Cosmos improve

[GrosQuildu]

No description provided.

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}

[dguido]

PR Review: Cosmos Vulnerability Scanner Improvements

Summary

This PR upgrades the cosmos-vulnerability-scanner skill with substantial new content: 8 new vulnerability classes, restructured resource files (splitting patterns into VULNERABILITY_PATTERNS, STATE_VULNERABILITY_PATTERNS, ADVANCED_VULNERABILITY_PATTERNS, plus COSMWASM, EVM, and IBC pattern files), an updated SKILL.md with a parallel scanning workflow, and a version bump from 1.0.1 to 1.1.0.

Validation Results

All checks pass:

• validate_codex_skills.py -- PASS (61 plugin skills, 62 Codex entries)
• validate_plugin_metadata.py -- PASS (all plugin metadata in sync)
• No hardcoded paths found
• YAML frontmatter valid (name: kebab-case, description: third-person with triggers)
• Version match: plugin.json and marketplace.json both at 1.1.0
• All 7 referenced resource files exist (DISCOVERY.md, VULNERABILITY_PATTERNS.md, STATE_VULNERABILITY_PATTERNS.md, ADVANCED_VULNERABILITY_PATTERNS.md, IBC_VULNERABILITY_PATTERNS.md, EVM_VULNERABILITY_PATTERNS.md, COSMWASM_VULNERABILITY_PATTERNS.md)

Merge Conflict Check

No conflicts with main. Branch is up to date.

Quality Assessment

Strengths:

• Excellent progressive disclosure: SKILL.md at 188 lines, detailed patterns split into 7 resource files
• Strong "When to Use" / "When NOT to Use" sections
• Rationalizations to reject embedded in the agent prompt template (lines 103-110)
• Every pattern includes detection code, "What to Check" checklists, mitigations, grep patterns, and references to real incidents
• Version-aware guidance (SDK v0.47 through v0.53.x changes documented)
• CHANGELOG.md provides thorough provenance for every pattern update

Minor observations (non-blocking):

1. The description in frontmatter is long (291 chars). This is fine functionally but some clients may truncate. Not a blocker since the content is all relevant trigger text.
2. COSMWASM_VULNERABILITY_PATTERNS.md section 3 references IBC_VULNERABILITY_PATTERNS.md section 16, creating a two-level reference chain (SKILL.md -> COSMWASM -> IBC). Per CLAUDE.md guidelines, reference chains should be one level deep. However, this is a cross-reference for context rather than a sequential chain, so it's acceptable in practice.
3. The SKILL.md scanning workflow section (Phase 2) references {baseDir} for resource paths, which is correct.

Verdict

No objective issues found. Validations pass. Content quality is high. Ready for merge.