Skill

pop-assessment-security

Validates PopKit plugin security posture with vulnerability patterns, automated secret and injection scanning, OWASP checklists, and risk scoring.

Python

security

npx claudepluginhub jrc1883/popkit-ai --plugin popkit-ops

Popularity

Parent stars

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/popkit-ops:pop-assessment-security

User invocable

Model invocable

Forked subagent

Default effort

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

Provides concrete, reproducible security assessment for PopKit plugins using:

Supporting Files

checklists/injection-patterns.jsonchecklists/owasp-alignment.jsonchecklists/secret-detection.jsonscripts/calculate_risk.pyscripts/scan_injection.pyscripts/scan_secrets.pystandards/access-control.mdstandards/injection-prevention.mdstandards/input-validation.mdstandards/secret-patterns.md

SKILL.md

72 lines · ~624 tokens

Similar Skills

using-superpowers

203.3k

Mandates invoking relevant skills via tools before any response in coding sessions. Covers access, priorities, and adaptations for Claude Code, Copilot CLI, Gemini CLI.

3 files

superpowers

Stats

LanguagePython

Parent stars6

MaintenanceExcellent

Last CommitMay 5, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Stats

Actions

Help us improve

Share bugs, ideas, or general feedback.

Security Assessment Skill

Purpose

Provides concrete, reproducible security assessment for PopKit plugins using:

Machine-readable vulnerability patterns

Automated secret and injection scanning

OWASP-aligned security checklists

Deterministic scoring

How to Use

Step 1: Run Automated Security Scan

python skills/pop-assessment-security/scripts/scan_secrets.py packages/plugin/ python skills/pop-assessment-security/scripts/scan_injection.py packages/plugin/ python skills/pop-assessment-security/scripts/calculate_risk.py packages/plugin/

Step 2: Apply Security Checklists

Read and apply checklists in order:

checklists/secret-detection.json - Hardcoded credentials

checklists/injection-patterns.json - Command/path injection

checklists/owasp-alignment.json - OWASP Top 10 mapping

Step 3: Generate Report

Combine automated findings with checklist results for final security report.

Standards Reference

Standard

File

Key Checks

Secret Detection

standards/secret-patterns.md

SD-001 through SD-010

Injection Prevention

standards/injection-prevention.md

IP-001 through IP-008

Access Control

standards/access-control.md

AC-001 through AC-006

Input Validation

standards/input-validation.md

IV-001 through IV-008

Severity Classification

Level

Score

Description

Action

Critical

9-10

Immediately exploitable

Block release

High

7-8

Likely exploitable

Must fix

Medium

4-6

Conditionally exploitable

Should fix

Low

1-3

Minor risk

Consider fixing

Info

Best practice

Optional

Output

Returns JSON with:

risk_score: 0-100 (higher = more risk)

vulnerabilities: List with severity, location, CWE

passed_checks: Security controls that passed

recommendations: Prioritized fix list

Security Assessment Skill

Purpose

Provides concrete, reproducible security assessment for PopKit plugins using:

Machine-readable vulnerability patterns
Automated secret and injection scanning
OWASP-aligned security checklists
Deterministic scoring

How to Use

Step 1: Run Automated Security Scan

python skills/pop-assessment-security/scripts/scan_secrets.py packages/plugin/
python skills/pop-assessment-security/scripts/scan_injection.py packages/plugin/
python skills/pop-assessment-security/scripts/calculate_risk.py packages/plugin/

Step 2: Apply Security Checklists

Read and apply checklists in order:

checklists/secret-detection.json - Hardcoded credentials
checklists/injection-patterns.json - Command/path injection
checklists/owasp-alignment.json - OWASP Top 10 mapping

Step 3: Generate Report

Combine automated findings with checklist results for final security report.

Standards Reference

Standard	File	Key Checks
Secret Detection	`standards/secret-patterns.md`	SD-001 through SD-010
Injection Prevention	`standards/injection-prevention.md`	IP-001 through IP-008
Access Control	`standards/access-control.md`	AC-001 through AC-006
Input Validation	`standards/input-validation.md`	IV-001 through IV-008

Severity Classification

Level	Score	Description	Action
Critical	9-10	Immediately exploitable	Block release
High	7-8	Likely exploitable	Must fix
Medium	4-6	Conditionally exploitable	Should fix
Low	1-3	Minor risk	Consider fixing
Info	0	Best practice	Optional

Output

Returns JSON with:

risk_score: 0-100 (higher = more risk)
vulnerabilities: List with severity, location, CWE
passed_checks: Security controls that passed
recommendations: Prioritized fix list

pop-assessment-security

Popularity

Invocation

Context Preview

Supporting Files

SKILL.md

Similar Skills

Help us improve

Help us improve

Find plugins for your project

pop-assessment-security

Popularity

Invocation

Context Preview

Supporting Files

SKILL.md

Security Assessment Skill

Purpose

How to Use

Step 1: Run Automated Security Scan

Step 2: Apply Security Checklists

Step 3: Generate Report

Standards Reference

Severity Classification

Output

Similar Skills

Help us improve

Security Assessment Skill

Purpose

How to Use

Step 1: Run Automated Security Scan

Step 2: Apply Security Checklists

Step 3: Generate Report

Standards Reference

Severity Classification

Output