By subimagesec
Onboard cloud and SaaS data sources into SubImage from your IaC or CLI environment (AWS, GCP, Azure, GitHub, Kubernetes outpost). Terraform / CloudFormation / Helm / aws-cli / gcloud / az / gh paths.
Wire one or more AWS accounts into SubImage by deploying the SubImageScanRole IAM role. Use when the user asks to "connect AWS to SubImage", "add an AWS account", "deploy SubImageScanRole", "set up AWS scanning", "wire an org into SubImage", or works in a Terraform/CloudFormation repo and wants SubImage to start collecting AWS data. Covers three deployment paths: CloudFormation StackSet (org-wide), Terraform, and manual aws-cli for one-off accounts.
Connect an Azure tenant to SubImage by creating a service principal with Reader role on the subscriptions you want scanned. Use when the user asks to "connect Azure to SubImage", "set up Azure scanning", "create the SubImage Azure SP", "wire Azure into SubImage", or works in a Terraform repo and wants SubImage to inventory their Azure subscriptions, resource groups, and Entra. Covers Terraform and az-cli paths.
Connect a Google Cloud organization to SubImage by creating a service account with org-level IAM read roles and registering its key. Use when the user asks to "connect GCP to SubImage", "set up GCP scanning", "create the SubImage GCP service account", "wire GCP into SubImage", or works in a Terraform repo and wants SubImage to inventory their GCP projects, folders, and IAM. Covers Terraform and gcloud paths.
Connect a GitHub organization to SubImage by installing the SubImage GitHub App (preferred) or by configuring a Personal Access Token for GitHub Enterprise Server. Use when the user asks to "connect GitHub to SubImage", "install the SubImage GitHub App", "wire our org into SubImage", "set up GitHub scanning", or works in an IaC repo and needs SubImage to inventory repos, branch protection, members, teams, and dependencies. Covers App install (recommended) and PAT fallback.
Deploy the SubImage Outpost so SubImage can reach private APIs (private EKS/GKE/AKS clusters, on-prem Jamf, internal CrowdStrike, etc.) via an outbound Tailscale tunnel. Use when the user asks to "deploy SubImage Outpost", "connect a private Kubernetes cluster to SubImage", "scan an internal API with SubImage", or works in a Helm/Terraform/Docker repo and needs SubImage to reach something not on the public internet. Covers Helm and Docker paths.
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
Claude Code marketplace for SubImage, the cloud-native security platform.
Two plugins ship from this repo:
subimage-setup : onboarding recipes for cloud and SaaS data sources (AWS, GCP, Azure, GitHub, Kubernetes outpost). Terraform / CloudFormation / Helm / aws-cli / gcloud / az / gh paths. Designed to run inside an IaC or scripts repo.subimage-mcp : operator workflows over the SubImage MCP server (triage findings, investigate CVEs, review attack paths, audit cartography coverage). Designed to run alongside an authenticated SubImage tenant.The two are independent; install whichever your workflow needs.
claude plugin marketplace add subimagesec/skills
claude plugin install subimage-setup@subimage
claude plugin install subimage-mcp@subimage
After install, skills are namespaced under their plugin:
/subimage-setup:connect-aws
/subimage-setup:connect-gcp
/subimage-setup:connect-azure
/subimage-setup:connect-kubernetes-outpost
/subimage-setup:connect-github
/subimage-mcp:triage-new-findings
/subimage-mcp:investigate-cve
/subimage-mcp:review-attack-path
/subimage-mcp:improve-cartography-coverage
Most are model-invocable: the agent picks them up automatically from the description when the user phrasing matches. You can also call any of them by name as a slash command.
subimage-mcp skills assume the SubImage MCP server is connected. Set that up first: https://app.subimage.io/docs/agents/connect_via_mcp
subimage-setup skills run anywhere a shell or IaC repo lives; no SubImage tenant connection is required to generate the IaC code (only to verify it afterwards).
.claude-plugin/
marketplace.json # marketplace catalog
plugins/
subimage-setup/
.claude-plugin/plugin.json # plugin manifest
skills/
connect-aws/SKILL.md
connect-gcp/SKILL.md
connect-azure/SKILL.md
connect-kubernetes-outpost/SKILL.md
connect-github/SKILL.md
subimage-mcp/
.claude-plugin/plugin.json
skills/
triage-new-findings/SKILL.md
investigate-cve/SKILL.md
review-attack-path/SKILL.md
improve-cartography-coverage/SKILL.md
Each SKILL.md follows the Anthropic skill convention and the Claude Code plugin spec. When adding or editing a skill:
name (matches the directory) and description (when-to-trigger sentence with concrete user-typed phrasings).{{...}} placeholder. Use <NAMED_VAR> and instruct the agent to ask the user for the value if it is not yet known.—) in any markdown. Use :, ;, ,, or parentheses.SKILL.md. If a skill exceeds it, split detailed reference material into a references/ subdirectory and tell the agent when to load it.MIT. See LICENSE.
npx claudepluginhub subimagesec/skills --plugin subimage-setupOperator workflows over the SubImage MCP server: triage findings, investigate CVEs, review attack paths, and audit cartography coverage. Requires a connected SubImage tenant.
subimagesecComprehensive skill pack with 66 specialized skills for full-stack developers: 12 language experts (Python, TypeScript, Go, Rust, C++, Swift, Kotlin, C#, PHP, Java, SQL, JavaScript), 10 backend frameworks, 6 frontend/mobile, plus infrastructure, DevOps, security, and testing. Features progressive disclosure architecture for 50% faster loading.
JeffallanA growing collection of Claude-compatible academic workflow bundles. Covers scientific figures, manuscript writing and polishing, reviewer assessment, citation retrieval, data availability, paper reading, literature search, response letters, paper-to-PPTX conversion, and evidence-grounded Chinese invention patent drafting. Rules are organized as reusable skill folders with explicit workflows and quality checks.
Yuan1z0825Intelligent draw.io diagramming plugin with AI-powered diagram generation, multi-platform embedding (GitHub, Confluence, Azure DevOps, Notion, Teams, Harness), conditional formatting, live data binding, and MCP server integration for programmatic diagram creation and management.
markus41Persistent file-based planning for AI coding agents. Crash-proof markdown plans (task_plan.md, findings.md, progress.md) that survive context loss and /clear, with an opt-in completion gate and multi-agent shared state. Manus-style. Works with Claude Code, Codex CLI, Cursor, Kiro, OpenCode and 60+ agents via the SKILL.md standard. Includes Arabic, German, Spanish, and Chinese (Simplified and Traditional).
OthmanAdiComplete creative writing suite with 10 specialized agents covering the full writing process: research gathering, character development, story architecture, world-building, dialogue coaching, editing/review, outlining, content strategy, believability auditing, and prose style/voice analysis. Includes genre-specific guides, templates, and quality checklists.
greyhaven-aiPayload Development plugin - covers collections, fields, hooks, access control, plugins, and database adapters.
payloadcms