By bitwarden
Application security engineering assistant for vulnerability triage, threat modeling, and secure code analysis at Bitwarden.
npx claudepluginhub bitwarden/ai-plugins --plugin bitwarden-security-engineerThis skill should be used when the user asks to "analyze code for security issues", "check for OWASP vulnerabilities", "review code against CWE Top 25", "find injection vulnerabilities", "do a security code review", or needs manual security analysis against OWASP Top 10, API Top 10, Mobile Top 10, or CWE/SANS frameworks.
Bitwarden's security principles (P01-P06), security vocabulary, and data classification standards. Use when you need foundational security context for any Bitwarden development, review, or security task — such as understanding trust boundaries, data protection requirements, or Bitwarden-specific security terminology.
This skill should be used when the user asks to "find hardcoded secrets", "audit for credential leaks", "check for API keys in code", "review secret scanning alerts", "rotate a leaked secret", or needs to detect hardcoded credentials, review secret handling patterns, or remediate exposed secrets.
This skill should be used when the user asks to "review Dependabot alerts", "check for vulnerable dependencies", "audit third-party packages", "assess supply chain risk", "run Grype scan", or needs to evaluate dependency health, transitive risk, or supply chain security.
This skill should be used when the user asks to "review the security architecture", "check authentication patterns", "evaluate trust boundaries", "review encryption implementation", "assess authorization design", or needs to evaluate system designs for authentication, authorization, data protection, or cryptographic correctness.
This skill should be used when the user asks to "create a threat model", "define security goals", "generate a data flow diagram", "write security definitions", "perform an initial security assessment", or needs to produce threat model artifacts for new features or architecture changes.
This skill should be used when the user asks to "triage security findings", "fix a Checkmarx finding", "review SonarCloud results", "dismiss a false positive", "check code scanning alerts", or needs to work with GitHub Advanced Security alerts, scanner annotations on PRs, or Grype vulnerability results.
A curated collection of plugins for AI-assisted development at Bitwarden. Enables discovery and distribution of quality-controlled plugins for use with Claude Code.
| Plugin | Version | Description |
|---|---|---|
| atlassian-reader | 1.2.1 | Read-only access to Jira issues, epics, sprints, boards, and Confluence pages from Atlassian Cloud |
| bitwarden-atlassian-tools | 1.1.1 | Read-only Atlassian access: Jira issues, JQL search, Confluence pages, CQL search, attachments |
| bitwarden-code-review | 1.8.1 | Autonomous code review agent following Bitwarden engineering standards with GitHub integration |
| bitwarden-init | 1.1.0 | Initialize and enhance CLAUDE.md files with Bitwarden's standardized template format |
| bitwarden-product-analyst | 0.1.4 | Product analyst agent for creating comprehensive Bitwarden requirements documents from multiple sources |
| bitwarden-security-engineer | 0.2.0 | Application security engineering: vulnerability triage, threat modeling, and secure code analysis |
| bitwarden-software-engineer | 0.3.0 | Full-stack engineering assistant for Bitwarden client, server, and database development patterns |
| claude-config-validator | 1.1.1 | Validates Claude Code configuration files for security, structure, and quality |
| claude-retrospective | 1.1.1 | Analyze Claude Code sessions to identify successful patterns and improvement opportunities |
# Short form (GitHub owner/repo)
/plugin marketplace add bitwarden/ai-plugins
# Full GitHub URL
/plugin marketplace add https://github.com/bitwarden/ai-plugins
After adding the marketplace, restart Claude Code for the changes to take effect.
You can also use /plugin interactively to manage marketplaces and plugins through a guided interface.
Once the marketplace is added, install plugins using:
/plugin install plugin-name@bitwarden-marketplace
Plugins are installed to ~/.claude/plugins/ by default. Restart Claude Code after installing for the plugin to become active.
Third-party marketplaces don't auto-update by default. To enable automatic updates, open /plugin, go to Marketplaces, select this marketplace, and choose Enable auto-update. Claude Code will then refresh marketplace data and update installed plugins at startup.
You can also update manually at any time:
/plugin marketplace update bitwarden-marketplace
See CONTRIBUTING.md for plugin development guidelines, structure requirements, versioning rules, and the review process.
Comprehensive code review system with organization-wide standards.
Security best practices advisor with vulnerability detection and fixes
Security skills for vibe coding — pre-coding security assessment, code vulnerability review, and threat modeling. Works without any MCP server or Jira/Confluence setup.
Secure coding, OWASP guidance, input validation, cryptography, authentication, and secrets management for secure application development.
Agents specialized in security engineering and threat mitigation. Focuses on secure architecture, vulnerability assessment, and compliance.
Uses power tools
Uses Bash, Write, or Edit tools
Share bugs, ideas, or general feedback.
DevsForge comprehensive security vulnerability scanner with automated remediation suggestions.
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge.
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge.
Sign in to claim