We can only identify user fronting plugins that make themselves known through signatures or js/image/css imports. We do this in an automated fashion by exploiting the predictable folder structure of WordPress. So no maintenance needed here.
There are some very popular plugins (Yoast SEO, Jetpack, W3 Total Cache) that don't import additional files. For these we have hardcoded patterns (under a 100). We do not have anything in place for checking if these patterns break.
We could automate creating a WordPress installation, installing the plugin we want to check, trigger a wp detective scan and then checking the results. But I am note sure it is worth the engineering effort.
There are some very popular plugins (Yoast SEO, Jetpack, W3 Total Cache) that don't import additional files. For these we have hardcoded patterns (under a 100). We do not have anything in place for checking if these patterns break.
We could automate creating a WordPress installation, installing the plugin we want to check, trigger a wp detective scan and then checking the results. But I am note sure it is worth the engineering effort.