soc-siem

awesome-claude-security

A Claude Code plugin marketplace of skills, agents, and tooling that turn Claude Code into a force multiplier across the full cybersecurity and GenAI-security lifecycle — from recon and threat modeling to detection engineering, GRC, and CISO-level strategy.

Everything installs à la carte — one repo, but you install only the plugins you want, never "the whole thing." Want only LLM red-teaming? Install llm-security. Only threat modeling? Install threat-modeling.

Prefer a ready-made stack? Install a bundle and it auto-pulls its parts: a role bundle like pentester, or a domain suite like genai-suite. Granular and bundled both come from the same catalog — see docs/BUNDLES.md.

Status: early / actively building. The marketplace, taxonomy, templates, and a first wave of plugins are in place. The roadmap tracks what's shipped vs. planned. Contributions welcome — see CONTRIBUTING.

Quick install

In any Claude Code session:

/plugin marketplace add jassics/awesome-claude-security
/plugin install llm-security@awesome-claude-security

Then invoke a skill, e.g. /llm-security:owasp-llm-top10, or just describe your task and let Claude pick the right skill/agent. Full instructions: docs/INSTALL.md.

What's inside

Plugins are grouped into four buckets (see the full taxonomy):

Bucket	What it is	Examples
Core	Cross-cutting capabilities every security task reuses	security-diagramming, security-reporting, integrations (Jira/Confluence/Drive)
Domain	Deep skillsets per security discipline	threat-modeling, web/mobile/cloud/k8s/network/infra security, SAST-SCA, OSINT, DFIR, detection engineering
GenAI security	Protecting AI/LLM systems from attackers	llm-security, RAG security, agentic-AI security, multimodal security
AI safety	Preventing AI systems from causing harm (a distinct discipline — see why)	ai-safety, ai-safety-engineer
Role	Persona bundles that combine domains + workflow	pentester, ai-safety-engineer, security analyst, engineer, architect, GRC, blue team, SOC/SIEM, CISO/CTO

Shipped today (36 plugins)

Core — security-diagramming (attack trees, DFDs, architecture diagrams, mindmaps, infographics) · security-reporting (findings, pentest reports, exec summaries, CVSS).

Domain — threat-modeling (STRIDE/PASTA) · web-app-security (OWASP Web Top 10, access control, injection) · api-security (OWASP API Top 10, BOLA/BFLA) · mobile-security (MASVS/MASTG) · sast-sca (static analysis + dependency/SBOM) · network-security (network pentest, segmentation, protocols) · osint (footprinting, exposure discovery, recon) · cloud-security (AWS/Azure/GCP posture, IAM, misconfig) · k8s-security (CIS/4Cs, RBAC, pod hardening) · infrastructure-security (IaC review, host hardening, secrets) · detection-engineering (Sigma/YARA, ATT&CK coverage, threat hunting) · dfir (incident response, forensic triage, IOCs) · threat-intelligence (CTI lifecycle, IOC enrichment, actor profiling).

GenAI security — llm-security (OWASP LLM Top 10, prompt injection) · rag-security (retrieval poisoning, isolation) · agentic-ai-security (tool-permission audit, autonomy boundaries) · multimodal-security (cross-modal injection).

AI safety (≠ security — see why) — ai-safety (harm modeling, safety evals, responsible red-team, bias/fairness, guardrails, RAI governance).

Roles (auto-install their stack) — pentester · red-team (adversary emulation, ATT&CK) · blue-team (threat-informed defense + purple teaming) · soc-siem (alert triage, monitoring) · security-analyst (investigation & analysis, T2/T3) · security-architect (secure-by-design, design review) · security-engineer (DevSecOps, harden, secure pipelines) · ai-safety-engineer · responsible-ai-officer (AI governance, EU AI Act risk-tiering).