By daothinh
enforces systematic false positive verification when verifying suspected security bugs.
Analyzes data flow from source to vulnerability sink, mapping trust boundaries, API contracts, environment protections, and cross-references. Spawned by fp-check during Phase 1 verification.
Verifies whether a suspected vulnerability is actually exploitable by proving attacker control, mathematical bounds, and race condition feasibility. Spawned by fp-check during Phase 2 verification.
Creates proof-of-concept exploits (pseudocode, executable, and unit tests) demonstrating a verified vulnerability, plus negative PoCs showing exploit preconditions. Spawned by fp-check during Phase 4 verification.
Uses power tools
Uses Bash, Write, or Edit tools
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
Claude Code and Codex Skills for Software Correctness
Formal verification, model checking, security auditing, proof repair, and benchmarking — as slash commands.
Install every plugin for Claude Code in one command:
npx skills add workersio/spec
Individual plugins can be selected during installation. Once installed, invoke any skill by name inside Claude Code:
/fuzzer Coverage-guided fuzzing with audit-driven harness design
/kani-proof Write bounded model checker proofs for Rust and Solana
/solana-audit Run a structured smart contract security audit
/axiom Verify and repair Lean 4 proofs
/skill-benchmark Benchmark a skill with controlled eval sessions
/workers-app-tester Pentest an Android app on a rooted device
/save Save the current session as a reusable agent
Claude and Codex support are included through repo-local metadata:
.claude-plugin/marketplace.json.agents/plugins/marketplace.jsonplugins/<name>/.codex-plugin/plugin.jsonplugins/To use this repo as a repo-scoped Codex marketplace:
.agents/plugins/marketplace.json can resolve ./plugins/<name> relative to the repo root.codex, then /plugins, open the workersio marketplace, and install the plugins you want.Claude-source plugin ports are now managed from the root repo through:
plugins/catalog.json — root inventory for existing plugins and vendored Claude-source portsscripts/sync-root-plugins.mjs — copies skills/plugins/<name> into root plugins/<name> and generates manifestsscripts/validate-root-plugins.mjs — validates manifest parity, marketplace drift, and SKILL.md relative links.codex-port/preserve-paths.json inside any copied plugin — opt-in list of root-only files to restore after re-sync when a plugin gets Codex-specific adaptationsCurrent port policy:
plugins/ but blocked from the Codex marketplace until their hook/MCP/task-specific behavior is portedfp-check, gh-cli, git-cleanup, modern-python, second-opinion, skill-improver, static-analysis, workflow-skill-design, zeroize-auditIf you want the plugins available user-wide and automatically synced to this repo, use the PowerShell installer:
pwsh -ExecutionPolicy Bypass -File .\scripts\install-user-level.ps1 -Mode install
Useful commands:
pwsh -ExecutionPolicy Bypass -File .\scripts\install-user-level.ps1 -Mode status
pwsh -ExecutionPolicy Bypass -File .\scripts\install-user-level.ps1 -Mode uninstall
pwsh -ExecutionPolicy Bypass -File .\scripts\install-user-level.ps1 -Mode install -Force
-Force backs up conflicting user-level paths to *.backup-YYYYMMDD-HHMMSS before replacing them with junctions.
What it creates:
%USERPROFILE%\.codex\.agents\plugins -> junction to this repo's .agents\plugins%USERPROFILE%\.codex\plugins\<plugin-name> -> junctions to this repo's plugins\<plugin-name>Why this layout:
.codex home-Mode installFor dry runs or custom targets, override the Codex home:
npx claudepluginhub daothinh/spec-cdex --plugin fp-checkConvert sessions into reusable agents
Structured Solana smart contract security audits
A comprehensive static analysis toolkit with CodeQL, Semgrep, and SARIF parsing for security vulnerability detection.
Security-focused differential review of code changes with git history analysis and blast radius estimation.
Write Kani bounded model checker proofs for Solana and Rust programs
Harness-native ECC operator layer - 67 agents, 278 skills, 94 legacy command shims, reusable hooks, rules, selective install profiles, and production-ready workflows for Claude Code, Codex, OpenCode, Cursor, and related agent harnesses
Complete collection of battle-tested Claude Code configs from an Anthropic hackathon winner - agents, skills, hooks, and rules evolved over 10+ months of intensive daily use
Efficient skill management system with progressive discovery — 410+ production-ready skills across 33+ domains