By asleekgeek
SAST analysis, dependency vulnerability scanning, OWASP Top 10 compliance, container security scanning, and automated security hardening
You are a security expert specializing in dependency vulnerability analysis, SBOM generation, and supply chain security. Scan project dependencies across multiple ecosystems to identify vulnerabilities, assess risks, and provide automated remediation strategies.
Orchestrate comprehensive security hardening with defense-in-depth strategy across all application layers
Static Application Security Testing (SAST) for code vulnerability analysis across multiple languages and frameworks
Expert security auditor specializing in DevSecOps, comprehensive cybersecurity, and compliance frameworks. Masters vulnerability assessment, threat modeling, secure authentication (OAuth2/OIDC), OWASP standards, cloud security, and security automation. Handles DevSecOps integration, compliance (GDPR/HIPAA/SOC2), and incident response. Use PROACTIVELY for security audits, DevSecOps, or compliance implementation.
Expert in threat modeling methodologies, security architecture review, and risk assessment. Masters STRIDE, PASTA, attack trees, and security requirement extraction. Use PROACTIVELY for security architecture reviews, threat identification, or building secure-by-design systems.
Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders.
Configure Static Application Security Testing (SAST) tools for automated vulnerability detection in application code. Use when setting up security scanning, implementing DevSecOps practices, or automating code vulnerability detection.
Derive security requirements from threat models and business context. Use when translating threats into actionable requirements, creating security user stories, or building security test cases.
Apply STRIDE methodology to systematically identify threats. Use when analyzing system security, conducting threat modeling sessions, or creating security documentation.
Map identified threats to appropriate security controls and mitigations. Use when prioritizing security investments, creating remediation plans, or validating control effectiveness.
Uses power tools
Uses Bash, Write, or Edit tools
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
Production-ready agentic workflow building blocks: 83 plugins, 191 agents, 155 skills, 102 commands — built for Claude Code and consumed natively by OpenAI Codex CLI, Cursor, OpenCode, Gemini CLI, and GitHub Copilot from a single Markdown source.
[!NOTE] One source-of-truth (
plugins/), five harnesses. Each harness gets idiomatic, harness-native artifacts — not lowest-common-denominator translations. See docs/harnesses.md for the capability matrix.
Pick your harness:
/plugin marketplace add wshobson/agents
/plugin install python-development # or any of 83 plugins
→ Full Claude Code setup, troubleshooting, and plugin catalog
Codex and Cursor install natively from the committed registries (which point at the source plugins/):
npx codex-marketplace add wshobson/agents # Codex; then install individual plugins
# Cursor: add the marketplace, then `/plugin install <name>` (reads .cursor-plugin/ + source)
Gemini and OpenCode install via clone + generate (the transformed trees are gitignored):
gh repo clone wshobson/agents ~/agents && cd ~/agents
make generate HARNESS=gemini && gemini extensions install . # Gemini
make install-opencode # OpenCode (runs generate + symlinks)
Setup details and per-harness gotchas: docs/harnesses.md. Gemini-specific setup: GEMINI.md (also auto-loaded by Gemini CLI).
| Count | What it is | |
|---|---|---|
| Plugins | 83 | Granular, single-purpose installable units (81 local + 2 external via git-subdir) |
| Agents | 191 | Domain experts (architecture, languages, infra, security, data, ML, docs, business, SEO) |
| Skills | 155 | Modular knowledge packages with progressive disclosure (load when activated) |
| Commands | 102 | Slash commands: scaffolding, security scans, test gen, infrastructure setup |
| Orchestrators | 16 | Multi-agent coordination workflows (full-stack, security, ML, incident response) |
Browse the catalog: docs/plugins.md · docs/agents.md · docs/agent-skills.md
Each plugin is isolated and composable: agents, commands, and skills are auto-discovered from directory structure. Installing a plugin loads only its components into context — not the whole marketplace.
plugins/python-development/
├── .claude-plugin/plugin.json
├── agents/ # 3 Python agents (python-pro, django-pro, fastapi-pro)
├── commands/ # 1 scaffolding command
└── skills/ # 16 specialized skills (async, testing, packaging, …)
Three-tier model strategy:
| Tier | Model | Use |
|---|---|---|
| 1 | Opus 4.7 | Architecture, security, code review, production-critical |
| 2 | inherit | User-chosen — backend, frontend, AI/ML, specialized |
| 3 | Sonnet | Docs, testing, debugging, API references |
| 4 | Haiku | Fast operational tasks, SEO, deployment, content |
This marketplace ships to five agentic harnesses from one Markdown source. Each adapter emits harness-native artifacts (not lowest-common-denominator translations):
| Harness | Generates | Notes |
|---|---|---|
| Claude Code | (source-of-truth) | Native marketplace.json + plugins/ |
| Codex CLI | .agents/plugins/marketplace.json + plugins/*/.codex-plugin/plugin.json (committed); .codex/skills/, .codex/agents/ (gitignored) | 8 KB skill cap respected; commands → skills |
| Cursor | .cursor-plugin/, .cursor/rules/ | Thin marketplace + curated rules; reuses .claude/ |
| OpenCode | .opencode/agents/, .opencode/commands/, .opencode/skills/ | permission: block from tools: allowlist; OpenCode-safe skill names |
| Gemini CLI | skills/, agents/, commands/ (TOML) | Native skills + subagents (April 2026 spec) |
| Copilot | .copilot/agents/, .copilot/skills/, .copilot/commands/ | Markdown agent profiles + SKILL.md skills + commands-as-skills; model maps to GPT-5 family |
npx claudepluginhub asleekgeek/agents --plugin security-scanningRust MCP server that indexes ANY codebase into a LadybugDB property graph — source in 10 languages with full AST, plus docs/config/binaries as File nodes (.js→Imports, Markdown→References). Resolves imports and call chains, detects communities via Leiden, traces execution flows from entry points, and exposes 24 MCP tools to agents — index_codebase, query_graph, get_symbol, get_impact, get_context, semantic_diff, and more.
97 genius reasoning patterns from history's greatest minds. One epistemic standard none of them can bypass.
Your AI development teammate. Turns a story file into a shipped, reviewed, and tested feature via orchestrator → architect → developer → PR reviewer → QA → Playwright.
Guides developers from brand discovery through iterative design to deployment-ready HTML via Stitch.
Interactive 3D knowledge graph with pathway-aware layouts, molecule viewer, and biomedical research templates
Harness-native ECC plugin for engineering teams - 67 agents, 278 skills, 94 legacy command shims, reusable hooks, rules, MCP conventions, and operator workflows for Claude Code plus adjacent agent harnesses
Comprehensive .NET development skills for modern C#, ASP.NET, MAUI, Blazor, Aspire, EF Core, Native AOT, testing, security, performance optimization, CI/CD, and cloud-native applications
Complete collection of battle-tested Claude Code configs from an Anthropic hackathon winner - agents, skills, hooks, and rules evolved over 10+ months of intensive daily use
Turn on Godmode for Claude Code. 126 skills. 7 subagents. Zero configuration.