claudeindex
jassics's avatar
Author

Jassics

@jassics
1
Marketplaces
43
Plugins
0
Skills
0
Agents
0
Commands

Marketplaces

Marketplace

awesome-claude-security

Claude Code skills, agents, and tooling for cybersecurity and GenAI security work.

Plugins:43
Skills:0
4
0

Plugins

Plugin

security-diagramming

Attack trees, threat-model DFDs, architecture diagrams, mindmaps, and infographics for security work (Excalidraw-based).

Plugin

security-reporting

Generate consistent findings, pentest reports, vulnerability writeups, and executive summaries from your work.

Plugin

security-integrations

Publish security work where teams live: findings to Jira, reports/runbooks to Confluence, and reports/diagrams to Google Drive (Atlassian MCP wired).

Plugin

security-knowledge

Shared reference packs for consistent mapping: MITRE ATT&CK lookup, OWASP Top 10 families (Web/API/LLM/Mobile), and cross-framework crosswalks (CWE, NIST, CIS, ISO 27001).

Plugin

threat-modeling

STRIDE / PASTA threat modeling, data flow diagrams, attack trees, and risk-ranked mitigations.

Plugin

web-app-security

Web application security testing: OWASP Web Top 10 assessment, access-control/IDOR testing, and injection testing.

Plugin

api-security

API security testing: OWASP API Security Top 10 assessment and object/function-level authorization (BOLA/BFLA) testing.

Plugin

mobile-security

Mobile app security (Android/iOS): OWASP MASVS review and MASTG-based testing methodology.

Plugin

sast-sca

Static analysis (SAST) and software composition analysis (SCA): run/triage code scans, dependency/SBOM analysis, and prioritize findings.

Plugin

cloud-security

Cloud security (AWS/Azure/GCP): posture review, IAM least-privilege review, and misconfiguration scanning.

Plugin

k8s-security

Kubernetes security: cluster review (CIS / 4Cs), RBAC least-privilege audit, and workload/pod hardening (Pod Security Standards).

Plugin

infrastructure-security

Infrastructure security: Infrastructure-as-Code (IaC) security review, host/OS hardening against CIS benchmarks, and secrets-management review.

Plugin

detection-engineering

Detection engineering: detection-as-code rule development (Sigma/YARA/KQL/SPL), ATT&CK coverage gap analysis, and hypothesis-driven threat hunting.

Plugin

dfir

Digital forensics & incident response: drive the IR lifecycle (NIST 800-61 / PICERL), forensic evidence triage and timelining, and IOC development.

Plugin

threat-intelligence

Cyber threat intelligence: run the CTI lifecycle with structured analysis, enrich and pivot on IOCs, and profile threat actors/campaigns (ATT&CK, Diamond Model).

Plugin

network-security

Network security: authorized network penetration testing, segmentation/firewall review, and protocol/service security assessment.

Plugin

osint

Open-source intelligence: external footprinting & attack-surface mapping, exposure discovery (leaks/exposed assets), and people/social recon.

Plugin

vulnerability-management

Risk-based vulnerability management: triage and dedupe scanner output, prioritize with CVSS/EPSS/CISA KEV + asset context, and track remediation against SLAs.

Plugin

supply-chain-security

Software supply-chain security: dependency trust review (typosquatting/dependency-confusion/maintainer risk), artifact provenance & signing (SLSA/Sigstore), and CI/CD pipeline integrity.

Plugin

claude-config-security

Static security review of a Claude Code / AI-agent configuration (settings, permissions, hooks, MCP servers, agents, skills, CLAUDE.md) via the agentscanner CLI: scan, triage, harden.

Plugin

llm-security

OWASP LLM Top 10 assessment, prompt-injection testing, and threat modeling for LLM, RAG, and agentic AI systems.

Plugin

rag-security

Security for Retrieval-Augmented Generation: pipeline review, retrieval/data poisoning testing, and vector-store isolation checks.

Plugin

agentic-ai-security

Security for autonomous, tool-using AI agents: review, tool-permission audit, and autonomy-boundary testing for excessive agency.

Plugin

multimodal-security

Security for multimodal AI: cross-modal injection testing (image/audio/document) and input-handling review across modalities.

Plugin

mlops-security

Security for the ML lifecycle and infrastructure: ML supply chain (model/dataset provenance, unsafe deserialization), training/MLOps pipeline security, and model-serving hardening.

Plugin

ai-safety

AI safety (distinct from security): harm modeling, safety evaluations, responsible red-teaming, bias/fairness, guardrail review, and responsible-AI governance.

Plugin

ai-safety-engineer

AI safety engineer role bundle: build and operationalize safeguards (evals-in-CI, guardrails, monitoring, safety cases, governance). Auto-installs the ai-safety stack.

Plugin

responsible-ai-officer

Responsible-AI governance role: AI use-case intake & risk-tiering, oversight, documentation, and compliance (NIST AI RMF / EU AI Act / ISO 42001). Auto-installs the ai-safety stack.

Plugin

pentester

Pentester role bundle: recon workflow, methodology-driven testing, and engagement reporting. Auto-installs its core/domain stack (osint, web, network, threat-modeling).

Plugin

red-team

Red-team role bundle: objectives-based adversary emulation aligned to real threat-actor TTPs (ATT&CK), from recon to impact. Auto-installs its offensive + intel stack.

Plugin

blue-team

Blue-team role bundle: threat-informed defense across detection, response, hunting, and intel, plus purple-team validation. Auto-installs the defensive stack.

Plugin

soc-siem

SOC / SIEM operations role bundle: alert triage, monitoring, enrichment, and tiered escalation. Auto-installs the defensive stack.

Plugin

security-architect

Security architect role bundle: secure-by-design architecture and design review, threat modeling, control selection, and trust-boundary analysis. Auto-installs its core stack.

Plugin

security-analyst

Security analyst role bundle: investigation and analysis (T2/T3) — correlate telemetry, enrich with intel, reconstruct timelines, and reach evidence-backed verdicts. Auto-installs the defensive stack.

Plugin

security-engineer

Security engineer role bundle: build and harden — DevSecOps, secure CI/CD pipelines, control implementation, and remediation across code, cloud, and infrastructure. Auto-installs its stack.

Plugin

grc

Governance, risk & compliance: framework gap-assessments (SOC 2 / ISO 27001 / PCI / HIPAA / GDPR / NIST), security risk assessment & register, and policy management. Auto-installs reporting + diagramming.

Plugin

ciso-toolkit

CISO executive toolkit: security strategy & roadmap, cyber-risk quantification, and board/executive decks. Auto-installs reporting, diagramming, and threat-modeling.

Plugin

cto-security

CTO security advisor: secure-by-design at scale (paved roads, guardrails, enablement) and technology-risk assessment for strategic decisions. Auto-installs threat-modeling, diagramming, reporting.

Plugin

genai-suite

Domain suite: one-shot install of the GenAI / AI-security plugins (LLM, RAG, agentic, multimodal, MLOps).

Plugin

cloud-suite

Domain suite: one-shot install of cloud-security, k8s-security, and infrastructure-security.

Plugin

appsec-suite

Domain suite: one-shot install of the appsec plugins (web, API, mobile, SAST/SCA).

Plugin

ai-safety-suite

Trustworthy-AI suite: pairs AI safety with the full GenAI security stack (ai-safety + genai-suite).

Plugin

blueops-suite

Defensive operations suite: one-shot install of detection-engineering, dfir, and threat-intelligence.