awesome-claude-security
A Claude Code plugin marketplace of skills, agents, and tooling that turn Claude Code into a force multiplier across the full cybersecurity and GenAI-security lifecycle — from recon and threat modeling to detection engineering, GRC, and CISO-level strategy.
Everything installs à la carte — one repo, but you install only the plugins you want, never "the whole thing." Want only LLM red-teaming? Install llm-security. Only threat modeling? Install threat-modeling.
Prefer a ready-made stack? Install a bundle and it auto-pulls its parts: a role bundle like pentester, or a domain suite like genai-suite. Granular and bundled both come from the same catalog — see docs/BUNDLES.md.
Status: early / actively building. The marketplace, taxonomy, templates, and a first wave of plugins are in place. The roadmap tracks what's shipped vs. planned. Contributions welcome — see CONTRIBUTING.
Quick install
In any Claude Code session:
/plugin marketplace add jassics/awesome-claude-security
/plugin install llm-security@awesome-claude-security
Then invoke a skill, e.g. /llm-security:owasp-llm-top10, or just describe your task and let Claude pick the right skill/agent. Full instructions: docs/INSTALL.md.
What's inside
Plugins are grouped into four buckets (see the full taxonomy):
| Bucket | What it is | Examples |
|---|
| Core | Cross-cutting capabilities every security task reuses | security-diagramming, security-reporting, integrations (Jira/Confluence/Drive) |
| Domain | Deep skillsets per security discipline | threat-modeling, web/mobile/cloud/k8s/network/infra security, SAST-SCA, OSINT, DFIR, detection engineering |
| GenAI security | Protecting AI/LLM systems from attackers | llm-security, RAG security, agentic-AI security, multimodal security |
| AI safety | Preventing AI systems from causing harm (a distinct discipline — see why) | ai-safety, ai-safety-engineer |
| Role | Persona bundles that combine domains + workflow | pentester, ai-safety-engineer, security analyst, engineer, architect, GRC, blue team, SOC/SIEM, CISO/CTO |
Shipped today (36 plugins)
Core — security-diagramming (attack trees, DFDs, architecture diagrams, mindmaps, infographics) · security-reporting (findings, pentest reports, exec summaries, CVSS).
Domain — threat-modeling (STRIDE/PASTA) · web-app-security (OWASP Web Top 10, access control, injection) · api-security (OWASP API Top 10, BOLA/BFLA) · mobile-security (MASVS/MASTG) · sast-sca (static analysis + dependency/SBOM) · network-security (network pentest, segmentation, protocols) · osint (footprinting, exposure discovery, recon) · cloud-security (AWS/Azure/GCP posture, IAM, misconfig) · k8s-security (CIS/4Cs, RBAC, pod hardening) · infrastructure-security (IaC review, host hardening, secrets) · detection-engineering (Sigma/YARA, ATT&CK coverage, threat hunting) · dfir (incident response, forensic triage, IOCs) · threat-intelligence (CTI lifecycle, IOC enrichment, actor profiling).
GenAI security — llm-security (OWASP LLM Top 10, prompt injection) · rag-security (retrieval poisoning, isolation) · agentic-ai-security (tool-permission audit, autonomy boundaries) · multimodal-security (cross-modal injection).
AI safety (≠ security — see why) — ai-safety (harm modeling, safety evals, responsible red-team, bias/fairness, guardrails, RAI governance).
Roles (auto-install their stack) — pentester · red-team (adversary emulation, ATT&CK) · blue-team (threat-informed defense + purple teaming) · soc-siem (alert triage, monitoring) · security-analyst (investigation & analysis, T2/T3) · security-architect (secure-by-design, design review) · security-engineer (DevSecOps, harden, secure pipelines) · ai-safety-engineer · responsible-ai-officer (AI governance, EU AI Act risk-tiering).
