{"name":"jassics-awesome-claude-security","owner":{"name":"ClaudePluginHub"},"plugins":[{"name":"jassics-security-diagramming-plugins-security-diagramming","source":{"source":"github","repo":"jassics/awesome-claude-security"},"description":"Attack trees, threat-model DFDs, architecture diagrams, mindmaps, and infographics for security work.","version":"0.1.0","strict":true,"keywords":["diagram","excalidraw","attack-tree","dfd","mindmap","infographic","mermaid"],"category":"security"},{"name":"jassics-security-reporting-plugins-security-reporting","source":{"source":"github","repo":"jassics/awesome-claude-security"},"description":"Generate consistent findings, pentest reports, vulnerability writeups, and executive summaries with CVSS scoring.","version":"0.1.0","strict":true,"keywords":["reporting","findings","pentest-report","executive-summary","cvss","remediation"],"category":"testing"},{"name":"jassics-threat-modeling-plugins-threat-modeling","source":{"source":"github","repo":"jassics/awesome-claude-security"},"description":"STRIDE / PASTA threat modeling, data flow diagrams, attack trees, and risk-ranked mitigations.","version":"0.1.0","strict":true,"keywords":["threat-modeling","stride","pasta","dfd","risk","secure-design"],"category":"security"},{"name":"jassics-web-app-security-plugins-web-app-security","source":{"source":"github","repo":"jassics/awesome-claude-security"},"description":"Web application security testing: OWASP Web Top 10 assessment, access-control/IDOR testing, and injection testing.","version":"0.1.0","strict":true,"keywords":["web","appsec","owasp","wstg","xss","sqli","access-control"],"category":"testing"},{"name":"jassics-api-security-plugins-api-security","source":{"source":"github","repo":"jassics/awesome-claude-security"},"description":"API security testing: OWASP API Security Top 10 assessment and object/function-level authorization (BOLA/BFLA) testing.","version":"0.1.0","strict":true,"keywords":["api","appsec","owasp-api","bola","bfla","rest","graphql"],"category":"testing"},{"name":"jassics-mobile-security-plugins-mobile-security","source":{"source":"github","repo":"jassics/awesome-claude-security"},"description":"Mobile app security (Android/iOS): OWASP MASVS review and MASTG-based testing methodology.","version":"0.1.0","strict":true,"keywords":["mobile","android","ios","masvs","mastg","appsec"],"category":"testing"},{"name":"jassics-sast-sca-plugins-sast-sca","source":{"source":"github","repo":"jassics/awesome-claude-security"},"description":"Static analysis (SAST) and software composition analysis (SCA): run/triage code scans, dependency/SBOM analysis, and prioritize findings.","version":"0.1.0","strict":true,"keywords":["sast","sca","appsec","sbom","dependencies","code-scanning","triage"],"category":"deployment"},{"name":"jassics-cloud-security-plugins-cloud-security","source":{"source":"github","repo":"jassics/awesome-claude-security"},"description":"Cloud security (AWS/Azure/GCP): posture review, IAM least-privilege review, and misconfiguration scanning.","version":"0.1.0","strict":true,"keywords":["cloud","aws","azure","gcp","cspm","iam","cis","posture"],"category":"deployment"},{"name":"jassics-k8s-security-plugins-k8s-security","source":{"source":"github","repo":"jassics/awesome-claude-security"},"description":"Kubernetes security: cluster review (CIS / 4Cs), RBAC least-privilege audit, and workload/pod hardening (Pod Security Standards).","version":"0.1.0","strict":true,"keywords":["kubernetes","k8s","rbac","pod-security","cis","container","cncf"],"category":"deployment"},{"name":"jassics-infrastructure-security-plugins-infrastructure-security","source":{"source":"github","repo":"jassics/awesome-claude-security"},"description":"Infrastructure security: Infrastructure-as-Code (IaC) security review, host/OS hardening against CIS benchmarks, and secrets-management review.","version":"0.1.0","strict":true,"keywords":["infrastructure","iac","terraform","cis","hardening","secrets","devsecops"],"category":"development"},{"name":"jassics-detection-engineering-plugins-detection-engineering","source":{"source":"github","repo":"jassics/awesome-claude-security"},"description":"Detection engineering: detection-as-code rule development (Sigma/YARA/KQL/SPL), ATT&CK coverage gap analysis, and hypothesis-driven threat hunting.","version":"0.1.0","strict":true,"keywords":["detection","sigma","yara","mitre-attack","threat-hunting","blue-team","siem"],"category":"development"},{"name":"jassics-dfir-plugins-dfir","source":{"source":"github","repo":"jassics/awesome-claude-security"},"description":"Digital forensics & incident response: drive the IR lifecycle (NIST 800-61 / PICERL), forensic evidence triage and timelining, and IOC development.","version":"0.1.0","strict":true,"keywords":["dfir","incident-response","forensics","nist-800-61","ioc","blue-team","timeline"],"category":"development"},{"name":"jassics-threat-intelligence-plugins-threat-intelligence","source":{"source":"github","repo":"jassics/awesome-claude-security"},"description":"Cyber threat intelligence: run the CTI lifecycle with structured analysis, enrich and pivot on IOCs, and profile threat actors/campaigns (ATT&CK, Diamond Model).","version":"0.1.0","strict":true,"keywords":["cti","threat-intel","mitre-attack","diamond-model","ioc","actor-profiling","blue-team"],"category":"utilities"},{"name":"jassics-network-security-plugins-network-security","source":{"source":"github","repo":"jassics/awesome-claude-security"},"description":"Network security: authorized network penetration testing, segmentation/firewall review, and protocol/service security assessment.","version":"0.1.0","strict":true,"keywords":["network","pentest","segmentation","firewall","protocol","lateral-movement"],"category":"testing"},{"name":"jassics-osint-plugins-osint","source":{"source":"github","repo":"jassics/awesome-claude-security"},"description":"Open-source intelligence: external footprinting & attack-surface mapping, exposure discovery (leaks/exposed assets), and people/social recon — for authorized recon.","version":"0.1.0","strict":true,"keywords":["osint","recon","footprinting","attack-surface","exposure","reconnaissance"],"category":"deployment"},{"name":"jassics-llm-security-plugins-llm-security","source":{"source":"github","repo":"jassics/awesome-claude-security"},"description":"OWASP LLM Top 10 assessment, prompt-injection testing, and threat modeling for LLM, RAG, and agentic AI systems.","version":"0.1.0","strict":true,"keywords":["llm","genai","owasp-llm","prompt-injection","rag","ai-agent","ai-security"],"category":"testing"},{"name":"jassics-rag-security-plugins-rag-security","source":{"source":"github","repo":"jassics/awesome-claude-security"},"description":"Security for Retrieval-Augmented Generation: pipeline review, retrieval/data poisoning testing, and vector-store isolation checks.","version":"0.1.0","strict":true,"keywords":["rag","genai","retrieval","vector-store","embeddings","poisoning","ai-security"],"category":"testing"},{"name":"jassics-agentic-ai-security-plugins-agentic-ai-security","source":{"source":"github","repo":"jassics/awesome-claude-security"},"description":"Security for autonomous, tool-using AI agents: review, tool-permission audit, and autonomy-boundary testing for excessive agency.","version":"0.1.0","strict":true,"keywords":["agentic","ai-agent","genai","excessive-agency","tool-use","autonomy","ai-security"],"category":"testing"},{"name":"jassics-multimodal-security-plugins-multimodal-security","source":{"source":"github","repo":"jassics/awesome-claude-security"},"description":"Security for multimodal AI: cross-modal injection testing (image/audio/document) and input-handling review across modalities.","version":"0.1.0","strict":true,"keywords":["multimodal","genai","image-injection","ocr","adversarial","vision","ai-security"],"category":"testing"},{"name":"jassics-ai-safety-plugins-ai-safety","source":{"source":"github","repo":"jassics/awesome-claude-security"},"description":"AI safety (not security): harm modeling, safety evaluations, responsible red-teaming, bias/fairness, guardrail review, and responsible-AI governance.","version":"0.1.0","strict":true,"keywords":["ai-safety","responsible-ai","alignment","harm","bias","fairness","guardrails","nist-ai-rmf","eu-ai-act"],"category":"security"},{"name":"jassics-ai-safety-engineer-plugins-ai-safety-engineer","source":{"source":"github","repo":"jassics/awesome-claude-security"},"description":"AI safety engineer role bundle: build and operationalize safeguards (evals-in-CI, guardrails, monitoring, safety cases, RAI governance). Auto-installs the ai-safety stack.","version":"0.1.0","strict":true,"keywords":["ai-safety","responsible-ai","role","bundle","safety-engineer","assurance","safety-case"],"category":"deployment"},{"name":"jassics-responsible-ai-officer-plugins-responsible-ai-officer","source":{"source":"github","repo":"jassics/awesome-claude-security"},"description":"Responsible-AI governance role: AI use-case intake & risk-tiering, oversight, documentation, and compliance (NIST AI RMF / EU AI Act / ISO 42001). Auto-installs the ai-safety stack.","version":"0.1.0","strict":true,"keywords":["responsible-ai","ai-governance","grc","role","eu-ai-act","nist-ai-rmf","iso-42001"],"category":"documentation"},{"name":"jassics-pentester-plugins-pentester","source":{"source":"github","repo":"jassics/awesome-claude-security"},"description":"Pentester role bundle: recon workflow, methodology-driven testing, and engagement reporting.","version":"0.1.0","strict":true,"keywords":["pentest","offensive","recon","role","ptes","owasp-wstg"],"category":"productivity"},{"name":"jassics-red-team-plugins-red-team","source":{"source":"github","repo":"jassics/awesome-claude-security"},"description":"Red-team role bundle: objectives-based adversary emulation aligned to real threat-actor TTPs (ATT&CK), from recon to impact. Auto-installs its offensive + intel stack.","version":"0.1.0","strict":true,"keywords":["red-team","adversary-emulation","offensive","role","bundle","mitre-attack","ttp"],"category":"utilities"},{"name":"jassics-blue-team-plugins-blue-team","source":{"source":"github","repo":"jassics/awesome-claude-security"},"description":"Blue-team role bundle: threat-informed defense across detection, response, hunting, and intel, plus purple-team validation. Auto-installs the defensive stack.","version":"0.1.0","strict":true,"keywords":["blue-team","defense","role","bundle","purple-team","threat-informed-defense"],"category":"utilities"},{"name":"jassics-soc-siem-plugins-soc-siem","source":{"source":"github","repo":"jassics/awesome-claude-security"},"description":"SOC / SIEM operations role bundle: alert triage, monitoring, enrichment, and tiered escalation. Auto-installs the defensive stack.","version":"0.1.0","strict":true,"keywords":["soc","siem","role","bundle","alert-triage","monitoring","blue-team"],"category":"utilities"},{"name":"jassics-security-architect-plugins-security-architect","source":{"source":"github","repo":"jassics/awesome-claude-security"},"description":"Security architect role bundle: secure-by-design architecture and design review, threat modeling, control selection, and trust-boundary analysis. Auto-installs its core stack.","version":"0.1.0","strict":true,"keywords":["security-architect","secure-by-design","design-review","role","bundle","threat-modeling"],"category":"security"},{"name":"jassics-security-analyst-plugins-security-analyst","source":{"source":"github","repo":"jassics/awesome-claude-security"},"description":"Security analyst role bundle: investigation and analysis (T2/T3) — correlate telemetry, enrich with intel, reconstruct timelines, and reach evidence-backed verdicts. Auto-installs the defensive stack.","version":"0.1.0","strict":true,"keywords":["security-analyst","investigation","analysis","role","bundle","blue-team"],"category":"security"},{"name":"jassics-security-engineer-plugins-security-engineer","source":{"source":"github","repo":"jassics/awesome-claude-security"},"description":"Security engineer role bundle: build and harden — DevSecOps, secure CI/CD pipelines, control implementation, and remediation across code, cloud, and infrastructure. Auto-installs its stack.","version":"0.1.0","strict":true,"keywords":["security-engineer","devsecops","hardening","ci-cd","role","bundle","remediation"],"category":"development"},{"name":"jassics-grc-plugins-grc","source":{"source":"github","repo":"jassics/awesome-claude-security"},"description":"Governance, risk & compliance: framework gap-assessments (SOC 2 / ISO 27001 / PCI / HIPAA / GDPR / NIST), security risk assessment & register, and policy management. Auto-installs reporting + diagramming.","version":"0.1.0","strict":true,"keywords":["grc","compliance","risk","governance","iso-27001","soc2","audit","role"],"category":"deployment"},{"name":"jassics-ciso-toolkit-plugins-ciso-toolkit","source":{"source":"github","repo":"jassics/awesome-claude-security"},"description":"CISO executive toolkit: security strategy & roadmap, cyber-risk quantification, and board/executive decks. Auto-installs reporting, diagramming, and threat-modeling.","version":"0.1.0","strict":true,"keywords":["ciso","executive","strategy","risk-quantification","board","governance","role"],"category":"deployment"},{"name":"jassics-cto-security-plugins-cto-security","source":{"source":"github","repo":"jassics/awesome-claude-security"},"description":"CTO security advisor: secure-by-design at scale (paved roads, guardrails, enablement) and technology-risk assessment for strategic decisions. Auto-installs threat-modeling, diagramming, reporting.","version":"0.1.0","strict":true,"keywords":["cto","executive","secure-by-design","tech-strategy","paved-road","role"],"category":"deployment"}]}