{"name":"daothinh-workersio","owner":{"name":"ClaudePluginHub"},"plugins":[{"name":"daothinh-save-plugins-save","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/save"},"description":"Convert sessions into reusable agents","version":"0.4.0","strict":true,"keywords":[],"category":"utilities"},{"name":"daothinh-kani-proof-plugins-kani-proof","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/kani-proof"},"description":"Write Kani bounded model checker proofs for Solana and Rust programs","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"daothinh-solana-audit-plugins-solana-audit","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/solana-audit"},"description":"Structured Solana smart contract security audits","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"daothinh-evm-protocol-audit-plugins-evm-protocol-audit","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/evm-protocol-audit"},"description":"Structured EVM protocol and DeFi security audits","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"daothinh-axiom-plugins-axiom","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/axiom"},"description":"Verify, check, transform, and repair Lean 4 proofs using the Axiom (Axle) API and CLI","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"daothinh-skill-benchmark-plugins-skill-benchmark","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/skill-benchmark"},"description":"Benchmark any agent skill to measure whether it actually improves performance","version":"1.0.0","strict":true,"keywords":[],"category":"utilities"},{"name":"daothinh-workers-app-tester-plugins-workers-app-tester","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/workers-app-tester"},"description":"Pentest Android apps on a rooted device with ADB, mitmproxy, Frida, and UI Automator","version":"3.0.0","strict":true,"keywords":[],"category":"development"},{"name":"daothinh-fuzzer-plugins-fuzzer","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/fuzzer"},"description":"Coverage-guided fuzzing workflow for C/C++, Rust, and Go with deep audit context building","version":"0.1.0","strict":true,"keywords":[],"category":"productivity"},{"name":"daothinh-kage-plugins-kage","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/kage"},"description":"Local pentest sandbox for black-box, greybox, and white-box security audits inside a per-engagement Kali Docker container","version":"0.1.0","strict":true,"keywords":[],"category":"testing"},{"name":"daothinh-caido-plugins-caido","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/caido"},"description":"Use the official Caido SDK from Codex to search HTTP history, replay and edit authenticated requests, manage scope and findings, and export local bug-bounty evidence.","version":"0.2.0","strict":true,"keywords":[],"category":"deployment"},{"name":"daothinh-agentic-actions-auditor-plugins-agentic-actions-auditor","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/agentic-actions-auditor"},"description":"Audits GitHub Actions workflows for security vulnerabilities in AI agent integrations. Detects misconfigurations and attack vectors specific to Codex Action, Gemini CLI, OpenAI Codex, and GitHub AI Inference when used in CI/CD pipelines.","version":"0.1.0","strict":true,"keywords":[],"category":"productivity"},{"name":"daothinh-ask-questions-if-underspecified-plugins-ask-questions-if-underspecified","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/ask-questions-if-underspecified"},"description":"Ask the minimum set of clarifying questions needed to avoid wrong work.","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"daothinh-audit-context-building-plugins-audit-context-building","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/audit-context-building"},"description":"Build deep architectural context through ultra-granular code analysis before vulnerability hunting.","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"daothinh-building-secure-contracts-plugins-building-secure-contracts","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/building-secure-contracts"},"description":"Comprehensive smart contract security toolkit based on Trail of Bits' Building Secure Contracts framework.","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"daothinh-burpsuite-project-parser-plugins-burpsuite-project-parser","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/burpsuite-project-parser"},"description":"Search and extract data from Burp Suite project files (.burp) for use in Codex","version":"0.1.0","strict":true,"keywords":[],"category":"data"},{"name":"daothinh-constant-time-analysis-plugins-constant-time-analysis","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/constant-time-analysis"},"description":"A portable tool for detecting timing side-channel vulnerabilities in compiled cryptographic code. Analyzes assembly output from multiple compilers and architectures to detect instructions that could leak secret data through execution timing.","version":"0.1.0","strict":true,"keywords":[],"category":"data"},{"name":"daothinh-culture-index-plugins-culture-index","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/culture-index"},"description":"Interprets Culture Index survey results for individuals and teams.","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"daothinh-debug-buttercup-plugins-debug-buttercup","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/debug-buttercup"},"description":"Debug the Buttercup CRS (Cyber Reasoning System) running on Kubernetes.","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"daothinh-devcontainer-setup-plugins-devcontainer-setup","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/devcontainer-setup"},"description":"Create pre-configured devcontainers with Codex and language-specific tooling.","version":"0.1.0","strict":true,"keywords":[],"category":"development"},{"name":"daothinh-differential-review-plugins-differential-review","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/differential-review"},"description":"Security-focused differential review of code changes with git history analysis and blast radius estimation.","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"daothinh-dimensional-analysis-plugins-dimensional-analysis","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/dimensional-analysis"},"description":"Add dimensional annotations to codebases and detect dimensional bugs. Uses an annotation format inspired by Reserve Protocol's Solidity conventions, but applicable to any language or protocol performing numeric arithmetic with mixed units, precisions, or scaling factors.","version":"0.1.0","strict":true,"keywords":[],"category":"deployment"},{"name":"daothinh-dwarf-expert-plugins-dwarf-expert","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/dwarf-expert"},"description":"Interact with and analyze DWARF debug files, understand the DWARF debug format/standard, and write code that parses DWARF data.","version":"0.1.0","strict":true,"keywords":[],"category":"data"},{"name":"daothinh-entry-point-analyzer-plugins-entry-point-analyzer","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/entry-point-analyzer"},"description":"A Codex skill for systematically identifying **state-changing** entry points in smart contract codebases to guide security audits.","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"daothinh-firebase-apk-scanner-plugins-firebase-apk-scanner","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/firebase-apk-scanner"},"description":"Scan Android APKs for Firebase security misconfigurations including open databases, exposed storage buckets, and authentication bypasses.","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"daothinh-fp-check-plugins-fp-check","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/fp-check"},"description":"enforces systematic false positive verification when verifying suspected security bugs.","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"daothinh-gh-cli-plugins-gh-cli","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/gh-cli"},"description":"intercepts GitHub URL fetches and redirects Claude to use the authenticated gh CLI instead.","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"daothinh-git-cleanup-plugins-git-cleanup","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/git-cleanup"},"description":"A Codex skill for safely cleaning up accumulated git worktrees and local branches.","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"daothinh-insecure-defaults-plugins-insecure-defaults","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/insecure-defaults"},"description":"Security skill for detecting insecure default configurations that create vulnerabilities when applications run with missing or incomplete configuration.","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"daothinh-let-fate-decide-plugins-let-fate-decide","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/let-fate-decide"},"description":"A Codex skill that draws Tarot cards using secrets to inject entropy into vague or underspecified planning decisions.","version":"0.1.0","strict":true,"keywords":[],"category":"deployment"},{"name":"daothinh-modern-python-plugins-modern-python","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/modern-python"},"description":"Modern Python tooling and best practices using uv, ruff, ty, and pytest. Based on patterns from trailofbits/cookiecutter-python.","version":"0.1.0","strict":true,"keywords":[],"category":"testing"},{"name":"daothinh-mutation-testing-plugins-mutation-testing","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/mutation-testing"},"description":"Helps configure mewt or muton mutation testing campaigns — scoping targets, tuning timeouts, and optimizing long-running runs so you can execute mewt run or muton run with confidence.","version":"0.1.0","strict":true,"keywords":[],"category":"testing"},{"name":"daothinh-property-based-testing-plugins-property-based-testing","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/property-based-testing"},"description":"Property-based testing guidance for multiple languages and smart contracts.","version":"0.1.0","strict":true,"keywords":[],"category":"testing"},{"name":"daothinh-seatbelt-sandboxer-plugins-seatbelt-sandboxer","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/seatbelt-sandboxer"},"description":"Generate a MacOS Seatbelt configuration that sandboxes the target with the minimum set of permissions necessary for it to operate normally.","version":"0.1.0","strict":true,"keywords":[],"category":"data"},{"name":"daothinh-second-opinion-plugins-second-opinion","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/second-opinion"},"description":"Run code reviews using external LLM CLIs (OpenAI Codex, Google Gemini) on uncommitted changes, branch diffs, or specific commits.","version":"0.1.0","strict":true,"keywords":[],"category":"deployment"},{"name":"daothinh-semgrep-rule-creator-plugins-semgrep-rule-creator","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/semgrep-rule-creator"},"description":"Create production-quality Semgrep rules for detecting bug patterns and security vulnerabilities.","version":"0.1.0","strict":true,"keywords":[],"category":"testing"},{"name":"daothinh-semgrep-rule-variant-creator-plugins-semgrep-rule-variant-creator","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/semgrep-rule-variant-creator"},"description":"A Codex skill for porting existing Semgrep rules to new target languages with proper applicability analysis and test-driven validation.","version":"0.1.0","strict":true,"keywords":[],"category":"testing"},{"name":"daothinh-sharp-edges-plugins-sharp-edges","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/sharp-edges"},"description":"Identifies error-prone APIs, dangerous configurations, and footgun designs that enable security mistakes through developer confusion, laziness, or malice.","version":"0.1.0","strict":true,"keywords":[],"category":"development"},{"name":"daothinh-skill-improver-plugins-skill-improver","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/skill-improver"},"description":"Iteratively reviews and fixes Codex skill quality issues until they meet standards. Runs automated fix-review cycles using the skill-reviewer agent from the plugin-dev plugin.","version":"0.1.0","strict":true,"keywords":[],"category":"development"},{"name":"daothinh-spec-to-code-compliance-plugins-spec-to-code-compliance","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/spec-to-code-compliance"},"description":"Specification-to-code compliance checker for blockchain audits with evidence-based alignment analysis.","version":"0.1.0","strict":true,"keywords":[],"category":"deployment"},{"name":"daothinh-static-analysis-plugins-static-analysis","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/static-analysis"},"description":"A comprehensive static analysis toolkit with CodeQL, Semgrep, and SARIF parsing for security vulnerability detection.","version":"0.1.0","strict":true,"keywords":[],"category":"security"},{"name":"daothinh-supply-chain-risk-auditor-plugins-supply-chain-risk-auditor","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/supply-chain-risk-auditor"},"description":"Generate a report on the supply-chain threat landscape of a project's direct dependencies, considering factors like popularity, number of maintainers, CVE history, and frequency of maintenance. Flag dependencies that have high-risk factors and suggest alternatives if any are available.","version":"0.1.0","strict":true,"keywords":[],"category":"deployment"},{"name":"daothinh-testing-handbook-skills-plugins-testing-handbook-skills","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/testing-handbook-skills"},"description":"Meta-skill that generates Codex skills from the Trail of Bits Application Security Testing Handbook.","version":"0.1.0","strict":true,"keywords":[],"category":"testing"},{"name":"daothinh-trailmark-plugins-trailmark","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/trailmark"},"description":"**Source code graph analysis for security auditing.** Parses code into queryable graphs of functions, classes, and calls, then uses that structure for diagram generation, mutation testing triage, protocol verification, and differential review.","version":"0.1.0","strict":true,"keywords":[],"category":"testing"},{"name":"daothinh-variant-analysis-plugins-variant-analysis","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/variant-analysis"},"description":"Find similar vulnerabilities and bugs across codebases using pattern-based analysis.","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"daothinh-workflow-skill-design-plugins-workflow-skill-design","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/workflow-skill-design"},"description":"teaches design patterns for building workflow-based skills and provides a review agent for auditing existing skills.","version":"0.1.0","strict":true,"keywords":[],"category":"productivity"},{"name":"daothinh-yara-authoring-plugins-yara-authoring","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/yara-authoring"},"description":"A behavior-driven skill for authoring high-quality YARA-X detection rules, teaching you to think and act like an expert YARA author.","version":"0.1.0","strict":true,"keywords":[],"category":"testing"},{"name":"daothinh-zeroize-audit-plugins-zeroize-audit","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/zeroize-audit"},"description":"Audits C/C++/Rust code for missing zeroization and compiler-removed wipes. Pipeline: source scan → MCP/LSP semantic context → IR diff → assembly/MIR checks.","version":"0.1.0","strict":true,"keywords":[],"category":"utilities"},{"name":"daothinh-bounty-hunting-programs-plugins-bounty-hunting-programs","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/bounty-hunting-programs"},"description":"Standardized bounty hunting workflows for web, Android, smart contract, and native targets using Codex-ready security skills from this repo.","version":"0.1.0","strict":true,"keywords":[],"category":"productivity"},{"name":"daothinh-bounty-target-bootstrap-plugins-bounty-target-bootstrap","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/bounty-target-bootstrap"},"description":"Bootstrap web, whitebox, Android, smart-contract, or native bounty targets from a program URL with rendered scope capture, source pull, lane fingerprinting, and environment readiness handoff.","version":"0.3.0","strict":true,"keywords":[],"category":"utilities"},{"name":"daothinh-bug-bounty-report-submitter-plugins-bug-bounty-report-submitter","source":{"source":"git-subdir","url":"https://github.com/daothinh/spec-cdex","path":"plugins/bug-bounty-report-submitter"},"description":"Inspect live bug bounty forms or webmail with Playwright MCP, then draft and deliver self-contained, target-specific evidence-backed reports with runnable PoCs, decisive output, mandatory asciinema replay links, and secret-gist proof packs when field limits would hide replay details.","version":"0.5.0","strict":true,"keywords":[],"category":"deployment"}]}