Complete security audits with 120+ checks, 42 bypass vectors, sharp-edges detection, and fix verification - OWASP 2025, Supabase RLS, API enumeration, Realtime leaks, PostgREST abuse, and more
npx claudepluginhub mralbertzwolle/vca-tools --plugin security-auditVerify security fixes resolve vulnerabilities without regressions.
Complete security audits with 165+ checks for web applications. Covers OWASP Top 10 2025, Supabase RLS bypass attacks (40+ vectors), SSRF detection, JWT/session security, file upload validation, CORS misconfiguration, API enumeration, Realtime channel leaks, payment security, timing attacks, supply chain security (typosquatting, install scripts, lockfile integrity), cookie/session hardening (httpOnly, secure, SameSite), and CSP header analysis. Use /security-audit:run to start.
Find dangerous API patterns (footguns) in React/Next.js/Supabase.
Comprehensive skill pack with 66 specialized skills for full-stack developers: 12 language experts (Python, TypeScript, Go, Rust, C++, Swift, Kotlin, C#, PHP, Java, SQL, JavaScript), 10 backend frameworks, 6 frontend/mobile, plus infrastructure, DevOps, security, and testing. Features progressive disclosure architecture for 50% faster loading.
Efficient skill management system with progressive discovery — 410+ production-ready skills across 33+ domains
Complete creative writing suite with 10 specialized agents covering the full writing process: research gathering, character development, story architecture, world-building, dialogue coaching, editing/review, outlining, content strategy, believability auditing, and prose style/voice analysis. Includes genre-specific guides, templates, and quality checklists.
Battle-tested Claude Code plugin for engineering teams — 38 agents, 156 skills, 72 legacy command shims, production-ready hooks, and selective install workflows evolved through continuous real-world use
Stripe development plugin for Claude
Professional WordPress engineering skills for Claude Code — performance optimization, security auditing, Gutenberg block development, and theme/plugin best practices