Search everything...

Stats

Actions

Available In

security-engineer

Name: security-engineer
Author: hpsgd

By hpsgd

Security engineer — threat modelling, security audits, compliance, vulnerability management

npx claudepluginhub hpsgd/turtlestack --plugin security-engineer

Popularity

Stars

Med: 0·Avg: 285

Installs

Med: 0·Avg: 1

What's Inside

Agents2

prompt-injection-tester

/prompt-injection-tester

Prompt injection specialist — adversarial testing of LLM-powered applications for prompt injection, jailbreaks, data extraction, and indirect injection. Use when security-testing AI integrations, evaluating guardrail robustness, or assessing LLM attack surface in production systems.

security-engineer

/security-engineer

Security engineer — threat modelling, security audits, compliance, vulnerability management. Use for security reviews, threat models, compliance documentation, or dependency vulnerability triage.

Skills7

bootstrap

/bootstrap

Bootstrap the security documentation structure for a project. Creates docs/security/, generates initial templates and root SECURITY.md, and writes domain CLAUDE.md. Idempotent — merges missing sections into existing files without overwriting.

dependency-audit

/dependency-audit

Audit project dependencies for known vulnerabilities, outdated packages, and license issues.

recon

/recon

Passive reconnaissance on a target domain or organisation using open-source intelligence. Maps the attack surface from publicly available sources only. Use at the start of a penetration test or security assessment to understand what's exposed before active testing begins.

security-review

/security-review

Review code or configuration for security vulnerabilities — OWASP Top 10, secrets, auth, injection.

supply-chain-audit

/supply-chain-audit

Audit the software supply chain for integrity risks — source, build, dependencies, and artifact provenance. Produces a SLSA-aligned assessment with findings and hardening recommendations. Use when assessing supply chain posture or after a dependency incident.

Hooks1

Event Hooks

1 hook across 1 event

Stats

Version1.5.0

ReleasedApr 16, 2026

LanguagePython

Stars0

MaintenanceExcellent

LicenseUnlicense

Last CommitApr 16, 2026

AddedApr 2, 2026

Actions

View on GitHub View README Plugin Marketplace JSON

Own this plugin?

Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).

Available In

turtlestack

Safety Signals

Caution

Uses power tools

Uses Bash, Write, or Edit tools

README

Turtlestack

A plugin marketplace for Claude Code. Agents, skills, rules, and conventions that work together as a virtual team.

Quick start
Thinking and learning
Plugins
Under the hood
Complementary plugins
Acknowledgements

Quick start

1. Add the marketplace

/plugin marketplace add hpsgd/turtlestack

2. Install what you need

Start with the core plugins (rules, thinking skills, and code review), then add agents for your stack:

/plugin install coding-standards@hpsgd
/plugin install writing-style@hpsgd
/plugin install security-compliance@hpsgd
/plugin install thinking@hpsgd
/plugin install tooling@hpsgd
/plugin install code-reviewer@hpsgd
/plugin install ai-engineer@hpsgd

Add a technology stack if relevant:

/plugin install dotnet-stack@hpsgd
/plugin install nextjs-stack@hpsgd
/plugin install python-stack@hpsgd

Then reload:

/reload-plugins

Browse the full plugin list below to see what else is available.

Customisation

Per-project overrides. Create your own .claude/rules/ files. Project-level rules take precedence over marketplace rules.

Disabling a plugin. Set it to false in .claude/settings.json:

{
  "enabledPlugins": {
    "writing-style@hpsgd": false
  }
}

Local overrides (not committed). Use .claude/settings.local.json for personal preferences that shouldn't affect the team.

JSON shortcut

Copy this to install everything at once

{
  "enabledPlugins": {
    "coding-standards@hpsgd": true,
    "writing-style@hpsgd": true,
    "security-compliance@hpsgd": true,
    "thinking@hpsgd": true,
    "tooling@hpsgd": true,
    "code-reviewer@hpsgd": true,
    "dotnet-stack@hpsgd": true,
    "nextjs-stack@hpsgd": true,
    "python-stack@hpsgd": true,
    "plugin-curator@hpsgd": true,
    "coordinator@hpsgd": true,
    "cpo@hpsgd": true,
    "product-owner@hpsgd": true,
    "ui-designer@hpsgd": true,
    "ux-researcher@hpsgd": true,
    "user-docs-writer@hpsgd": true,
    "developer-docs-writer@hpsgd": true,
    "internal-docs-writer@hpsgd": true,
    "gtm@hpsgd": true,
    "support@hpsgd": true,
    "customer-success@hpsgd": true,
    "grc-lead@hpsgd": true,
    "cto@hpsgd": true,
    "architect@hpsgd": true,
    "react-developer@hpsgd": true,
    "dotnet-developer@hpsgd": true,
    "python-developer@hpsgd": true,
    "ai-engineer@hpsgd": true,
    "qa-lead@hpsgd": true,
    "qa-engineer@hpsgd": true,
    "release-manager@hpsgd": true,
    "performance-engineer@hpsgd": true,
    "devops@hpsgd": true,
    "security-engineer@hpsgd": true,
    "data-engineer@hpsgd": true,
    "analyst@hpsgd": true,
    "investigator@hpsgd": true,
    "workflow-tools@hpsgd": true
  }
}

Bootstrap a project

After installing plugins, scaffold your project with domain-specific docs:

/coordinator:bootstrap-project my-project

View full README on GitHub

security-engineer

Popularity

What's Inside

Confidence

README

Turtlestack

Quick start

1. Add the marketplace

2. Install what you need

Customisation

JSON shortcut

Bootstrap a project

Similar Plugins

ecc

everything-claude-code

cc-polymath

More by hpsgd

internal-docs-writer

gtm

support

security-compliance

developer-docs-writer

Turtlestack

Quick start

1. Add the marketplace

2. Install what you need

Customisation

JSON shortcut

Bootstrap a project

Popularity

Health & Quality

More by hpsgd

internal-docs-writer

gtm

support

security-compliance

developer-docs-writer

Similar Plugins

ecc

everything-claude-code

cc-polymath