Security plugins

Reverse engineer binaries, triage and unpack malware, extract and analyze firmware, perform memory forensics, and dissect network protocols using specialized AI agents and skills for authorized security research, CTFs, and incident response.

Generate code explanations, tutorials, API documentation, and architecture guides by analyzing codebases with AST-based metrics. Also performs AI-powered code reviews for security, performance, and reliability.

Automates end-to-end feature development: explores codebase to map dependencies, patterns, and execution paths; designs architectures with blueprints, data flows, and build sequences; implements code changes; reviews for bugs, security vulnerabilities, and quality issues using high-confidence filtering.

Automate technical debt reduction, dependency updates, and code refactoring by scanning for vulnerabilities and code smells, generating prioritized remediation plans, and leveraging AI-powered test automation and code review.

Automates multi-perspective code review across architecture, security, performance, and best practices. Analyzes git changes between branches, runs specialized agents for code quality, architectural integrity, vulnerability detection, and compliance. Supports configurable focus areas like --security-focus and --framework.

Bridge Claude Code with messaging platforms like Telegram and Discord, providing built-in access control via allowlists and pairing policies for secure automation and bot management.

Secure full-stack applications with API design patterns, authentication/authorization systems, backend/frontend coding practices, code review for vulnerabilities, and PCI DSS compliance guidance.

Enables Claude Code to conduct comprehensive security assessments across web applications, cloud infrastructure (AWS, Azure, GCP), and DevSecOps pipelines, including penetration testing, vulnerability scanning, privilege escalation, and audit reviews.

Provides structured guidance for executing cybersecurity operations across penetration testing, incident response, threat hunting, cloud security, and malware analysis, with step-by-step procedures and tool usage.

Delegate expert-level code reviews, security audits, penetration tests, QA automation, accessibility compliance checks, performance optimizations, chaos engineering, and compliance validations to specialized sub-agents across codebases, infrastructure, and systems.

Prevent accidental dangerous Bash commands in Claude Code and GitHub Copilot CLI by adding safety checks and skill-nudge reminders during session startup.

Automate legal contract review, NDA triage, compliance checks, legal briefings, meeting prep, e-signature preparation, and vendor agreement tracking, with integrations to Slack, DocuSign, Jira, and Box.

Automates finance and accounting workflows including month-end close, SOX compliance testing, financial reporting, journal entries, reconciliations, and variance analysis, with integrations to Slack and BigQuery for notifications and data querying.

Configure and debug Payload CMS backends in payload.config.ts by defining collections, fields, hooks, access control, and APIs. Troubleshoot validation errors, security issues, relationships, queries, transactions, and hook behaviors to build robust headless CMS applications.

Automate KYC/AML screening of investor onboarding documents: parse identity, ownership, source of funds; apply risk rules; check sanctions/PEP lists; generate escalation packets for compliance sign-off.

Controls iMessage channel access for Claude Code — approve/deny pairings, manage sender allowlists, set DM and group policies, and verify setup including Full Disk Access and current policy status.

Automate KYC/AML compliance by parsing investor onboarding packets into structured fields (identity, ownership, control, source of funds) and applying rules grids to assign risk ratings, check required documents, and route escalation.

Run autonomous Claude-powered iteration loops that modify code, verify against metrics, and refine until success, automating debugging, bug fixes, security audits, documentation generation, task planning, issue prediction, adversarial reasoning, test scenario creation, and multi-phase project shipping.

Decompile Android APK, XAPK, JAR, and AAR files using jadx or Fernflower, then extract HTTP API endpoints and trace call flows from UI to network layer for security analysis and API documentation.

Run CodeQL and Semgrep to scan multi-language codebases (Python, JavaScript/TS, Go, Java, C#, Ruby, Rust) for security vulnerabilities via taint tracking and pattern matching. Parse, deduplicate, and aggregate SARIF outputs from scans, then integrate findings into CI/CD pipelines using GitHub Actions or bash scripts.

Capture, decode, and analyze Kubernetes cluster network traffic for root cause analysis, forensic snapshots, PCAP extraction, and security threat detection using the Kubeshark MCP. Includes traffic filtering with the Kubeshark Filter Language (KFL2) and auditing against MITRE ATT&CK framework.

Bridge IDA Pro with language models via MCP for AI-assisted reverse engineering, enabling natural language queries against disassembly, decompilation, cross-references, and database state using IDAPython scripting patterns.

Build and manage Cloudflare applications: create serverless Workers, stateful Durable Objects, AI agents with React hooks, enforce Zero Trust policies, and audit web performance using CLI tools and MCP integrations.

Audit smart contracts for vulnerabilities across Cosmos, Solana, Polkadot, TON, Algorand, and StarkNet blockchains using specialized scanners. Assess codebase maturity with scorecards, prepare for professional audits via static analysis and test improvements, analyze token integrations for ERC standards and risks, and apply Trail of Bits guidelines for architecture reviews and secure workflows.

Run cloud security compliance checks and remediate issues across AWS, GCP, and Azure using Prowler's assessment platform. Automates framework selection, provider configuration, and step-by-step compliance checking to make accounts compliant with security/industry frameworks.

Run institutional-grade stock analysis for A-shares, HK, and US equities: 22-dimension data, 65-investor panel voting, 17 valuation methods (DCF, LBO, comps), fraud detection, and Bloomberg-style HTML reports. Supports portfolio drift analysis, earnings preview, catalyst calendars, and investment thesis tracking.

Triages and classifies AI use cases against your governance registry, runs structured impact assessments across regulatory regimes, reviews vendor AI terms for data training and liability risks, monitors policy drift, and drafts updated usage policies — all while connecting to Slack, Google Drive, and Lexis+ Protégé for research and collaboration.

Discover, evaluate, install, update, and remove community legal skills from registries with security review gates and explicit approval flows, integrating with Slack and Google Drive for notifications and file access.

Build and run constrained browser agents that enforce a domain allowlist via CDP Fetch interception, letting you safely automate browsing tasks without granting raw shell or CDP access.

Build multi-language code graphs to map call graphs, attack surfaces, blast radius, taint propagation, privilege boundaries, and complexity hotspots for security audits. Visualize architecture with Mermaid diagrams, compare snapshots across git commits for evolution analysis, triage mutation testing survivors, generate crypto test vectors, diagram protocols, and project SARIF findings onto graphs.

Implement Trail of Bits handbook security testing workflows: fuzz Rust, Python, C/C++, Ruby code with AFL++, libFuzzer, cargo-fuzz, Atheris; instrument AddressSanitizer; run static analysis via Semgrep, CodeQL; generate coverage reports, dictionaries, and bypass obstacles for vulnerability detection.

Generate structured engineering documents and analyses for code reviews, incident postmortems, API docs, architecture decisions, system design, runbooks, CI/CD, SLOs, database migrations, security threat models, and more — all from natural language prompts in Claude Code.

Automated bug hunting and red-team engagement platform for web, cloud, mobile, and enterprise targets. Runs recon, vulnerability scanning, exploit chaining, and report generation across 70+ attack classes with slash commands and auto-loaded skill sets.

Implement, customize, secure, deploy, troubleshoot, and scale Clerk authentication in Next.js apps using 24 skills for SDK installation, sign-up/sign-in UIs, middleware protection, error debugging, webhook handling, performance tuning, cost optimization, RBAC/SSO, GDPR compliance, production checklists, CI/CD pipelines, local dev loops, and migrations from Auth0, Firebase, or Supabase.

Integrate secrets managers like Vault, AWS Secrets Manager, GCP Secret Manager, and Azure Key Vault into applications and infrastructure. Generate policies, auth configs, rotation schedules, Kubernetes manifests, retrieval code, setup scripts, and documentation from simple inputs.

Audit codebases with a security agent that scans for vulnerabilities like SQL injection, XSS, CSRF, auth flaws, insecure dependencies, and secrets; generates severity-rated reports including file locations, explanations, compliance checks, and code fixes with examples.

Manage privacy compliance workflows: conduct PIAs, review DPAs as controller or processor, draft DSAR responses, triage processing activities, monitor policy drift, and track regulatory changes — all within Slack and Google Drive integrations.

Automate legal review of product launches by running structured risk assessments on features, evaluating marketing copy for substantiation requirements, and monitoring Jira/Linear for upcoming launches needing legal eyes, with integrations to Slack, Asana, Google Drive, and Lexis+ for research.

Create and validate custom Semgrep rules for detecting security vulnerabilities, bugs, code patterns, and standards using test-first methodology, conversation context for patterns and languages, plus taint mode support.

Annotate codebases with dimensional analysis comments documenting units, dimensions, and decimal scaling. Automatically scan for arithmetic patterns, discover project-specific units, propagate annotations through expressions and functions, and validate consistency to detect mismatches and bugs in DeFi protocols or numerical code.

Scan smart contract codebases in Solidity, Vyper, Solana/Rust, Move, TON, or CosmWasm to identify externally callable state-changing functions, categorize them by access levels, and generate structured reports for security audits and access control reviews.

Scaffold production-grade Claude Code plugins with marketplace integration, validate structure and schemas, audit for security vulnerabilities and best practices, and automate semantic version bumps across manifests and catalogs using auto-invoked skills and interactive commands.

Exploit Apache Shiro rememberMe deserialization vulnerabilities (Shiro-550, CVE-2016-4437) via CLI — automate key cracking, gadget chain detection, command execution, and memory shell injection for penetration testing.

Use Claude to manage Granola AI meeting notes workflows end-to-end: automate installations and upgrades, integrate with GitHub/Linear/Slack via Zapier for action items, optimize costs/performance/security, export data, troubleshoot issues, and deploy enterprise setups with RBAC/observability.

Simulate flash loan strategies on Aave, dYdX, Uniswap V3, and Balancer to analyze DeFi arbitrage, liquidations, and collateral swaps. Compute profitability with gas estimation, slippage and fee modeling, plus risk assessments for MEV and front-running.

Monitor new token launches on Ethereum, BSC, Polygon, and Arbitrum DEXes to detect rugpulls and security risks. Analyze contracts for honeypots, ownership renouncement, liquidity locks, mint functions, proxies, blacklists, and perform verification plus social legitimacy checks.

Automate OWASP Top 10 vulnerability scans and penetration testing on JavaScript, Python, and Java codebases using Semgrep, ESLint-security, Bandit, and dependency audits. Delegate comprehensive security audits to a specialized agent covering injections, XSS, CSRF, authentication flaws, access control, and misconfigurations.

Audit dependencies across Node.js, Python, PHP, Ruby, Go, and Rust projects for vulnerabilities, outdated versions, transitive issues, and license compliance. Generate detailed reports with CVE information, upgrade recommendations, and fix commands using tools like npm audit and pip-audit.

Scan codebases for data privacy risks, identifying PII exposures, hardcoded sensitive data, unsafe logging practices, unencrypted storage, insecure transmission, missing consent mechanisms, and retention policy violations to audit and remediate compliance issues.

Audit and optimize web projects for Lighthouse scores, Core Web Vitals, WCAG 2.2 accessibility, technical SEO, performance bottlenecks, security best practices, and code quality using specialized agent skills that apply fixes with code examples.

Build complete API authentication and authorization systems supporting JWT, OAuth2, API keys, sessions, MFA, RBAC, token refresh, validation, and brute-force protection. Generates models, middleware, and services for JavaScript/Node.js, Python, and Java backends.

Configure, troubleshoot, and optimize Sentry error tracking and performance monitoring across Node.js, Python, React/Next.js apps, CI/CD pipelines, and enterprise setups, including SDK installs, source maps, sampling, PII scrubbing, and incident response.

Build deep architectural context through line-by-line and per-function code analysis using First Principles and 5 Whys, enabling precise vulnerability hunting and bug detection in security audits. Target entire codebases, specific modules, or dense functions to map dependencies, data flows, assumptions, and effects.

Generate tailored legal documents like NDAs, freelancer agreements, privacy policies, and terms of service by scanning websites or apps for data practices. Review contracts via multi-agent analysis for risks, compliance gaps (GDPR/CCPA), missing protections, plain-English summaries, and negotiation proposals. Audit sites for regulatory adherence with scored reports and remediation roadmaps.

Discover similar bugs and vulnerabilities across your codebase by generalizing patterns from an initial issue using ripgrep, Semgrep, and CodeQL for iterative, pattern-based analysis via skills or commands.

Parse Burp Suite .burp project files from the command line to search headers and bodies with regex, extract security findings like audit items, and dump filtered proxy history or sitemap for targeted HTTP security analysis workflows.

Audit codebases, configurations, and documentation for HIPAA compliance in healthcare applications. Detect PHI protection gaps, access control weaknesses, encryption issues, logging deficiencies, and BAA adherence problems via targeted skills and commands.

Follow NIST SP 800-61 to handle security incidents: classify breaches, preserve evidence, analyze logs using Bash tools on Linux, contain threats, investigate IOCs, eradicate malware, and recover systems. Invoke playbook with 'sir' shortcut for quick response workflow.

Audit PostgreSQL, MySQL, and MongoDB databases for security risks including misconfigurations, privileges, encryption, network exposure, default credentials, and SQL injection in app code. Run scans for 50+ OWASP vulnerabilities, generate compliance reports, automated remediation scripts, and audit trails from your IDE.

Audit authentication in JavaScript, Python, and Java web apps/APIs against OWASP/NIST standards—covering password hashing, JWT handling, sessions, OAuth flows, MFA, and account controls. Validate project setups by checking credentials, tokens, and config files for errors and compliance status.

Scan REST API code and endpoints for OWASP Top 10 vulnerabilities like injection, BOLA, broken auth, mass assignment, and rate limit issues. Run OWASP ZAP scans to detect misconfigurations and attack vectors, generating HTML reports, JSON findings, remediation guides, evidence, and Python regression tests.

Scan your codebase for OWASP Top 10 web security risks including injections, broken authentication, access control flaws, cryptographic failures, and misconfigurations. Generate detailed reports with remediation guidance to audit compliance and strengthen security.

Scan your current codebase for security vulnerabilities using SAST on code, CVE detection in npm, pip, and composer dependencies, plus configuration issues. Receive a structured report with severity ratings, detailed findings, and remediation steps to fix them quickly.

Add Redis-backed rate limiting to Express, FastAPI, Python, Node.js, or Java APIs using token bucket, sliding window, or quota algorithms. Enforce per-user or per-IP limits with configurable tiers, monitoring headers, and automatic 429 responses to protect against abuse.

Run interactive penetration tests on web apps and codebases: scan HTTP security headers for CSP/HSTS issues, audit npm/pip dependencies for vulnerabilities, analyze code for secrets/injections with bandit, get severity-prioritized findings, fix suggestions, and JSON reports.

Audit web app session management for vulnerabilities like fixation, ID generation flaws, expiration issues, cookie misconfigurations, insecure storage, and poor invalidation in Express, Django, Rails, Python, and Java apps. Check current Claude Code session status, including active state and user details.

Verify blockchain smart contracts match specifications from whitepapers, PDFs, Markdown, or URLs, detecting implementation gaps, undocumented behaviors, logic discrepancies, and security issues via structured audits and generating compliance reports.

Scan Android APK files or directories for Firebase security misconfigurations like open Realtime Database, Firestore, storage buckets, authentication issues, and exposed Cloud Functions to conduct mobile security audits and authorized pentesting.

Perform security reviews of pull requests, commits, or code diffs using git history for context, blast radius estimation, test coverage checks, and markdown report generation.

Blocks destructive git and filesystem commands before execution by intercepting shell commands and validating them against configurable safety rules at user, project, or GitHub scope.

Scan cryptographic code for timing side-channel vulnerabilities like secret-dependent branches and divisions across Go, Rust, Java, Kotlin, C#, PHP, JS/TS, Python, and Ruby. Run constant-time analysis via skills or commands to get violation reports in JSON, with filters for warnings, architecture, and functions.

Master Cursor IDE AI workflows using 30 guided skills: install and authenticate, configure custom models and rules, optimize indexing and performance, automate Composer for multi-file refactoring and scaffolding, troubleshoot errors, manage teams with SSO, and audit compliance.

Inspect Vertex AI Agent Engine deployments on Google Cloud to validate runtime configuration, agent health, security posture, performance, A2A compliance, and best practices. Generate readiness scores and detailed reports for production validation and monitoring.

Scan codebases for SQL injection vulnerabilities by tracing user inputs through code to database queries, identifying unsafe patterns like string concatenation and unparameterized ORM usage in Django, Rails, Express, and Go apps. Get risk reports and mitigation recommendations via skills or direct commands.

Monitor Ethereum and L2 mempools like BSC, Polygon, Arbitrum in real-time to detect MEV opportunities including sandwich attacks, arbitrage, liquidations; analyze pending transactions, DEX swaps; optimize gas prices via Python scripts and specialized agents.

Monitor cross-chain bridge activity across protocols like Wormhole, Stargate, Arbitrum, and Optimism. Track transfers, TVL, volume, fees, and transaction status. Analyze security models and validators while detecting exploits and anomalies.

Initialize Firestore Admin SDK in Node.js projects with authentication, manage safe CRUD operations batch writes queries schema design data migrations indexes, generate validate production-ready security rules using least privilege and emulator testing, and optimize performance costs.

Build secure Rust applications integrating Azure services: authenticate with Entra ID, manage Key Vault secrets/keys/certificates, perform CRUD on Cosmos DB documents and Blob Storage, and stream data via Event Hubs using official SDK patterns and code examples.

Scan Python, JavaScript, Ruby, and Docker configurations for insecure defaults like hardcoded secrets, fallback credentials, weak authentication, permissive settings, and dangerous production values. Run during security audits, config reviews, and pre-deployment checks to block fail-open vulnerabilities.

Orchestrate authorized penetration tests and red team engagements with 50+ specialist AI agents covering recon, web/API, Active Directory, cloud, mobile, wireless, exploitation, post-exploitation, detection, forensics, and reporting.

Audit GitHub Actions workflows to detect security vulnerabilities in AI agent integrations like Claude Code Action, Gemini CLI, OpenAI Codex, and GitHub AI Inference. Identify prompt injection risks and unsafe input flows in CI/CD pipelines before deployment.

Master Windsurf AI IDE with 30 skills to automate Cascade multi-file coding workflows, troubleshoot IDE issues, optimize performance and costs, configure enterprise RBAC/security/CI gates, deploy to Netlify/Vercel, and scale for large teams/monorepos.

Validate CSRF protections in Express, Django, Rails, and Laravel web apps by inventorying state-changing endpoints and auditing synchronizer tokens, double-submit cookies, SameSite attributes, and Origin/Referer headers to uncover compliance gaps and security issues.

Scan your codebase and configurations to generate audit-ready Markdown compliance reports for PCI DSS, HIPAA, SOC 2, GDPR, and ISO 27001. Assess security controls, identify gaps, and produce project documentation using the 'crg' shortcut or embedded playbook.

Encrypt and decrypt data with various algorithms using the /encrypt command and shortcut. Audit encryption implementations, validate crypto algorithms, and verify key management in codebases and configs during security reviews.

Scan Docker images and Dockerfiles for vulnerabilities, misconfigurations, and compliance using Trivy, Grype, Snyk, and Hadolint. Generate remediation reports with CI/CD integration plus production-ready secure container configurations, setup code, and documentation.

Scan codebases for input validation weaknesses risking SQL injection, XSS, command injection, path traversal, and buffer overflows, targeting user inputs from HTTP parameters, forms, and APIs during security audits.

Implement trigger-based audit logging for PostgreSQL and MySQL databases to track INSERT, UPDATE, and DELETE operations with metadata for compliance, security monitoring, and debugging. Generate SQL trigger templates, CDC strategies, and application-level logging setups.

Analyze any website's HTTP/HTTPS security headers to detect vulnerabilities, misconfigurations, OWASP compliance gaps, cookie problems, and info leaks. Receive overall grades plus targeted configuration fixes for Nginx, Apache, or Cloudflare servers.

Audit IaC templates like Terraform and CloudFormation, Docker and Kubernetes manifests, nginx configs, and app settings for security misconfigurations against OWASP and CIS benchmarks. Scan current projects for issues in code and settings, reporting problems with potential fixes.

Conduct professional security audits on code, infrastructure, and configurations. Identify OWASP Top 10 vulnerabilities, verify compliance with HIPAA, PCI-DSS, GDPR, and SOC 2 standards, and perform cryptography reviews to evaluate and strengthen your security posture.

Protect backend APIs from overload by generating throttling middleware, quota services, and management APIs with token bucket, sliding window algorithms, concurrency limits, circuit breakers, priority queues, and adaptive controls using Redis in Express, FastAPI, or JavaScript apps.

Audit EVM wallet security by scanning ERC20 approvals, transaction patterns, and contract interactions to compute risk scores and generate revoke lists via Python scripts.

Scan codebases for reflected, stored, and DOM-based XSS vulnerabilities across HTML, JavaScript, CSS, and URLs. Test WAF bypass techniques and CSP protections, then receive reports on risks with remediation suggestions via commands or natural language triggers.

Scan codebases and projects for GDPR compliance issues including consent flows, data erasure rights, transfers, processing agreements, and privacy risks. Generate detailed reports with identified gaps and remediation recommendations.

Implement structured logging for API requests with automatic correlation IDs, PII redaction, performance metrics, and security audit trails in JavaScript, Python, and Java backends. Use the setup command to configure request/response capture and log shipping in Node.js or Python apps for debugging, compliance, and observability workflows.