{"name":"whatbirdisthat-threat-stack","owner":{"name":"ClaudePluginHub"},"plugins":[{"name":"whatbirdisthat-skillsentry-plugins-skillsentry","source":{"source":"github","repo":"whatbirdisthat/skillsentry"},"description":"Audit an AI-agent skill or plugin for supply-chain attacks BEFORE it runs. A thin in-editor wrapper over the pure, never-executing, zero-dependency skillsentry CLI (shipped self-contained in cli/). /skillsentry:audit <target> runs the deterministic auditor over this repo or ANY other repo you are working on and renders a PASS / REVIEW / BLOCK verdict whose findings are tagged to OWASP, MITRE ATLAS and STRIDE. Detection stays inside the deterministic CLI — the plugin never reads-and-judges target files in the agent context, so auditing a hostile repo is safe. The trust anchor of the threat-stack platform.","version":"0.1.0","strict":true,"keywords":["security","supply-chain","audit","claude-code","skills","mcp","prompt-injection","stride","owasp","mitre-atlas","static-analysis"],"category":"security"},{"name":"whatbirdisthat-threat-modeler-plugins-threat-modeler","source":{"source":"github","repo":"whatbirdisthat/skillsentry"},"description":"The agentic threat-intelligence layer of the threat-stack platform. Maps skillsentry's probe set onto STRIDE's six portals plus two EXTRA agentic axes (temporal, cognitive), deals the Elevation-of-Privilege 'threat-modelling poker' deck against the probes to surface ABSENT/THIN cells, and writes a gap analysis (doc/threat-model/). Under the self-improvement covenant it drafts new deterministic RuleSpec data and OPENS A PR — it never decides a verdict and never ships a rule directly; the deterministic test suite and a human are the acceptance gate. STRIDE is the organising lens here — one intelligence source feeding the covenant, not an authority that bypasses the gates.","version":"0.1.0","strict":true,"defaultEnabled":false,"keywords":["threat-modeling","stride","elevation-of-privilege","maestro","owasp","mitre-atlas","linddun","self-improvement","covenant","agentic"],"category":"testing"},{"name":"whatbirdisthat-threat-stack-plugins-threat-stack","source":{"source":"github","repo":"whatbirdisthat/skillsentry"},"description":"The front door of the threat-stack platform. Greets whoever opens the repo, explains the value flow (AUDIT ▸ MODEL ▸ EXTEND), lists only the installed plugins and the next command to run, and consolidates each plugin's readiness into one view. A thin orchestrator that delegates to the specialists (skillsentry, threat-modeler, supersize-*) by capability and never re-implements them.","version":"0.1.0","strict":true,"defaultEnabled":false,"keywords":["front-door","concierge","platform","help","flow","orchestration","threat-stack"],"category":"deployment"},{"name":"whatbirdisthat-supersize-semgrep-plugins-supersize-semgrep","source":{"source":"github","repo":"whatbirdisthat/skillsentry"},"description":"An OPT-IN 'supersize' extension that adds Semgrep static analysis on top of skillsentry's verdict for deeper, language-aware SAST. A SEPARATE product with its own trust statement: it shells out to an external `semgrep` binary if installed (degrading gracefully with install guidance when absent) and is NEVER imported into the skillsentry core, so the auditor's zero-dependency, never-executing, deterministic guarantees remain unqualified. Off by default.","version":"0.1.0","strict":true,"defaultEnabled":false,"keywords":["semgrep","sast","static-analysis","extension","opt-in","supersize"],"category":"utilities"}]}