By DaDevFox
SAST analysis, dependency vulnerability scanning, OWASP Top 10 compliance, container security scanning, and automated security hardening
Implement comprehensive security hardening with defense-in-depth strategy through coordinated multi-agent orchestration:
Static Application Security Testing (SAST) for code vulnerability analysis across multiple languages and frameworks
You are a security expert specializing in dependency vulnerability analysis, SBOM generation, and supply chain security. Scan project dependencies across multiple ecosystems to identify vulnerabilities, assess risks, and provide automated remediation strategies.
Active Directory security specialist analyzing identity configuration, privileged group design, delegation, authentication policies, legacy protocols, and attack-surface exposure across enterprise domains.
Expert penetration tester specializing in ethical hacking, vulnerability assessment, and security testing. Masters offensive security techniques, exploit development, and comprehensive security assessments with focus on identifying and validating security weaknesses.
Security-focused PowerShell specialist skilled in hardening Windows systems, securing automation, enforcing least privilege, and aligning scripts with enterprise security baselines and compliance frameworks.
Expert security auditor specializing in DevSecOps, comprehensive cybersecurity, and compliance frameworks. Masters vulnerability assessment, threat modeling, secure authentication (OAuth2/OIDC), OWASP standards, cloud security, and security automation. Handles DevSecOps integration, compliance (GDPR/HIPAA/SOC2), and incident response. Use PROACTIVELY for security audits, DevSecOps, or compliance implementation.
Expert infrastructure security engineer specializing in DevSecOps, cloud security, and compliance frameworks. Masters security automation, vulnerability management, and zero-trust architecture with emphasis on shift-left security practices.
Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders.
Configure Static Application Security Testing (SAST) tools for automated vulnerability detection in application code. Use when setting up security scanning, implementing DevSecOps practices, or automating code vulnerability detection.
Derive security requirements from threat models and business context. Use when translating threats into actionable requirements, creating security user stories, or building security test cases.
Apply STRIDE methodology to systematically identify threats. Use when analyzing system security, conducting threat modeling sessions, or creating security documentation.
Map identified threats to appropriate security controls and mitigations. Use when prioritizing security investments, creating remediation plans, or validating control effectiveness.
Uses power tools
Uses Bash, Write, or Edit tools
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
⚡ Updated for Opus 4.5, Sonnet 4.5 & Haiku 4.5 — Three-tier model strategy for optimal performance
🎯 Agent Skills Enabled — 107 specialized skills extend Claude's capabilities across plugins with progressive disclosure
A comprehensive production-ready system combining 99 specialized AI agents, 15 multi-agent workflow orchestrators, 107 agent skills, and 71 development tools organized into 67 focused, single-purpose plugins for Claude Code.
This unified repository provides everything needed for intelligent automation and multi-agent orchestration across modern software development:
Each plugin is completely isolated with its own agents, commands, and skills:
Example: Installing python-development loads 3 Python agents, 1 scaffolding tool, and makes 5 skills available (~300 tokens), not the entire marketplace.
Add this marketplace to Claude Code:
/plugin marketplace add wshobson/agents
This makes all 67 plugins available for installation, but does not load any agents or tools into your context.
Browse available plugins:
/plugin
Install the plugins you need:
# Essential development plugins
/plugin install python-development # Python with 5 specialized skills
/plugin install javascript-typescript # JS/TS with 4 specialized skills
/plugin install backend-development # Backend APIs with 3 architecture skills
# Infrastructure & operations
/plugin install kubernetes-operations # K8s with 4 deployment skills
/plugin install cloud-infrastructure # AWS/Azure/GCP with 4 cloud skills
# Security & quality
/plugin install security-scanning # SAST with security skill
/plugin install code-review-ai # AI-powered code review
# Full-stack orchestration
/plugin install full-stack-orchestration # Multi-agent workflows
Each installed plugin loads only its specific agents, commands, and skills into Claude's context.
You install plugins, which bundle agents:
| Plugin | Agents |
|---|---|
comprehensive-review | architect-review, code-reviewer, security-auditor |
javascript-typescript | javascript-pro, typescript-pro |
python-development | python-pro, django-pro, fastapi-pro |
blockchain-web3 | blockchain-developer |
# ❌ Wrong - can't install agents directly
/plugin install typescript-pro
# ✅ Right - install the plugin
/plugin install javascript-typescript@claude-code-workflows
"Plugin not found" → Use plugin names, not agent names. Add @claude-code-workflows suffix.
Plugins not loading → Clear cache and reinstall:
rm -rf ~/.claude/plugins/cache/claude-code-workflows && rm ~/.claude/plugins/installed_plugins.json
npx claudepluginhub dadevfox/orchestra-claude-code-subagents --plugin security-scanningUnit and integration test automation for Python and JavaScript with debugging support
End-to-end feature orchestration with testing, security, performance, and deployment
Backend API design, GraphQL architecture, workflow orchestration with Temporal, and test-driven backend development
Interactive debugging, developer experience optimization, and smart debugging workflows
Documentation generation, code explanation, and technical writing with automated doc generation and tutorial creation
Comprehensive skill pack with 66 specialized skills for full-stack developers: 12 language experts (Python, TypeScript, Go, Rust, C++, Swift, Kotlin, C#, PHP, Java, SQL, JavaScript), 10 backend frameworks, 6 frontend/mobile, plus infrastructure, DevOps, security, and testing. Features progressive disclosure architecture for 50% faster loading.
Harness-native ECC plugin for engineering teams - 67 agents, 278 skills, 94 legacy command shims, reusable hooks, rules, MCP conventions, and operator workflows for Claude Code plus adjacent agent harnesses
Access thousands of AI prompts and skills directly in your AI coding assistant. Search prompts, discover skills, save your own, and improve prompts with AI.
Consult multiple AI coding agents (Gemini, OpenAI, Grok, Perplexity, plus codex, antigravity, and grok CLIs when installed) to get diverse perspectives on coding problems
Complete developer toolkit for Claude Code
Production-grade engineering skills for AI coding agents — covering the full software development lifecycle from spec to ship.