Security review for agent-generated code. Pattern-based warnings on edits, LLM-powered diff review on Stop, and an agentic commit reviewer that catches injection, XSS, SSRF, hardcoded secrets, and 25+ other vulnerability classes.
Executes bash commands
Hook triggers when Bash tool is used
Modifies files
Hook triggers on file write and edit operations
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
Multi-platform plugin monorepo for Claude Code, Grok Build, oh-my-pi / awfixer-agent, OpenAI Codex, and OpenCode.
Each subdirectory is a standalone plugin. Shared content (commands/, skills/, hooks/, .mcp.json) is the same across platforms; per-platform manifests live in dot-directories at the repo and plugin roots.
| Directory | Name | Description |
|---|---|---|
1password/ | 1password | 1Password MCP, CLI, and SDK — secure Environments and secrets |
browser-bridge/ | browser-bridge | Control your real Chrome browser via MCP (extension + local bridge) |
helium-browser/ | helium-browser | Control your local Helium browser via DevTools MCP |
railway/ | railway | Railway CLI, Terraform IaC, Postgres, deployments, Vercel wiring |
hookify/ | hookify | User-configurable hooks from conversation patterns or rules |
plugin-dev/ | plugin-dev | Plugin development toolkit (agents, commands, hooks, MCP, skills) |
security-guidance/ | security-guidance | Security review hooks for generated code and commits |
Catalog source of truth: scripts/catalog.json. Regenerate all platform catalogs with:
node scripts/sync-platform-manifests.mjs
| Platform | Catalog path |
|---|---|
| Claude Code | .claude-plugin/marketplace.json |
| Grok Build | .grok-plugin/marketplace.json |
| oh-my-pi / awfixer-agent | .omp-plugin/marketplace.json |
| OpenAI Codex | .codex-plugin/marketplace.json |
| OpenCode | .opencode-plugin/marketplace.json |
Marketplace name: awfixersites
Next.js + shadcn/ui site at site/ — plugin catalog, platform install guides, and repo structure.
bash scripts/serve-site.sh
# or: cd site && bun install && bun run dev
/plugin marketplace add awfixers-stuff/plugins
/plugin install 1password@awfixersites
From GitHub (after cloning or once this repo is pushed):
grok plugin marketplace add awfixers-stuff/plugins
Then in Grok: /marketplace → select awfixersites → install a plugin, or:
/plugin install browser-bridge@awfixersites
/browser-bridge-setup
Local checkout (development):
/plugin marketplace add /path/to/plugins
/plugin install browser-bridge@awfixersites
CLI alternative (install one plugin subdirectory directly):
grok plugin install awfixers-stuff/plugins#browser-bridge --trust
/marketplace add awfixers-stuff/plugins
/marketplace install 1password@awfixersites
Or via CLI:
omp plugin marketplace add awfixers-stuff/plugins
omp plugin install 1password@awfixersites
Install from the Codex plugin marketplace (when published) or point Codex at a plugin subdirectory. Each plugin ships .codex-plugin/plugin.json.
Add a plugin via opencode.json:
{
"plugin": ["1password@git+https://github.com/awfixers-stuff/plugins.git#1password"]
}
Each plugin includes package.json and .opencode/plugins/plugin.js for skills/MCP discovery.
plugin-name/
├── .claude-plugin/plugin.json # Claude + oh-my-pi manifest
├── .grok-plugin/plugin.json # Grok manifest
├── .codex-plugin/plugin.json # Codex manifest
├── .opencode-plugin/plugin.json # OpenCode metadata
├── package.json # OpenCode npm package entry
├── .opencode/plugins/plugin.js # OpenCode loader
├── .mcp.json # MCP servers (optional)
├── commands/ # Slash commands
├── skills/ # Auto-triggering skills
├── agents/ # Subagents (optional)
├── hooks/ # Event hooks (optional)
├── scripts/ # Helper scripts
└── README.md
Portable paths use ${CLAUDE_PLUGIN_ROOT} (also set as GROK_PLUGIN_ROOT on Grok Build).
npx claudepluginhub awfixers-stuff/plugins --plugin security-guidanceControl and debug your local Helium browser via DevTools MCP. Navigate pages, click, fill forms, take screenshots, inspect network and console, and profile performance in the user's real browser session.
Control your real Chrome browser from any AI agent via MCP. Chrome extension + local bridge for tabs, navigation, DOM interaction, screenshots, CDP, cookies, clipboard, and console logs — with your actual sessions, cookies, and extensions.
1Password integration for secure AI workflows. Manage Developer Environments via the official local MCP server (secrets never exposed to the agent), use the op CLI for vault items and op run, and scaffold Go/JavaScript/Python SDK integrations.
Railway infrastructure for awfixersites — CLI, Terraform IaC, Postgres provisioning, environment variables, deployments, logs, and Vercel cross-wiring.
Easily create hooks to prevent unwanted behaviors by analyzing conversation patterns or writing explicit rules.
Harness-native ECC plugin for engineering teams - 67 agents, 277 skills, 93 legacy command shims, reusable hooks, rules, MCP conventions, and operator workflows for Claude Code plus adjacent agent harnesses
Complete collection of battle-tested Claude Code configs from an Anthropic hackathon winner - agents, skills, hooks, and rules evolved over 10+ months of intensive daily use
Efficient skill management system with progressive discovery — 410+ production-ready skills across 33+ domains