Spektion — Claude Code Marketplace Plugin
Security posture management for Claude Code. Native MCP integration gives you conversational access to vulnerability, asset, software, runtime detection, and remediation data from Spektion.
Quick Start
# Add the marketplace
/plugin marketplace add SpektionInc/marketplace
# Install the plugin
/plugin install spektion
Setup
1. Get a Spektion API Key
- Log into the Spektion Console
- Navigate to Settings > API Keys
- Create a new Public API Key
- Copy the key
2. Configure Environment Variables
export SPEKTION_API_KEY="your-api-key-here"
export SPEKTION_MCP_URL="https://mcp.spektion.com/mcp"
Add these to your shell profile (~/.zshrc, ~/.bashrc) or your project's .env file.
What You Get
16 MCP Tools (Native Access)
Once installed, Claude can directly call these Spektion tools:
| Category | Tools |
|---|
| Search | search_vulnerabilities, search_endpoints, search_software, search_detections, search_network_activity |
| Details | get_vulnerability_details, get_endpoint_details, get_software_details |
| Analytics | get_security_posture, get_remediation_metrics, get_vulnerability_trends, get_tenant_settings |
| Paginated Queries | query_sensors, query_software_inventory, query_detection_events, query_vulnerability_data |
5 Resources
| Resource | Description |
|---|
spektion://platforms | Active platforms with endpoint counts |
spektion://software-categories | Software category taxonomy |
spektion://software-publishers | Publisher list |
spektion://detection-rules | Detection rule index (use search_detections for queries) |
spektion://sla-policy | SLA remediation policy (coming soon) |
6 Analyst Workflow Skills
Skills provide guided, multi-step workflows for common analyst tasks:
| Skill | Use Case |
|---|
cve-triage | Investigate and prioritize CVEs with SSVC-style triage |
asset-risk-assessment | Deep-dive endpoint risk analysis with hardening recommendations |
software-risk-analysis | Rank software portfolio risk by CVE + runtime + network exposure |
remediation-tracking | Track SLA compliance, remediation velocity, and blindspots |
runtime-detection-analysis | Translate behavioral detections into actionable threat narratives |
security-reporting | Generate executive and operational security reports |
Example Queries
CVE Triage:
"Triage CVE-2025-21298 — is it in our environment and how urgent is it?"
Asset Risk:
"Assess the risk on endpoint PROD-WEB-01"
Software Risk:
"What are the top 10 riskiest software products in our environment?"
Remediation:
"Are we meeting SLA on critical vulnerability remediation this quarter?"
Runtime Detections:
"What critical runtime detections are active and do any correlate with known CVEs?"
Reporting:
"Generate an executive security posture summary for leadership"
Composable with Other Plugins
This plugin is designed to work standalone or combined with other marketplace plugins:
- MalloryAI — Adds threat actor attribution, active exploitation intel, and detection engineering context to every Spektion skill
- Additional integrations enrich results without creating dependencies
Repository Structure
marketplace/
├── .claude-plugin/
│ └── marketplace.json
├── plugins/
│ └── spektion/
│ ├── .claude-plugin/
│ │ └── plugin.json
│ ├── .mcp.json
│ └── skills/
│ ├── cve-triage/
│ ├── asset-risk-assessment/
│ ├── software-risk-analysis/
│ ├── remediation-tracking/
│ ├── runtime-detection-analysis/
│ └── security-reporting/
├── scripts/
│ └── validate_plugins.py
├── LICENSE
└── README.md
Development
Validate
python3 scripts/validate_plugins.py . --verbose
Or use the built-in Claude Code validator:
claude plugin validate .
Adding a New Skill
- Create a directory:
plugins/spektion/skills/<skill-name>/
- Add
SKILL.md with YAML frontmatter (name, description)
- Skill name must match:
^[a-z0-9]+(-[a-z0-9]+)*$ (1-64 chars)
- Run validation to verify
License
Apache-2.0
wyre-technology
sysdig
refractionPOINT
orcasecurity
FunnyWolf
jeremylongshore