claude-code-plugins-plus-skills
github.com/jeremylongshore/claude-code-plugins-plus-skills
Skill | Added | Review |
|---|---|---|
scanning-for-vulnerabilities This skill enables comprehensive vulnerability scanning using the vulnerability-scanner plugin. It identifies security vulnerabilities in code, dependencies, and configurations, including CVE detection. Use this skill when the user asks to scan for vulnerabilities, security issues, or CVEs in their project. Trigger phrases include "scan for vulnerabilities", "find security issues", "check for CVEs", "/scan", or "/vuln". The plugin performs static analysis, dependency checking, and configuration analysis to provide a detailed vulnerability report. | 90 1.03x Agent success vs baseline Impact 97% 1.03xAverage score across 9 eval scenarios Securityby  Passed No known issues Reviewed: Version: 13d35b8 | |
managing-ssltls-certificates This skill enables Claude to manage and monitor SSL/TLS certificates using the ssl-certificate-manager plugin. It is activated when the user requests actions related to SSL certificates, such as checking certificate expiry, renewing certificates, or listing installed certificates. Use this skill when the user mentions "SSL certificate", "TLS certificate", "certificate expiry", "renew certificate", or similar phrases related to SSL/TLS certificate management. The plugin can list, check, and renew certificates, providing vital information for maintaining secure connections. | 66 0.86x Agent success vs baseline Impact 79% 0.86xAverage score across 3 eval scenarios Securityby Advisory Suggest reviewing before use Reviewed: Version: 13d35b8 | |
detecting-sql-injection-vulnerabilities This skill enables Claude to detect SQL injection vulnerabilities in code. It uses the sql-injection-detector plugin to analyze codebases, identify potential SQL injection flaws, and provide remediation guidance. Use this skill when the user asks to find SQL injection vulnerabilities, scan for SQL injection, or check code for SQL injection risks. The skill is triggered by phrases like "detect SQL injection", "scan for SQLi", or "check for SQL injection vulnerabilities". | 87 1.13x Agent success vs baseline Impact 92% 1.13xAverage score across 9 eval scenarios Securityby Passed No known issues Reviewed: Version: 13d35b8 | |
assisting-with-soc2-audit-preparation This skill assists with SOC2 audit preparation by automating tasks related to evidence gathering and documentation. It leverages the soc2-audit-helper plugin to generate reports, identify potential compliance gaps, and suggest remediation steps. Use this skill when the user requests help with "SOC2 audit", "compliance check", "security controls", "audit preparation", or "evidence gathering" related to SOC2. It streamlines the initial stages of SOC2 compliance, focusing on automated data collection and preliminary analysis. | 88 1.00x No change in agent success vs baseline Impact 95% 1.00xAverage score across 9 eval scenarios Securityby Passed No known issues Reviewed: Version: 13d35b8 | |
checking-session-security This skill enables Claude to check session security implementations within a codebase. It analyzes session management practices to identify potential vulnerabilities. Use this skill when a user requests to "check session security", "audit session handling", "review session implementation", or asks about "session security best practices" in their code. It helps identify issues like insecure session IDs, lack of proper session expiration, or insufficient protection against session fixation attacks. This skill leverages the session-security-checker plugin. | 90 1.02x Agent success vs baseline Impact 97% 1.02xAverage score across 9 eval scenarios Securityby Passed No known issues Reviewed: Version: 13d35b8 | |
finding-security-misconfigurations This skill enables Claude to identify potential security misconfigurations in various systems and configurations. It leverages the security-misconfiguration-finder plugin to analyze infrastructure-as-code, application configurations, and system settings, pinpointing common vulnerabilities and compliance issues. Use this skill when the user asks to "find security misconfigurations", "check for security vulnerabilities in my configuration", "audit security settings", or requests a security assessment of a specific system or file. This skill will assist in identifying and remediating potential security weaknesses. | 90 1.01x Agent success vs baseline Impact 100% 1.01xAverage score across 9 eval scenarios Securityby Passed No known issues Reviewed: Version: 13d35b8 | |
responding-to-security-incidents Assists with security incident response, investigation, and remediation. This skill is triggered when the user requests help with incident response, mentions specific incident types (e.g., data breach, ransomware, DDoS), or uses terms like "incident response plan", "containment", "eradication", or "post-incident activity". It guides the user through the incident response lifecycle, from preparation to post-incident analysis. It is useful for classifying incidents, creating response playbooks, collecting evidence, constructing timelines, and generating remediation steps. Use this skill when needing to respond to a "security incident". | 89 1.01x Agent success vs baseline Impact 98% 1.01xAverage score across 9 eval scenarios Securityby Passed No known issues Reviewed: Version: 13d35b8 | |
analyzing-security-headers This skill analyzes HTTP security headers of a given domain to identify potential vulnerabilities and misconfigurations. It provides a detailed report with a grade, score, and recommendations for improvement. Use this skill when the user asks to "analyze security headers", "check HTTP security", "scan for security vulnerabilities", or requests a "security audit" of a website. It will automatically activate when security-related keywords are used in conjunction with domain names or URLs. | 87 1.16x Agent success vs baseline Impact 94% 1.16xAverage score across 9 eval scenarios Securityby Advisory Suggest reviewing before use Reviewed: Version: 13d35b8 | |
generating-security-audit-reports This skill enables Claude to generate comprehensive security audit reports. It is designed to provide insights into an application or system's security posture, compliance status, and recommended remediation steps. Use this skill when the user requests a "security audit report", wants to "audit security", or needs a "vulnerability assessment report". The skill analyzes security data and produces a detailed report in various formats. It is best used to identify vulnerabilities, track compliance, and create remediation roadmaps. The skill can be activated via the command `/audit-report` or its shortcut `/auditreport`. | 90 1.03x Agent success vs baseline Impact 100% 1.03xAverage score across 9 eval scenarios Securityby Passed No known issues Reviewed: Version: 13d35b8 | |
scanning-for-secrets This skill helps you scan your codebase for exposed secrets and credentials. It uses pattern matching and entropy analysis to identify potential security vulnerabilities such as API keys, passwords, and private keys. Use this skill when you want to proactively identify and remediate exposed secrets before they are committed to version control or deployed to production. It is triggered by phrases like "scan for secrets", "check for exposed credentials", "find API keys", or "run secret scanner". | 77 1.18x Agent success vs baseline Impact 90% 1.18xAverage score across 9 eval scenarios Securityby Risky Do not use without reviewing Reviewed: Version: 13d35b8 | |
performing-penetration-testing This skill enables automated penetration testing of web applications. It uses the penetration-tester plugin to identify vulnerabilities, including OWASP Top 10 threats, and suggests exploitation techniques. Use this skill when the user requests a "penetration test", "pentest", "vulnerability assessment", or asks to "exploit" a web application. It provides comprehensive reporting on identified security flaws. | 86 1.00x No change in agent success vs baseline Impact 90% 1.00xAverage score across 12 eval scenarios Securityby Advisory Suggest reviewing before use Reviewed: Version: 13d35b8 | |
validating-pci-dss-compliance This skill uses the pci-dss-validator plugin to assess codebases and infrastructure configurations for compliance with the Payment Card Industry Data Security Standard (PCI DSS). It identifies potential vulnerabilities and deviations from PCI DSS requirements. Use this skill when the user requests to "validate PCI compliance", "check PCI DSS", "assess PCI security", or "review PCI standards" for a given project or configuration. It helps ensure that systems handling cardholder data meet the necessary security controls. | 86 1.08x Agent success vs baseline Impact 89% 1.08xAverage score across 12 eval scenarios Securityby Passed No known issues Reviewed: Version: 13d35b8 | |
scanning-input-validation-practices This skill enables Claude to automatically scan source code for potential input validation vulnerabilities. It identifies areas where user-supplied data is not properly sanitized or validated before being used in operations, which could lead to security exploits like SQL injection, cross-site scripting (XSS), or command injection. Use this skill when the user asks to "scan for input validation issues", "check input sanitization", "find potential XSS vulnerabilities", or similar requests related to securing user input. It is particularly useful during code reviews, security audits, and when hardening applications against common web vulnerabilities. The skill leverages the input-validation-scanner plugin to perform the analysis. | 87 1.09x Agent success vs baseline Impact 90% 1.09xAverage score across 12 eval scenarios Securityby Passed No known issues Reviewed: Version: 13d35b8 | |
checking-hipaa-compliance This skill enables Claude to automatically check for HIPAA (Health Insurance Portability and Accountability Act) compliance issues in codebases, infrastructure configurations, and documentation. It leverages the hipaa-compliance-checker plugin to identify potential violations related to data privacy, security, and access controls. Use this skill when the user explicitly requests to "check HIPAA compliance", "scan for HIPAA violations", "assess HIPAA readiness", or similar phrases related to HIPAA audits and security best practices. It is useful for projects handling protected health information (PHI) and requiring adherence to HIPAA regulations. | 86 1.13x Agent success vs baseline Impact 93% 1.13xAverage score across 9 eval scenarios Securityby Passed No known issues Reviewed: Version: 13d35b8 | |
scanning-for-gdpr-compliance This skill enables Claude to scan applications and data systems for GDPR compliance issues. It identifies potential violations related to data protection, privacy rights, consent management, and other regulatory requirements. Use this skill when the user asks to "scan for GDPR compliance", check "GDPR compliance", or audit for "data privacy". The skill leverages the `gdpr-compliance-scanner` plugin to perform a comprehensive assessment and generate a detailed report. | 93 1.25x Agent success vs baseline Impact 97% 1.25xAverage score across 15 eval scenarios Securityby Passed No known issues Reviewed: Version: 13d35b8 | |
encrypting-and-decrypting-data This skill enables Claude to encrypt and decrypt data using various algorithms provided by the encryption-tool plugin. It should be used when the user requests to "encrypt data", "decrypt a file", "generate an encrypted file", or needs to secure sensitive information. This skill supports various encryption methods and ensures data confidentiality. It is triggered by requests related to data encryption, decryption, or general data security needs. | 91 1.01x Agent success vs baseline Impact 96% 1.01xAverage score across 12 eval scenarios Securityby Risky Do not use without reviewing Reviewed: Version: 13d35b8 | |
analyzing-dependencies This skill analyzes project dependencies for security vulnerabilities, outdated packages, and license compliance issues. It helps identify potential risks in your project's dependencies using the dependency-checker plugin. Use this skill when you need to check dependencies for vulnerabilities, identify outdated packages that need updates, or ensure license compatibility. Trigger phrases include "check dependencies", "dependency check", "find vulnerabilities", "scan for outdated packages", "/depcheck", and "license compliance". This skill supports npm, pip, composer, gem, and go modules projects. | 92 1.09x Agent success vs baseline Impact 96% 1.09xAverage score across 12 eval scenarios Securityby Passed No known issues Reviewed: Version: 13d35b8 | |
validating-csrf-protection This skill helps to identify Cross-Site Request Forgery (CSRF) vulnerabilities in web applications. It validates the implementation of CSRF protection mechanisms, such as synchronizer tokens, double-submit cookies, SameSite attributes, and origin validation. Use this skill when you need to analyze your application's security posture against CSRF attacks or when asked to "validate csrf", "check for csrf vulnerabilities", or "test csrf protection". | 63 Impact Pending No eval scenarios have been run Securityby Passed No known issues Reviewed: Version: 13d35b8 | |
generating-compliance-reports This skill enables Claude to generate compliance reports based on various security standards and frameworks. It leverages the compliance-report-generator plugin to automate the report creation process. Use this skill when a user requests a "compliance report", "security audit report", or needs documentation for "regulatory compliance". The skill is particularly useful for generating reports related to standards like PCI DSS, HIPAA, SOC 2, or ISO 27001. It can also assist with documenting adherence to specific security policies. | 59 Impact Pending No eval scenarios have been run Securityby Passed No known issues Reviewed: Version: 13d35b8 | |
validating-authentication-implementations This skill enables Claude to validate authentication implementations against security best practices and industry standards. It analyzes various authentication methods, including JWT, OAuth, session-based authentication, and API keys. Use this skill when you need to perform an authentication security check, assess password policies, evaluate MFA implementation, or analyze session security. Trigger this skill with phrases like "validate authentication," "authentication check," or "authcheck." | 81 1.07x Agent success vs baseline Impact 83% 1.07xAverage score across 15 eval scenarios Securityby Passed No known issues Reviewed: Version: 13d35b8 | |
auditing-access-control This skill enables Claude to audit access control implementations in various systems. It uses the access-control-auditor plugin to identify potential vulnerabilities and misconfigurations related to access control. Use this skill when the user asks to "audit access control", "check permissions", "assess access rights", or requests a "security review" focused on access management. It's particularly useful for analyzing IAM policies, ACLs, and other access control mechanisms in cloud environments, applications, or infrastructure. The skill helps ensure compliance with security best practices and identify potential privilege escalation paths. | 68 Impact Pending No eval scenarios have been run Securityby Passed No known issues Reviewed: Version: 13d35b8 | |
overnight-development Automates software development overnight using Git hooks to enforce test-driven development (TDD). This skill should be used when Claude needs to build new features, refactor existing code, or fix bugs autonomously, ensuring all changes are fully tested and meet specified quality standards. Use when the user mentions "overnight development", "autonomous coding", or asks about TDD workflows and Git hooks. This skill leverages Git hooks to block commits until all tests pass, enforcing a rigorous TDD process and ensuring high-quality, production-ready code. | 28 2.12x Agent success vs baseline Impact 68% 2.12xAverage score across 3 eval scenarios Securityby Passed No known issues Reviewed: Version: 13d35b8 | |
agent-context-loader PROACTIVE AUTO-LOADING: Automatically detects and loads AGENTS.md files from the current working directory when starting a session or changing directories. This skill ensures agent-specific instructions are incorporated into Claude Code's context alongside CLAUDE.md, enabling specialized agent behaviors. Triggers automatically when Claude detects it's working in a directory, when starting a new session, or when explicitly requested to "load agent context" or "check for AGENTS.md file". | 60 Impact Pending No eval scenarios have been run Securityby Passed No known issues Reviewed: Version: 13d35b8 | |
Google Cloud Agent SDK Master Automatic activation for ALL Google Cloud Agent Development Kit (ADK) and Agent Starter Pack operations - multi-agent systems, containerized deployment, RAG agents, and production orchestration. **TRIGGER PHRASES:** - "adk", "agent development kit", "agent starter pack", "multi-agent", "build agent" - "cloud run agent", "gke deployment", "agent engine", "containerized agent" - "rag agent", "react agent", "agent orchestration", "agent templates" **AUTO-INVOKES FOR:** - Agent creation and scaffolding - Multi-agent system design - Containerized agent deployment - RAG (Retrieval-Augmented Generation) implementation - CI/CD pipeline setup for agents - Agent evaluation and monitoring | 17 Impact Pending No eval scenarios have been run Securityby Passed No known issues Reviewed: Version: 13d35b8 | |
Vertex AI Media Master Automatic activation for ALL Google Vertex AI multimodal operations - video processing, audio generation, image creation, and marketing campaigns. **TRIGGER PHRASES:** - "vertex ai", "gemini multimodal", "process video", "generate audio", "create images", "marketing campaign" - "imagen", "video understanding", "multimodal", "content generation", "media assets" **AUTO-INVOKES FOR:** - Video processing and understanding (up to 6 hours) - Audio generation and transcription - Image generation with Imagen 4 - Marketing campaign automation - Social media content creation - Ad creative generation - Multimodal content workflows | 18 Impact Pending No eval scenarios have been run Securityby Passed No known issues Reviewed: Version: 13d35b8 |