Search everything...

Stats

Actions

Available In

security-toolkit

Name: security-toolkit
Author: swannysec

By swannysec

Security investigation and analysis tools

npx claudepluginhub swannysec/robot-tools --plugin security-toolkit

Popularity

Stars

Above avg

Med: 0·Avg: 285

Installs

Med: 0·Avg: 1

What's Inside

Skills3

gha-hardening

/gha-hardening

GitHub Actions security hardening, configuration best practices, and vulnerability detection. Covers workflow syntax, trigger security, permission management, secrets handling, OIDC federation, supply chain protection, self-hosted runner hardening, attack pattern recognition, and security scanning tool rules. 60% security/hardening content, 40% implementation/configuration guidance. Use this skill when users need to: (1) Harden GitHub Actions workflows against injection, supply chain, or privilege escalation attacks (2) Configure workflow permissions, secrets, OIDC, or environment protection rules securely (3) Understand dangerous workflow patterns (pull_request_target + checkout, workflow_run artifact poisoning, script injection via ${{ }}) (4) Choose or configure security scanning tools (zizmor, scorecard, actionlint, poutine, harden-runner, Raven) (5) Respond to supply chain incidents (tj-actions, reviewdog, compromised action tags) (6) Audit workflows for OWASP CI/CD risks, CIS benchmark compliance, or OpenSSF Scorecard checks (7) Write or review workflow YAML (triggers, matrix, reusable workflows, composite actions, caching, artifacts, environments) (8) Secure self-hosted runners (ephemeral patterns, network egress, persistence detection, runner groups)

secret-scanning-investigator

/secret-scanning-investigator

Investigate GitHub secret scanning alerts to trace provenance, gather context, assess risk, and produce a structured report for security professionals. Handles one or more alerts in a single investigation using only open-source tools.

security-vuln-analyzer

/security-vuln-analyzer

Multi-agent security vulnerability analysis with adversarial verification and ICD 203 analytic standards. Orchestrates 5 parallel finder agents, cross-model adversarial verification (Claude + Codex), and deterministic validation to analyze vulnerability reports with CWE-specific procedures, confirmation bias mitigation, and structured evidence quality assessment. Use when receiving vulnerability reports, security disclosures, bug bounty submissions, or when needing to assess and remediate security issues.

Stats

Version0.7.0

ReleasedApr 3, 2026

LanguageShell

Stars2

MaintenanceExcellent

LicenseMIT License with Commercial Restriction

Last CommitApr 3, 2026

AddedJan 26, 2026

Actions

View on GitHub View README Plugin Marketplace JSON

Own this plugin?

Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).

Available In

robot-tools1

README

Robot Tools

A comprehensive collection of Claude Code plugins for research, security, code analysis, and workflow automation.

Plugins

Research Toolkit

AI/ML research and verification tools for software development.

Skills:

ai-dev-research - Expert technical research on AI topics
ai-twitter-radar - Discover AI trends and news from Twitter/X using Bird CLI
research-verification - Pre-flight verification checklist for research tasks
kcap - Capture and distill knowledge from URLs into structured markdown notes
starduster - Catalog GitHub starred repos into a structured Obsidian vault

View Documentation

Security Toolkit

Security investigation and analysis tools.

Skills:

secret-scanning-investigator - Investigate GitHub secret scanning alerts with evidence-based analysis
security-vuln-analyzer - Multi-agent vulnerability analysis with adversarial verification, ICD 203 analytic standards, CWE-specific procedures, confirmation bias mitigation, and deterministic validation
gha-hardening - GitHub Actions security hardening — permissions, secrets, OIDC, attack patterns, supply chain, detection tools, runner security, incident response

View Documentation

Code Analysis Toolkit

Codebase flow analysis, dependency visualization, and health scoring.

Skills:

impact-flow - Dependency graphs, blast radius analysis, health scoring, and dead code detection

View Documentation

Workflow Toolkit

Development workflow automation and productivity tools.

Commands:

/dep-check - Check dependency health and security
/git-branch-cleanup - Clean up merged/stale branches
/git-safe-commit - Safe commit with validation
/post-impl-review - Post-implementation review
/verify - Full verification suite (typecheck, lint, test, audit)

Skills:

open-sourceror - Prepare skills/agents for open-source sharing or marketplace integration
phased-review - Multi-stage implementation review with parallel sub-agents, test gates, and scope modes
safe-skill-install - Supply chain security scanning for skill installations via Cisco skill-scanner
session-retrospective - Extract learnings from Claude Code sessions
plugin-qa - Validate plugin manifests, READMEs, versions, and cross-references; guided release prep with version bumping
gh-aw-helper - GitHub Agentic Workflows guide — setup, authoring, triggers, safe I/O, security, MCP tools, patterns, troubleshooting
anti-laziness-guard - Three-layer Stop hook detecting and blocking work-skipping rationalizations (regex + Haiku intent detection + optional deep verification)

Agents:

code-reviewer - Staff-level Rust code review specialist
idempotency-tester - Verify operation idempotency
ops-docs-generator - Generate operational documentation
review-orchestrator - Coordinate multi-phase code reviews

View Documentation

Installation

Install All Plugins

/plugin marketplace add https://github.com/swannysec/robot-tools
/plugin install research-toolkit@robot-tools
/plugin install security-toolkit@robot-tools
/plugin install code-analysis-toolkit@robot-tools
/plugin install workflow-toolkit@robot-tools

Install Individual Plugin

/plugin marketplace add https://github.com/swannysec/robot-tools
/plugin install <plugin-name>@robot-tools

Manual Installation

git clone https://github.com/swannysec/robot-tools.git
cd robot-tools
cc --plugin-dir ./<plugin-name>

Requirements

Claude Code CLI
Additional requirements vary by plugin (see individual plugin documentation)

Structure

robot-tools/
├── marketplace.json               # Marketplace manifest
├── research-toolkit/              # AI/ML research tools
│   ├── plugin.json
│   └── skills/
├── security-toolkit/              # Security investigation tools
│   ├── plugin.json
│   └── skills/
├── code-analysis-toolkit/         # Code analysis tools
│   ├── plugin.json
│   └── skills/
└── workflow-toolkit/              # Workflow automation tools
    ├── plugin.json
    ├── commands/
    ├── skills/
    ├── agents/
    └── hooks/

License

MIT License with Commercial Restriction

Author

swannysec

GitHub: @swannysec

security-toolkit

Popularity

What's Inside

Confidence

README

Robot Tools

Plugins

Research Toolkit

Security Toolkit

Code Analysis Toolkit

Workflow Toolkit

Installation

Install All Plugins

Install Individual Plugin

Manual Installation

Requirements

Structure

License

Author

Similar Plugins

secret-scanner

cyber-neo

security-guidance

agentic-actions-auditor

supply-chain-security

ai-security

More by swannysec

research-toolkit

code-analysis-toolkit

workflow-toolkit

Robot Tools

Plugins

Research Toolkit

Security Toolkit

Code Analysis Toolkit

Workflow Toolkit

Installation

Install All Plugins

Install Individual Plugin

Manual Installation

Requirements

Structure

License

Author

Popularity

Health & Quality

More by swannysec

research-toolkit

code-analysis-toolkit

workflow-toolkit

Similar Plugins

secret-scanner

cyber-neo

security-guidance

agentic-actions-auditor

supply-chain-security

ai-security