MEGA Security

The evaluation-driven approach to LLM system-prompt and agent security.
Define the attack surface, measure it, harden to pass — for chat prompts and full agent pipelines.

Quick Start · What it does · Agent Security · Benchmark · Leaderboard ↗ · megacode.ai ↗

✨ Why?

[!WARNING] Routing through OpenClaw, Hermes, LiteLLM, or OpenRouter? Your system prompt runs on whichever model the router picks at request time and defense rates swing from 0.50 to 0.91 across vendors. Untuned, you ship the worst case.

[!IMPORTANT] Your system prompt is your trust asset. In production it has been breaking repeatedly: EchoLeak (zero-click M365 Copilot exfiltration), the Gap chatbot jailbreak, the Chevy "$1 Tahoe" persona override, and 7+ vendor system prompts now public on GitHub. A static prompt is no longer enough — and once tools, RAG, and memory enter the picture, the attack surface widens beyond what any single prompt can hold.

The common pain points teams hit shipping LLM products:

🧨 Attacks evolve faster than benchmarks — HarmBench, DAN, PII catalogs all live in separate repos, English-only, and lag behind real-world techniques.
⚖️ Defense vs. usability is unmeasured — teams regress into "block-everything" prompts that frustrate legitimate users (high false-refusal rate).
🎯 No reproducible stop condition — there's no objective signal for "is this prompt ship-ready?"
🔁 Manual review is the only feedback loop — you can't tell whether a prompt edit actually helped.
🧰 Agent-shaped products break the prompt model — tools, RAG corpora, and rendered output add categories (tool abuse, RAG poisoning, output handling) that a single-prompt benchmark can't see.

mega-security is an example of evaluation-driven development applied to LLM security. It ships four Claude Code commands that diagnose and harden chat system prompts and full agent pipelines, fail-closed, reproducible, and never modifying your code without your explicit approval.

🚀 Quick Start

Inside any Claude Code session:

/plugin marketplace add https://github.com/mega-edo/mega-security

/plugin install mega-security@mega-edo

That's it. Commands become available immediately:

Chat system prompts — single prompt.txt / system-message scope:

/prompt-check                  # 5–10 min diagnosis of a single system prompt

/prompt-optimize               # iterative hardening with no-regression guarantees

Full agent pipelines — products with tools, RAG, memory, or multi-archetype orchestration:

/agent-check                   # static OWASP review + Red/Blue Team baseline (~10–20 min)

/agent-optimize                # source-level hardening loop with Pareto acceptance gates

To pull updates later: /plugin upgrade mega-security.

[!TIP] Not sure which one you want? If your product has tools, a vector store, or rendered output, run /agent-check. If it's a pure text-in/text-out chat with one system prompt, /prompt-check is faster and ships the same defensive posture for that scope.

Local development install (contributors only)

git clone https://github.com/mega-edo/mega-security ~/mega-agent-security
claude --plugin-dir ~/mega-agent-security

--plugin-dir is session-scoped and additive. To load multiple plugins in one session, repeat the flag. After editing plugin files mid-session, run /reload-plugins to refresh.

📊 Proven across 4 vendors × 2 tiers × 3 scenarios

MEGA Security

The evaluation-driven approach to LLM system-prompt and agent security.
Define the attack surface, measure it, harden to pass — for chat prompts and full agent pipelines.

Quick Start · What it does · Agent Security · Benchmark · Leaderboard ↗ · megacode.ai ↗

✨ Why?

[!WARNING] Routing through OpenClaw, Hermes, LiteLLM, or OpenRouter? Your system prompt runs on whichever model the router picks at request time and defense rates swing from 0.50 to 0.91 across vendors. Untuned, you ship the worst case.

[!IMPORTANT] Your system prompt is your trust asset. In production it has been breaking repeatedly: EchoLeak (zero-click M365 Copilot exfiltration), the Gap chatbot jailbreak, the Chevy "$1 Tahoe" persona override, and 7+ vendor system prompts now public on GitHub. A static prompt is no longer enough — and once tools, RAG, and memory enter the picture, the attack surface widens beyond what any single prompt can hold.

The common pain points teams hit shipping LLM products:

🧨 Attacks evolve faster than benchmarks — HarmBench, DAN, PII catalogs all live in separate repos, English-only, and lag behind real-world techniques.
⚖️ Defense vs. usability is unmeasured — teams regress into "block-everything" prompts that frustrate legitimate users (high false-refusal rate).
🎯 No reproducible stop condition — there's no objective signal for "is this prompt ship-ready?"
🔁 Manual review is the only feedback loop — you can't tell whether a prompt edit actually helped.
🧰 Agent-shaped products break the prompt model — tools, RAG corpora, and rendered output add categories (tool abuse, RAG poisoning, output handling) that a single-prompt benchmark can't see.

🚀 Quick Start

Inside any Claude Code session:

/plugin marketplace add https://github.com/mega-edo/mega-security

/plugin install mega-security@mega-edo

That's it. Commands become available immediately:

Chat system prompts — single prompt.txt / system-message scope:

/prompt-check                  # 5–10 min diagnosis of a single system prompt

/prompt-optimize               # iterative hardening with no-regression guarantees

Full agent pipelines — products with tools, RAG, memory, or multi-archetype orchestration:

/agent-check                   # static OWASP review + Red/Blue Team baseline (~10–20 min)

/agent-optimize                # source-level hardening loop with Pareto acceptance gates

To pull updates later: /plugin upgrade mega-security.

[!TIP] Not sure which one you want? If your product has tools, a vector store, or rendered output, run /agent-check. If it's a pure text-in/text-out chat with one system prompt, /prompt-check is faster and ships the same defensive posture for that scope.

Local development install (contributors only)

git clone https://github.com/mega-edo/mega-security ~/mega-agent-security
claude --plugin-dir ~/mega-agent-security

--plugin-dir is session-scoped and additive. To load multiple plugins in one session, repeat the flag. After editing plugin files mid-session, run /reload-plugins to refresh.

Help us improve

Find plugins for your project

Help us improve

mega-security

Popularity

Health & Quality

Confidence

What's Inside

Help us improve

README

MEGA Security

✨ Why?

🚀 Quick Start

📊 Proven across 4 vendors × 2 tiers × 3 scenarios

Similar Plugins

reins

agentguard

bridgeward

sage

soundcheck

aport-guardrails

Help us improve

MEGA Security

✨ Why?

🚀 Quick Start

📊 Proven across 4 vendors × 2 tiers × 3 scenarios