Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From nlpm
Scans a Claude Code plugin directory for security risks in executable artifacts (hooks, scripts, MCP configs, dependencies) and produces a pass/review/block recommendation.
npx claudepluginhub xiaolai/nlpm --plugin nlpmHow this command is triggered — by the user, by Claude, or both
Slash command
/nlpm:security-scan [path]This command is limited to the following tools:
The summary Claude sees in its command listing — used to decide when to auto-load this command
# Security Scan Scan a plugin or skill repo for security risks before auditing or contributing. ## Step 1: Parse Input If arguments provided: use as target directory path. If no arguments: use the current working directory. Verify the target exists and contains at least one of: - `.claude-plugin/` - `agents/` - `commands/` - `skills/` - `hooks/` - `scripts/` If none found: report "Not a Claude Code plugin directory" and stop. ## Step 2: Dispatch Security Scanner Dispatch the `security-scanner` agent on the target directory. Wait for the agent to complete and collect its report. ## ...
/security-auditAudits plugin configuration files including hooks, settings, agents, and CLAUDE.md for 8 security risks like command injection, secrets, and over-permissions. Produces severity-graded report.
/security-scanRuns AgentShield security scan against agent, hook, MCP, permission, and secret surfaces, producing a prioritized remediation plan with severity counts and fix suggestions.
/security-scanRuns AgentShield security scanning on the current project or a specified path, detecting hardcoded secrets, broad permissions, executable hooks, and unsafe MCP configurations. Produces a prioritized fix plan with severity ratings and optional auto-fix.
/fire-security-audit-repoAudits GitHub repo for security risks using pre-download metadata (stars, forks, age, commits, owner stats), red flag checks, and detailed report before optional install as skill or plugin.
/kasi-securityRuns security audit on project codebase: detects stack (PHP/Node/Python/etc.), loads checklist, scans files for SQLi/XSS/CSRF/auth bypass/etc., outputs prioritized findings with confidence labels.
/security-scanScans codebase for vulnerabilities, hardcoded secrets, OWASP Top 10 compliance, and security best practices violations. Produces report with issues and fix recommendations.
Share bugs, ideas, or general feedback.
Scan a plugin or skill repo for security risks before auditing or contributing.
If arguments provided: use as target directory path. If no arguments: use the current working directory.
Verify the target exists and contains at least one of:
.claude-plugin/agents/commands/skills/hooks/scripts/If none found: report "Not a Claude Code plugin directory" and stop.
Dispatch the security-scanner agent on the target directory.
Wait for the agent to complete and collect its report.
Display the full report in this exact structure: the agent report as the body, followed by the gate banner as the footer. The security-scanner agent emits the body; this command appends only the banner.
{security-scanner agent report — verbatim}
────────────────────────────────────────────────────────────
{GATE BANNER — chosen per recommendation, see below}
────────────────────────────────────────────────────────────
Gate banners:
If the recommendation is BLOCK:
SECURITY GATE: BLOCKED
Critical/High security issues found. Do NOT install or contribute to this plugin without resolving these issues first.
If the recommendation is REVIEW:
SECURITY GATE: REVIEW NEEDED
Medium-severity findings detected. Review the findings before proceeding.
If the recommendation is PASS:
SECURITY GATE: PASSED
No Critical/High security issues found. Safe to proceed with audit and contribution.
Error handling:
security-scanner agent returns no report → "Security scan failed: no report produced. Re-run /nlpm:security-scan {path}."