Search everything...

Stats

Actions

Available In

bridgesecurity

Name: bridgesecurity
Author: bridge-mind

By bridge-mind

Senior security engineer instincts for AI coding agents. Find vulnerabilities. Ship secure.

npx claudepluginhub bridge-mind/bridgesecurity

Popularity

Stars

Top 25%

Med: 0·Avg: 285

Installs

Med: 0·Avg: 1

What's Inside

Agents1

security-auditor

/security-auditor

Senior security engineer subagent that audits code for vulnerabilities across OWASP Top 10, CWE Top 25, and infrastructure misconfigurations. Read-only review of files, directories, PR diffs, IaC, container manifests, and CI configurations. Outputs severity-ranked findings with file:line references, CWE/OWASP mapping, exploit scenarios, and concrete fixes. Skips paraphrase; quotes vulnerable code verbatim and shows patched code.

Skills2

bridgesecurity

/bridgesecurity

Senior security-engineer instincts for AI coding agents. Activate whenever the agent reads, writes, reviews, or refactors code — backend, frontend, infrastructure-as-code, CI/CD pipelines, container manifests, or cloud config. Detects and prevents vulnerabilities across OWASP Top 10, OWASP API Top 10, OWASP LLM Top 10, and CWE Top 25: injection (SQLi, NoSQLi, command, template), SSRF, XSS, CSRF, IDOR/BOLA/BOPLA, path traversal, insecure deserialization, auth/authz flaws, JWT misuse, weak crypto, secrets exposure, supply-chain risks, container/Kubernetes hardening, cloud misconfig (S3, IAM, RDS), GitHub Actions injection, prototype pollution, ReDoS, race conditions, mass assignment, open redirect, XXE, Server Action authorization, hydration data leaks. Covers JavaScript/ TypeScript, Python, Go, Rust, Java/Spring, Ruby/Rails, PHP, React/Next.js. Critical for any agent shipping code to production.

security-audit

/security-audit

Audit a file, directory, repository, or PR diff for security vulnerabilities. Use when reviewing code for OWASP Top 10 / CWE Top 25 issues, identifying injection / XSS / SSRF / IDOR / authentication flaws, scanning for hardcoded secrets, reviewing infrastructure-as-code (Terraform, Kubernetes manifests, Dockerfiles), auditing CI/CD configurations (GitHub Actions, GitLab CI), or performing a pre-merge security review. Outputs a structured report with severity, CWE/OWASP mapping, file:line references, exploitable scenario, and fix recommendations.

Stats

Version1.0.0

LanguageShell

Stars6

Forks3

MaintenanceGood

LicenseMIT

Last CommitApr 30, 2026

AddedApr 30, 2026

Actions

View on GitHub View README Plugin Marketplace JSON Homepage

Own this plugin?

Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).

README

BridgeSecurity

Find vulnerabilities. Ship secure.

A Claude Code plugin from BridgeMind that gives your AI agents the instincts of a senior application security engineer.
Stop shipping classic vulnerabilities — start shipping production-secure code.

Why BridgeSecurity?

AI coding agents write functional code, but they keep shipping the same classic vulnerabilities — SQL injection, XSS, IDOR, hardcoded secrets, missing auth on Server Actions, public S3 buckets, pull_request_target with checkout-of-fork-code. The bugs that have headlined CVEs for fifteen years.

BridgeSecurity fixes this. It's a set of detection patterns, vulnerability taxonomies, threat-modeling discipline, and a specialized auditor agent that teach your AI teammates to think like a senior security engineer — find the trust boundary, match input to sink, check auth on every state-changing path, treat every secret as already leaked, fail closed.

The Bugs It Catches

Injection — SQLi, NoSQLi, command, code, template, XSS, LDAP, XPath
Broken Access Control — IDOR, BOLA, BOPLA, missing auth, mass assignment, Server Action authz gaps, x-middleware-subrequest bypass class
Cryptographic Failures — MD5/SHA1, Math.random() for tokens, ECB mode, hardcoded keys, JWT alg: none, HS256/RS256 confusion, === for HMAC compare
SSRF — including private-IP / cloud-metadata / file:// / TOCTOU
Path Traversal — path.join without prefix-check, send_file with raw input
Insecure Deserialization — pickle.loads, yaml.load, ObjectInputStream, vm2
Hardcoded Secrets — AWS, GitHub, Stripe, OpenAI, Anthropic, Slack, JWTs, private keys (25+ patterns)
Cloud Misconfig — public S3, IAM *:*, 0.0.0.0/0:22, IMDSv1, missing encryption
Container / k8s — privileged: true, runAsUser: 0, hostNetwork, /var/run/docker.sock mount, image:latest
CI/CD — pull_request_target + checkout-fork-code, mutable Action tags (CVE-2025-30066 class), shell-injection via PR title
Auth flaws — JWT in localStorage, no MFA, missing rate limit on login, predictable reset tokens
Open Redirect — //evil.com bypass class
Markdown exfil — image URLs constructed from secrets (EchoLeak class)
LLM-specific — output-to-eval, excessive agency, secrets in system prompt

What's Inside

Component	Type	What It Does
`bridgesecurity`	Skill	Core security discipline — auto-loaded when your agent reads, writes, or reviews code. Five Disciplines, threat-model checklist, detection cheat-sheet.
`security-audit`	Skill	Slash-command audit. Scans a file/dir/PR/repo for vulnerabilities, returns severity-ranked report with CWE/OWASP mapping.
`security-auditor`	Agent	Read-only senior security engineer subagent. Cannot write, edit, or delete. Walks every file with the OWASP Top 10 + CWE Top 25 + threat model.

Reference Documentation

The skill ships with eight deep reference docs (~50 pages of practitioner-grade content):

vulnerability-taxonomies.md — OWASP Top 10 (2021), API Top 10 (2023), Mobile Top 10 (2024), LLM Top 10 (2025), CWE Top 25 (2024), CISA KEV recurring classes, DBIR top vectors
language-patterns.md — JS/TS, Python, Go, Rust, Java/Spring, Ruby/Rails, PHP — vulnerable + fixed code pairs, per-ORM SQLi reference
frontend-patterns.md — React, Next.js (Server Actions, middleware, hydration), Vue, Svelte, browser specifics
infrastructure-patterns.md — AWS, GCP, Azure, Docker, Kubernetes, Terraform, GitHub Actions, GitLab CI
secrets-patterns.md — regex catalog for 25+ secret types
case-studies.md — Log4Shell, Spring4Shell, MOVEit, XZ backdoor, Polyfill.io, Snowflake, Ivanti, regreSSHion, Next.js CVE-2025-29927, tj-actions supply chain, recent agent CVEs
tooling.md — Semgrep, CodeQL, Snyk, Trivy, Gitleaks, OSV, govulncheck, Brakeman, Checkov, kube-bench, MobSF
threat-modeling.md — the full 10-question discipline

Install

As a Claude Code plugin

claude plugin install bridgesecurity@bridgemind-plugins

Or copy the skills manually

# Project-level
mkdir -p .claude/skills .claude/agents
cp -r skills/bridgesecurity .claude/skills/
cp -r skills/security-audit .claude/skills/
cp agents/security-auditor.md .claude/agents/

View full README on GitHub

bridgesecurity

Popularity

What's Inside

Confidence

README

Find vulnerabilities. Ship secure.

Why BridgeSecurity?

The Bugs It Catches

What's Inside

Reference Documentation

Install

As a Claude Code plugin

Or copy the skills manually

Similar Plugins

fullstack-dev-skills

ecc

prompts.chat

reverse-engineering

claude-code-toolkit

drawio-diagramming

More by bridge-mind

bridgeward

bridgespeak

Find vulnerabilities. Ship secure.

Why BridgeSecurity?

The Bugs It Catches

What's Inside

Reference Documentation

Install

As a Claude Code plugin

Or copy the skills manually

Popularity

Health & Quality

More by bridge-mind

bridgeward

bridgespeak

Similar Plugins

fullstack-dev-skills

ecc

prompts.chat

reverse-engineering

claude-code-toolkit

drawio-diagramming