#11032: fix(security): block plugin install/load on critical source scan findings

## Fix Summary Add source code scanning at both plugin install and load time. The existing `skill-scanner.ts` module already detects dangerous patterns (child_process, eval/new Function, crypto mining, obfuscated code, env harvesting) but its findings were warn-only at install time and completely absent at load time. Changes: - **install.ts**: Make `scanDirectoryWithSummary()` blocking on critical findings (was warn-only). Add scanning to `installPluginFromFile()` which previously had zero checks. Add `skipScan` parameter for `--force` flag support. - **loader.ts**: Add pre-load scanning before `jiti(candidate.source)` call. Block loading when critical findings detected. ## Issue Linkage Fixes #11030 ## Security Snapshot | Metric | Value | |--------|-------| | **Score** | 9.6 / 10.0 | | **Severity** | Critical | | **Vector** | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H | ## Implementation Details ### Files Changed - `src/plugins/install.ts` (+52/-3) - `src/plugins/loader.ts` (+32/-0) ### Technical Analysis Add source code scanning at both plugin install and load time. The existing `skill-scanner.ts` module already detects dangerous patterns (child_process, eval/new Function, crypto mining, obfuscated code, env harvesting) but its findings were warn-only at install time and completely absent at load time. ## Validation Evidence - Command: `install.ts` - Status: passed ## Risk and Compatibility non-breaking; compatibility impact was not explicitly documented in the original PR body. ## AI-Assisted Disclosure - AI-assisted: yes - Model: Claude Code <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> - Tightens plugin security by making source scans blocking on *critical* findings during install (archive/dir/npm spec) with a `skipScan` escape hatch. - Adds scanning for single-file plugin installs before copying into the extensions directory. - Adds a pre-load source scan in the plugin loader to prevent `jiti()` execution when critical patterns are detected. - Overall integrates the existing `skill-scanner` logic into both install-time and load-time plugin workflows to reduce arbitrary code execution risk. <h3>Confidence Score: 3/5</h3> - This PR is directionally correct but has a couple of concrete correctness issues that should be fixed before merging. - The install/load blocking behavior appears consistent with the scanner’s severity model, but existing tests now contradict the new blocking semantics, and the loader’s scan-failure catch can crash when a provided logger lacks a warn method. - src/plugins/loader.ts and src/plugins/install.test.ts <!-- greptile_other_comments_section --> **Context used:** - Context from `dashboard` - CLAUDE.md ([source](https://app.greptile.com/review/custom-context?memory=fd949e91-5c3a-4ab5-90a1-cbe184fd6ce8)) - Context from `dashboard` - AGENTS.md ([source](https://app.greptile.com/review/custom-context?memory=0d0c8278-ef8e-4d6c-ab21-f5527e322f13)) <!-- /greptile_comment -->