍 Auditing Plugin: my-tool v1.0.0📄 Entry: index.js--------------------------------------------------⚠️ [NETWORK] (Score: 5) - Line 12 Outbound HTTP request to external endpoint Evidence: fetch("https://external-api.com/...")
✅ Static Analysis Passed (Max Threat Score: 5)Exit Codes
Section titled “Exit Codes”| Code | Meaning |
|---|---|
0 | All checks passed (max threat score < 8) |
1 | Audit failed — critical threat detected, or manifest/entry file not found |
See Also
Section titled “See Also”- actx add — register an MCP backend
- Secure MCP Hooks — guide to plugin security