Search everything...

Stats

Actions

Available In

security

Name: security
Author: melodic-software

By melodic-software

Audit codebases, PRs, staged changes, and dependencies for OWASP Top 10, CWE vulnerabilities, secrets, and CVEs; scan containers and supply chains; model threats with STRIDE/DREAD; implement secure auth patterns, crypto, zero-trust, and DevSecOps workflows.

npx claudepluginhub melodic-software/claude-code-plugins --plugin security

Popularity

Stars

Top 10%

Med: 0·Avg: 285

Installs

Top 10%

Med: 0·Avg: 1

What's Inside

Agents4

dependency-checker

/dependency-checker

PROACTIVELY use when reviewing dependencies, before releases, or during security audits. Checks dependencies for known CVEs, outdated packages, and supply chain risks. Analyzes package manifests and provides remediation guidance.

secrets-scanner

/secrets-scanner

PROACTIVELY use before commits, during code reviews, or for security audits. Scans codebase for hardcoded secrets, API keys, credentials, tokens, and sensitive data patterns. Fast pattern-matching agent for detecting exposed secrets.

security-auditor

/security-auditor

PROACTIVELY use for security-focused code review. Analyzes code for OWASP Top 10 vulnerabilities, CWE weaknesses, insecure patterns, authentication/authorization flaws, injection vulnerabilities, and security anti-patterns. Use when reviewing code changes, conducting security assessments, or before releases.

threat-modeler

/threat-modeler

PROACTIVELY use when designing new features, reviewing architecture, or conducting security design reviews. Applies STRIDE methodology, identifies attack vectors, builds attack trees, and recommends security controls. Use for architectural threat analysis and security design documentation.

Skills17

ai-governance

/ai-governance

AI governance and compliance guidance covering EU AI Act risk classification, NIST AI RMF, responsible AI principles, AI ethics review, and regulatory compliance for AI systems.

api-security

/api-security

Comprehensive API security guidance covering authentication methods, rate limiting, input validation, CORS, security headers, and protection against OWASP API Top 10 vulnerabilities. Use when designing API authentication, implementing rate limiting, configuring CORS, setting security headers, or reviewing API security.

audit

/audit

Run security audit on code for OWASP Top 10, CWE vulnerabilities, and security anti-patterns

authentication-patterns

/authentication-patterns

Comprehensive authentication implementation guidance including JWT best practices, OAuth 2.0/OIDC flows, Passkeys/FIDO2/WebAuthn, MFA patterns, and secure session management. Use when implementing login systems, token-based auth, SSO, passwordless authentication, or reviewing authentication security.

authorization-models

/authorization-models

Comprehensive authorization guidance covering RBAC, ABAC, ACL, ReBAC, and policy-as-code patterns. Use when designing permission systems, implementing access control, or choosing authorization strategies.

Stats

Version1.0.0

LanguagePython

Stars67

Forks10

Copy clicks1

MaintenanceGood

LicenseMIT

Last CommitFeb 16, 2026

AddedDec 27, 2025

Actions

View on GitHub View README Plugin Marketplace JSON Homepage

Own this plugin?

Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).

Available In

melodic-software40

Safety Signals

Caution

Uses power tools

Uses Bash, Write, or Edit tools

README

Claude Code Plugins

Plugins for Claude Code: documentation management, code quality, and ecosystem support.

Prerequisites

Claude Code installed
Python 3.13+ (for spaCy-based operations)
Node.js 18+ (for markdown linting)

Development Setup

Node.js Version Manager (fnm)

fnm (Fast Node Manager) is the recommended Node.js version manager for this project. It:

Works natively in Git Bash (unlike nvm-windows which has known issues)
Is significantly faster than nvm-windows (Rust-based)
Has cross-platform consistency (Windows/macOS/Linux)

Install fnm:

# Windows (PowerShell as Admin)
winget install Schniz.fnm

# macOS/Linux
curl -fsSL https://fnm.vercel.app/install | bash

Configure for Git Bash (add to ~/.bashrc):

eval "$(fnm env --use-on-cd --shell bash)"

Or source the setup script which includes fnm initialization:

source "/path/to/claude-code-plugins/setup/bashrc-claude.sh"

Install Node:

fnm install 24
fnm default 24

Install Dependencies

npm install

Run Markdown Linting

npm run lint:md        # Check for errors
npm run lint:md:fix    # Auto-fix errors

CI

Markdown linting runs automatically on PRs via GitHub Actions. The same rules apply locally and in CI.

Installation

/plugin install claude-ecosystem@claude-code-plugins
/plugin install code-quality@claude-code-plugins
/plugin install google-ecosystem@claude-code-plugins

Codex CLI Configuration

This repo expects Codex CLI configuration to live in user scope under ~/.codex. See .codex/README.md for the canonical locations.

Plugins

Plugin	Purpose
atlassian	Atlassian MCP server: Jira, Confluence, Compass integration
browser-automation	Browser automation MCP servers: Chrome DevTools, Playwright
business-analysis	BABOK techniques: capability mapping, stakeholder analysis, value streams, journey mapping
ci-cd	CI/CD pipelines: GitHub Actions, deployment automation, release management
claude-code-observability	Event logging, metrics, session diagnostics
claude-ecosystem	Claude Code docs, meta-skills, hooks, observability, auditors
code-quality	Code review, markdown linting, debugging, CI/CD templates
compliance-planning	Regulatory compliance: GDPR, HIPAA, PCI-DSS, AI governance, ISO 27001
content-management-system	Headless CMS architecture: content modeling, taxonomies, media, theming
cursor-ecosystem	Cursor IDE docs, CLI, agent, keyword-based search
documentation-standards	Technical docs: arc42, C4 model, ADRs, RFC process, docs-as-code
dotnet	.NET 10+ automation: build, clean, SDK/tool install, version upgrades, Aspire MCP
duende-ecosystem	Duende IdentityServer, BFF, IdentityModel docs
enterprise-architecture	TOGAF, Zachman, ADRs, cloud alignment
event-modeling	Event-driven design: Event Modeling, Event Storming, CQRS, sagas
figma	Figma MCP server: design context, code generation, design tokens
formal-specification	Formal methods: UML/SysML, TLA+, OpenAPI/AsyncAPI, state machines
git	Git config, GPG signing, hooks, GitHub issues, history exploration
google-ecosystem	Gemini CLI docs, Claude-to-Gemini integration, configuration management
melodic-software	Developer onboarding, environment setup, commit workflows
microsoft	Microsoft MCP servers: Microsoft Learn, Azure, NuGet, Azure DevOps
milan-jovanovic	Milan Jovanovic .NET patterns: Clean Architecture, DDD, CQRS, EF Core
openai-ecosystem	OpenAI Codex CLI docs
requirements-elicitation	Requirements gathering: LLMREI interviews, gap analysis, prioritization
research	Research workflows: MCP integration, multi-source synthesis, structured output
response-quality	Response quality standards, source citations
security	Security: OWASP, authentication, cryptography, DevSecOps, threat modeling, 12 skills
soft-skills	Career progression, interviews, communication, professional visibility

View full README on GitHub

security

Popularity

What's Inside

Confidence

README

Claude Code Plugins

Prerequisites

Development Setup

Node.js Version Manager (fnm)

Install Dependencies

Run Markdown Linting

CI

Installation

Codex CLI Configuration

Plugins

Similar Plugins

supply-chain-security

security-guidance

vulnerability-scanning

security-pro-pack

More by melodic-software

claude-ecosystem

visualization

openai-ecosystem

milan-jovanovic

tac

Claude Code Plugins

Prerequisites

Development Setup

Node.js Version Manager (fnm)

Install Dependencies

Run Markdown Linting

CI

Installation

Codex CLI Configuration

Plugins

More by melodic-software

claude-ecosystem

visualization

openai-ecosystem

milan-jovanovic

tac

Popularity

Health & Quality

Similar Plugins

supply-chain-security

security-guidance

vulnerability-scanning

security-pro-pack

cybersecurity

secure-development