{"name":"enchanter-ai-hydra","owner":{"name":"ClaudePluginHub"},"plugins":[{"name":"enchanter-ai-hydra-secret-scanner-plugins-secret-scanner","source":{"source":"github","repo":"enchanter-ai/hydra"},"description":"Real-time secret detection in written files. 200+ patterns, Shannon entropy, Aho-Corasick matching.","version":"1.0.0","strict":true,"keywords":["secrets","scanning","aho-corasick","entropy","detection"],"category":"utilities"},{"name":"enchanter-ai-hydra-vuln-detector-plugins-vuln-detector","source":{"source":"github","repo":"enchanter-ai/hydra"},"description":"OWASP Top 10 and CWE-mapped vulnerability detection in code changes.","version":"1.0.0","strict":true,"keywords":["vulnerability","owasp","cwe","security","detection"],"category":"security"},{"name":"enchanter-ai-hydra-action-guard-plugins-action-guard","source":{"source":"github","repo":"enchanter-ai/hydra"},"description":"Pre-execution classification and blocking of dangerous Bash commands.","version":"1.0.0","strict":true,"keywords":["bash","guard","blocking","commands","safety"],"category":"utilities"},{"name":"enchanter-ai-hydra-config-shield-plugins-config-shield","source":{"source":"github","repo":"enchanter-ai/hydra"},"description":"Session-start scanning for malicious repository configuration files.","version":"1.0.0","strict":true,"keywords":["config","poisoning","repository","malicious","detection"],"category":"deployment"},{"name":"enchanter-ai-hydra-audit-trail-plugins-audit-trail","source":{"source":"github","repo":"enchanter-ai/hydra"},"description":"Comprehensive security event logging with rotation and reporting.","version":"1.0.0","strict":true,"keywords":["audit","logging","events","trail","compliance"],"category":"security"},{"name":"enchanter-ai-hydra-package-gate-plugins-package-gate","source":{"source":"github","repo":"enchanter-ai/hydra"},"description":"Advisory PreToolUse gate on package install commands. Surfaces 5 supply-chain risk signals (existence, age, maintainer, typosquat, download-cliff) before npm/pip/etc. install runs. Always exit 0; never blocks.","version":"0.1.0","strict":true,"keywords":["supply-chain","npm","pip","typosquat","slopsquat","advisory","pretooluse"],"category":"utilities"},{"name":"enchanter-ai-hydra-egress-monitor-plugins-egress-monitor","source":{"source":"github","repo":"enchanter-ai/hydra"},"description":"Advisory PostToolUse logger for network egress. Records every WebFetch / WebSearch / Bash-network destination to an append-only NDJSON log and emits a stderr advisory on first-seen domains. Always exit 0; never blocks.","version":"0.1.0","strict":true,"keywords":["egress","network","audit","advisory","posttooluse","observability"],"category":"utilities"},{"name":"enchanter-ai-hydra-canary-plugins-canary","source":{"source":"github","repo":"enchanter-ai/hydra"},"description":"Advisory prompt-injection canary harness. PreToolUse(WebFetch) seeds a per-session high-entropy canary token into a stderr advisory; PostToolUse(*) scans every subsequent tool input/output for canary leakage. A hit indicates a successful indirect prompt injection took control of the agent. Always exit 0; never blocks.","version":"0.1.0","strict":true,"keywords":["prompt-injection","canary","webfetch","indirect-injection","advisory","telemetry"],"category":"utilities"},{"name":"enchanter-ai-hydra-capability-fence-plugins-capability-fence","source":{"source":"github","repo":"enchanter-ai/hydra"},"description":"Best-effort PreToolUse capability fence. Compares the tool being invoked against the active skill's declared allowed-tools list and emits a stderr advisory on mismatch. Observability only; cannot block. Real per-subagent runtime sandboxing requires harness/SDK changes outside plugin scope.","version":"0.1.0","strict":true,"keywords":["subagent-escape","capability","delegation","advisory","pretooluse","f-010","f-050"],"category":"productivity"},{"name":"enchanter-ai-license-gate-plugins-license-gate","source":{"source":"github","repo":"enchanter-ai/hydra"},"description":"License compliance scanner for npm and pip dependency trees. Classifies every transitive dep against an allow/deny/warn policy (state/policy.json) using `npx license-checker` (Node) and `pip-licenses` (Python). Advisory by default; opt-in `--fail-on-deny` for release gating.","version":"0.1.0","strict":true,"keywords":["license","compliance","supply-chain","sbom","policy"],"category":"deployment"},{"name":"enchanter-ai-sbom-emitter-plugins-sbom-emitter","source":{"source":"github","repo":"enchanter-ai/hydra"},"description":"Emits CycloneDX SBOM for npm and pip projects on release.","version":"0.1.0","strict":true,"keywords":[],"category":"deployment"},{"name":"enchanter-ai-hydra-egress-shield-plugins-egress-shield","source":{"source":"github","repo":"enchanter-ai/hydra"},"description":"OPT-IN BLOCKING PreToolUse egress allowlist. Pairs with hydra-egress-monitor (advisory). When state/egress-policy.json sets enabled:true, blocks WebFetch / WebSearch / Bash-network calls whose destination host is not in the allowlist by exiting 2. Default disabled (no-op). Closes audit finding F-005.","version":"0.1.0","strict":true,"keywords":["egress","allowlist","blocking","opt-in","shield","f-005","pretooluse"],"category":"utilities"},{"name":"enchanter-ai-hydra-capability-shield-plugins-capability-shield","source":{"source":"github","repo":"enchanter-ai/hydra"},"description":"OPT-IN BLOCKING capability allowlist. Sibling of hydra-capability-fence (advisory). When state/capability-policy.json sets enabled:true, this shield blocks any tool call whose name is not in the active skill's declared allowed-tools frontmatter list. Default disabled — out of the box this shield does nothing.","version":"0.1.0","strict":true,"keywords":["subagent-escape","capability","delegation","blocking","pretooluse","f-010"],"category":"productivity"},{"name":"enchanter-ai-hydra-reach-filter-plugins-reach-filter","source":{"source":"github","repo":"enchanter-ai/hydra"},"description":"Reachability-aware SCA post-filter. Consumes vuln-detector audit.jsonl findings and lich's call-graph (when available) and emits a reach-classified subset distinguishing 'reachable from entrypoint' from 'present-but-unreachable' vulnerabilities. Off by default; operator-invoked via scripts/reach-filter.py. Currently scaffolded — full integration is BLOCKED on lich exporting a persisted call-graph artifact.","version":"0.1.0","strict":true,"keywords":["reachability","sca","call-graph","vuln-filter","post-filter","advisory"],"category":"utilities"}]}