By denobotion
Application security engineering assistant for vulnerability triage, threat modeling, and secure code analysis at Bitwarden.
This skill should be used when the user asks to "review Dependabot alerts", "check for vulnerable dependencies", "audit third-party packages", "assess supply chain risk", "run Grype scan", or needs to evaluate dependency health, transitive risk, or supply chain security.
This skill should be used when the user asks to "analyze code for security issues", "check for OWASP vulnerabilities", "review code against CWE Top 25", "find injection vulnerabilities", "do a security code review", or needs manual security analysis against OWASP Top 10, API Top 10, Mobile Top 10, or CWE/SANS frameworks.
Audit all open HackerOne-sourced VULN Jira tickets and their linked engineering child items to identify what needs action. Use this skill whenever the user wants to: check VULN ticket status, see which HackerOne findings need status updates, identify vulnerabilities ready to verify or close, run a remediation audit, check "what do I need to do on my VULN tickets today", or get a prioritized view of open vulnerabilities. Outputs a sorted action table with emoji tokens. Always use this skill for HackerOne/VULN remediation tracking and status correlation tasks — don't try to do it from scratch.
Bitwarden's security principles (P01-P06), security vocabulary, and data classification standards. Use when you need foundational security context for any Bitwarden development, review, or security task — such as understanding trust boundaries, data protection requirements, or Bitwarden-specific security terminology.
This skill should be used when the user asks to "find hardcoded secrets", "audit for credential leaks", "check for API keys in code", "review secret scanning alerts", "rotate a leaked secret", or needs to detect hardcoded credentials, review secret handling patterns, or remediate exposed secrets.
Uses power tools
Uses Bash, Write, or Edit tools
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
A curated collection of plugins for AI-assisted development at Bitwarden. Enables discovery and distribution of quality-controlled plugins for use with Claude Code.
| Plugin | Version | Description |
|---|---|---|
| bitwarden-tech-lead | 2.1.0 | Tech lead for technical planning, architecture coherence, and surfacing patterns to Technical Strategy Ideas |
| bitwarden-atlassian-tools | 2.2.3 | Read-only Atlassian access via MCP server with deep Jira issue research skill |
| bitwarden-code-review | 1.10.0 | Autonomous code review agent following Bitwarden engineering standards with GitHub integration |
| bitwarden-delivery-tools | 1.1.0 | Delivery lifecycle skills: initiative funnel navigation, work transitions, commits, PRs, preflight checks, labeling |
| bitwarden-devops-engineer | 0.1.1 | DevOps engineering assistant: workflow compliance linting, action security auditing, and org-wide CI/CD remediation |
| bitwarden-init | 1.1.0 | Initialize and enhance CLAUDE.md files with Bitwarden's standardized template format |
| bitwarden-product-analyst | 0.1.5 | Product analyst agent for creating comprehensive Bitwarden requirements documents from multiple sources |
| bitwarden-security-engineer | 1.2.0 | Application security engineering: vulnerability triage, threat modeling, and secure code analysis |
| bitwarden-software-engineer | 0.4.1 | Comprehensive full-stack software engineering assistant proficient in modern software development at Bitwarden. |
| claude-config-validator | 1.1.1 | Validates Claude Code configuration files for security, structure, and quality |
| claude-retrospective | 1.1.1 | Analyze Claude Code sessions to identify successful patterns and improvement opportunities |
# Short form (GitHub owner/repo)
/plugin marketplace add bitwarden/ai-plugins
# Full GitHub URL
/plugin marketplace add https://github.com/bitwarden/ai-plugins
After adding the marketplace, restart Claude Code for the changes to take effect.
You can also use /plugin interactively to manage marketplaces and plugins through a guided interface.
Once the marketplace is added, install plugins using:
/plugin install plugin-name@bitwarden-marketplace
Plugins are installed to ~/.claude/plugins/ by default. Restart Claude Code after installing for the plugin to become active.
Third-party marketplaces don't auto-update by default. To enable automatic updates, open /plugin, go to Marketplaces, select this marketplace, and choose Enable auto-update. Claude Code will then refresh marketplace data and update installed plugins at startup.
You can also update manually at any time:
/plugin marketplace update bitwarden-marketplace
See CONTRIBUTING.md for plugin development guidelines, structure requirements, versioning rules, and the review process.
Comprehensive code review system with organization-wide standards.
Tech lead agent for a Bitwarden product team. The team's primary technical resource — architects solutions in the team's domain, partners with the EM on scoping and backlog, partners with peer tech leads on cross-team architecture, and serves as the team's conduit for cross-team technical decisions.
Validates Claude Code configuration files for security, structure, and quality. Reviews CLAUDE.md, skills, agents, prompts, commands, and settings with comprehensive validation checklists.
GitHub Actions workflow compliance, action security auditing, and org-wide CI/CD remediation.
Read-only Atlassian access via MCP server with deep Jira issue research skill, JQL search, Confluence pages, CQL search, and attachments
npx claudepluginhub denobotion/ai-plugins --plugin bitwarden-security-engineerHarness-native ECC operator layer - 67 agents, 278 skills, 94 legacy command shims, reusable hooks, rules, selective install profiles, and production-ready workflows for Claude Code, Codex, OpenCode, Cursor, and related agent harnesses
Complete collection of battle-tested Claude Code configs from an Anthropic hackathon winner - agents, skills, hooks, and rules evolved over 10+ months of intensive daily use
Turn on Godmode for Claude Code. 126 skills. 7 subagents. Zero configuration.