Validates PopKit security posture using concrete vulnerability patterns, automated secret scanning, and OWASP-aligned checklists
Validates PopKit plugin security using automated secret scanning, injection detection, and OWASP-aligned checklists. Triggers when you request security assessment of a plugin or before package releases.
/plugin marketplace add jrc1883/popkit-claude/plugin install popkit-ops@popkit-claudeThis skill inherits all available tools. When active, it can use any tool Claude has access to.
checklists/injection-patterns.jsonchecklists/owasp-alignment.jsonchecklists/secret-detection.jsonscripts/calculate_risk.pyscripts/scan_injection.pyscripts/scan_secrets.pystandards/access-control.mdstandards/injection-prevention.mdstandards/input-validation.mdstandards/secret-patterns.mdProvides concrete, reproducible security assessment for PopKit plugins using:
python skills/pop-assessment-security/scripts/scan_secrets.py packages/plugin/
python skills/pop-assessment-security/scripts/scan_injection.py packages/plugin/
python skills/pop-assessment-security/scripts/calculate_risk.py packages/plugin/
Read and apply checklists in order:
checklists/secret-detection.json - Hardcoded credentialschecklists/injection-patterns.json - Command/path injectionchecklists/owasp-alignment.json - OWASP Top 10 mappingCombine automated findings with checklist results for final security report.
| Standard | File | Key Checks |
|---|---|---|
| Secret Detection | standards/secret-patterns.md | SD-001 through SD-010 |
| Injection Prevention | standards/injection-prevention.md | IP-001 through IP-008 |
| Access Control | standards/access-control.md | AC-001 through AC-006 |
| Input Validation | standards/input-validation.md | IV-001 through IV-008 |
| Level | Score | Description | Action |
|---|---|---|---|
| Critical | 9-10 | Immediately exploitable | Block release |
| High | 7-8 | Likely exploitable | Must fix |
| Medium | 4-6 | Conditionally exploitable | Should fix |
| Low | 1-3 | Minor risk | Consider fixing |
| Info | 0 | Best practice | Optional |
Returns JSON with:
risk_score: 0-100 (higher = more risk)vulnerabilities: List with severity, location, CWEpassed_checks: Security controls that passedrecommendations: Prioritized fix listApplies Anthropic's official brand colors and typography to any sort of artifact that may benefit from having Anthropic's look-and-feel. Use it when brand colors or style guidelines, visual formatting, or company design standards apply.
Create beautiful visual art in .png and .pdf documents using design philosophy. You should use this skill when the user asks to create a poster, piece of art, design, or other static piece. Create original visual designs, never copying existing artists' work to avoid copyright violations.
Guide users through a structured workflow for co-authoring documentation. Use when user wants to write documentation, proposals, technical specs, decision docs, or similar structured content. This workflow helps users efficiently transfer context, refine content through iteration, and verify the doc works for readers. Trigger when user mentions writing docs, creating proposals, drafting specs, or similar documentation tasks.