Slash Command

/secure

Security audit using STRIDE threat modeling, OWASP Top 10 checklist, and 4 red-team adversarial personas. Every finding includes code evidence, severity rating, and concrete remediation.

From godmode

Install

Run in your terminal

npx claudepluginhub arbazkhan971/godmode

Details

Namespacegodmode/

Command Content

Other plugins with /secure

/secure

Generates Secure by Design assessment report for UK Government civilian projects, evaluating NCSC CAF controls from requirements, principles, risks, and DPIA.

arckit

157

/secure

Security & Compliance Guide

Read

custom-plugin-api-design

/secure

Security audit and hardening guide - reviews configuration and applies best practices

BashReadGlob+1

openclaw-assist

/secure

Run a security audit and harden a Flutter app

flutter-security-hardening

Stats

Stars7

Forks3

Last CommitMar 19, 2026

Actions

View Source View Plugin View on GitHub View README

Usage

/godmode:secure # Full security audit /godmode:secure --quick # OWASP Top 10 only /godmode:secure --stride # STRIDE analysis only /godmode:secure --owasp # OWASP checklist only /godmode:secure --red-team # Red team simulation only /godmode:secure --deps # Dependency vulnerability scan only /godmode:secure --fix # Auto-fix findings after audit

What It Does

Defines audit scope (auth, input handling, data storage, external APIs, secrets)

Runs STRIDE analysis (Spoofing, Tampering, Repudiation, Information Disclosure, DoS, Elevation)

Checks OWASP Top 10 (2021) — each item with PASS/FAIL/N/A

Simulates 4 red-team personas:

Script Kiddie — automated tools and known exploits
Insider Threat — authenticated privilege escalation
Sophisticated Attacker — business logic and chained vulnerabilities
Data Harvester — data exfiltration and privacy violations

Produces findings with severity (CRITICAL/HIGH/MEDIUM/LOW/INFO) and code evidence

Generates remediation code for each finding

/godmode:secure # Full audit of current code /godmode:secure --deps # Just check dependencies /godmode:secure --quick # Quick OWASP scan /godmode:secure --fix # Audit then auto-fix

/godmode:secure

Security audit using STRIDE threat modeling, OWASP Top 10 checklist, and 4 red-team adversarial personas. Every finding includes code evidence, severity rating, and concrete remediation.

Usage

/godmode:secure                         # Full security audit
/godmode:secure --quick                 # OWASP Top 10 only
/godmode:secure --stride                # STRIDE analysis only
/godmode:secure --owasp                 # OWASP checklist only
/godmode:secure --red-team              # Red team simulation only
/godmode:secure --deps                  # Dependency vulnerability scan only
/godmode:secure --fix                   # Auto-fix findings after audit

What It Does

Defines audit scope (auth, input handling, data storage, external APIs, secrets)
Runs STRIDE analysis (Spoofing, Tampering, Repudiation, Information Disclosure, DoS, Elevation)
Checks OWASP Top 10 (2021) — each item with PASS/FAIL/N/A
Simulates 4 red-team personas:
- Script Kiddie — automated tools and known exploits
- Insider Threat — authenticated privilege escalation
- Sophisticated Attacker — business logic and chained vulnerabilities
- Data Harvester — data exfiltration and privacy violations
Produces findings with severity (CRITICAL/HIGH/MEDIUM/LOW/INFO) and code evidence
Generates remediation code for each finding

Output

Security report at docs/security/<feature>-security-audit.md
Commit: "secure: <feature> — <verdict> (<N> findings)"
Verdict: PASS / CONDITIONAL PASS / FAIL

Next Step

If FAIL: /godmode:fix to remediate, then re-audit. If PASS: /godmode:ship to deploy.

Examples

/godmode:secure                         # Full audit of current code
/godmode:secure --deps                  # Just check dependencies
/godmode:secure --quick                 # Quick OWASP scan
/godmode:secure --fix                   # Audit then auto-fix