Stats
Actions
Available In
Tags
Plugin
osv-scanner
Scans project dependencies for known vulnerabilities using OSV Scanner and the OSV database.
What's Inside
Slash Commands2
Scan for Vulnerable Dependencies
/scan
Scan a directory or lockfile for vulnerable dependencies using OSV Scanner. Reports known vulnerabilities in packages and lockfiles.
AI Reachability Triage for Dependencies
/triage
AI-powered reachability triage for dependency vulnerabilities. Scans for CVEs then searches your source code to estimate whether each vulnerable API is actually called. Outputs a prioritized FOUND_IN_SOURCE / UNCERTAIN / NOT_FOUND_IN_GREP report.
MCP Servers1
README
Bonfires Marketplace
A marketplace of Claude Code plugins for security-focused development: adversarial code review, dependency vulnerability scanning, and reachability triage.
Installation
1) Register the marketplace:
/plugin marketplace add alejandrosaenz117/bonfires-marketplace
2) Install a plugin:
/plugin install devils-advocate@bonfires-marketplace
/plugin install osv-scanner@bonfires-marketplace
What's Inside
The Devil's Advocate
The tenth man. When consensus forms, it is a sign of danger. This plugin peers into the fog where failure waits. The collapse. The breach. The systems failing under weight they cannot see. It reveals where light fails and why the walls will break.
Invoke: Mention "adversarial review" or "challenge the plan" as a skill, or use /devils-advocate [file|description|recent] command.
See plugins/devils-advocate/README.md for full documentation.
OSV Scanner
Integrates OSV Scanner as an MCP server, giving Claude direct access to the OSV vulnerability database. Scans your dependencies for known CVEs, fetches full advisories, and uses grep-based reachability triage to estimate which vulnerabilities actually live in your code paths.
Invoke: Mention "check my dependencies for vulnerabilities" or "scan for CVEs" as a skill, or use /osv-scanner scan [path] and /osv-scanner triage [path] commands.
See plugins/osv-scanner/README.md for full documentation.
Eisenhower Prioritization
Before the collapse, there is choice. The manager who cannot distinguish the urgent from the important becomes a captive of the fire. This skill separates signal from noise: which battles matter, which are illusions, and which investments prevent the next disaster. It names the burnout, exposes the waste, and reveals the Q2 work that breaks the reactive cycle.
Invoke: Mention "help me prioritize", "what should I focus on", or "I'm overwhelmed" when drowning in tasks, or use /prioritize [task list] command.
See plugins/eisenhower-prioritization/README.md for full documentation.
Philosophy
See the darkness before it sees you. Challenge consensus. Find what will break before you go hollow.
License
MIT. See LICENSE.
See CONTRIBUTING.md for guidelines on adding plugins and contributing.
Stats
Version0.1.0
Stars4
MaintenanceExcellent
LicenseMIT
Last Commit
Added
Available In
