Security plugins

Reverse engineer binaries, triage and unpack malware, extract and analyze firmware, perform memory forensics, and dissect network protocols using specialized AI agents and skills for authorized security research, CTFs, and incident response.

Refactors and modernizes legacy codebases by detecting code smells, SOLID violations, and technical debt, generating prioritized remediation plans with cost estimates, while preserving project context for safe incremental migrations.

Automates end-to-end feature development: explores codebase to map dependencies, patterns, and execution paths; designs architectures with blueprints, data flows, and build sequences; implements code changes; reviews for bugs, security vulnerabilities, and quality issues using high-confidence filtering.

Automate technical debt reduction, dependency updates, and code refactoring by scanning for vulnerabilities and code smells, generating prioritized remediation plans, and leveraging AI-powered test automation and code review.

Run multi-perspective code reviews across architecture, security, performance, and best practices, including git-based PR analysis with specialized agents for vulnerability scanning and architectural integrity.

Delegate expert-level code reviews, security audits, penetration tests, QA automation, accessibility compliance checks, performance optimizations, chaos engineering, and compliance validations to specialized sub-agents across codebases, infrastructure, and systems.

Bridge Claude Code with Telegram to send messages, approve pairings, manage allowlists, and enforce access policies directly from chat.

Secure full-stack applications with API design patterns, authentication/authorization systems, backend/frontend coding practices, code review for vulnerabilities, and PCI DSS compliance guidance.

Enables Claude Code to conduct comprehensive security assessments across web applications, cloud infrastructure (AWS, Azure, GCP), and DevSecOps pipelines, including penetration testing, vulnerability scanning, privilege escalation, and audit reviews.

Saves context window by sandboxing code execution in 11 languages, indexing project files into a persistent FTS5 knowledge base with BM25 ranking, and automatically restoring session state across compactions.

Automate legal workflows: draft briefs, triage NDAs, review contracts against playbooks, run compliance checks, prepare e-signature documents, and track vendor agreements across CLM, CRM, email, and chat systems.

Provides structured guidance for executing cybersecurity operations across penetration testing, incident response, threat hunting, cloud security, and malware analysis, with step-by-step procedures and tool usage.

Configure and debug Payload CMS backends in payload.config.ts by defining collections, fields, hooks, access control, and APIs. Troubleshoot validation errors, security issues, relationships, queries, transactions, and hook behaviors to build robust headless CMS applications.

Automate KYC/AML screening of investor onboarding documents: parse identity, ownership, source of funds; apply risk rules; check sanctions/PEP lists; generate escalation packets for compliance sign-off.

Manage iMessage access control for Claude Code — approve or deny pairing requests, edit sender allowlists, set DM and group chat policies, and check that Full Disk Access and chat.db are properly configured.

Automate KYC/AML compliance by parsing investor onboarding packets into structured fields (identity, ownership, control, source of funds) and applying rules grids to assign risk ratings, check required documents, and route escalation.

Run CodeQL and Semgrep to scan multi-language codebases (Python, JavaScript/TS, Go, Java, C#, Ruby, Rust) for security vulnerabilities via taint tracking and pattern matching. Parse, deduplicate, and aggregate SARIF outputs from scans, then integrate findings into CI/CD pipelines using GitHub Actions or bash scripts.

Decompile Android APK, XAPK, JAR, and AAR files using jadx or Fernflower, then extract HTTP API endpoints and trace call flows from UI to network layer for security analysis and API documentation.

Run autonomous Claude-powered iteration loops that modify code, verify against metrics, and refine until success, automating debugging, bug fixes, security audits, documentation generation, task planning, issue prediction, adversarial reasoning, test scenario creation, and multi-phase project shipping.

Capture, decode, and analyze Kubernetes cluster network traffic for root cause analysis, forensic snapshots, PCAP extraction, and security threat detection using the Kubeshark MCP. Includes traffic filtering with the Kubeshark Filter Language (KFL2) and auditing against MITRE ATT&CK framework.

Bridge IDA Pro with language models via MCP for AI-assisted reverse engineering, enabling natural language queries against disassembly, decompilation, cross-references, and database state using IDAPython scripting patterns.

Implement Trail of Bits handbook security testing workflows: fuzz Rust, Python, C/C++, Ruby code with AFL++, libFuzzer, cargo-fuzz, Atheris; instrument AddressSanitizer; run static analysis via Semgrep, CodeQL; generate coverage reports, dictionaries, and bypass obstacles for vulnerability detection.

Audit smart contracts for vulnerabilities across Cosmos, Solana, Polkadot, TON, Algorand, and StarkNet blockchains using specialized scanners. Assess codebase maturity with scorecards, prepare for professional audits via static analysis and test improvements, analyze token integrations for ERC standards and risks, and apply Trail of Bits guidelines for architecture reviews and secure workflows.

Build, deploy, and manage the full Cloudflare platform — Workers, Durable Objects, AI agents, email, Zero Trust, and web performance — with skills for scaffolding projects, writing production code, managing infrastructure via Wrangler CLI and API, and auditing Core Web Vitals.

Run cloud security compliance checks and remediate issues across AWS, GCP, and Azure using Prowler's assessment platform. Automates framework selection, provider configuration, and step-by-step compliance checking to make accounts compliant with security/industry frameworks.

Annotate codebases with dimensional analysis comments documenting units, dimensions, and decimal scaling. Automatically scan for arithmetic patterns, discover project-specific units, propagate annotations through expressions and functions, and validate consistency to detect mismatches and bugs in DeFi protocols or numerical code.

Build multi-language code graphs to map call graphs, attack surfaces, blast radius, taint propagation, privilege boundaries, and complexity hotspots for security audits. Visualize architecture with Mermaid diagrams, compare snapshots across git commits for evolution analysis, triage mutation testing survivors, generate crypto test vectors, diagram protocols, and project SARIF findings onto graphs.

Run institutional-grade equity research on A/HK/US stocks with deep fundamental analysis, 65-investor panel voting, pump-and-dump fraud detection, DCF/comps/LBO valuation, portfolio attribution, and Bloomberg-style HTML reports.

Discover, evaluate, install, update, and manage community legal skills with a security review gate that validates skills against a design framework before they run in your environment.

Runs first-pass trademark clearance and patentability screening, drafts cease-and-desist letters and DMCA takedowns, checks open-source license compliance, reviews IP clauses, and tracks registration/renewal deadlines — all calibrated to a configurable IP practice profile.

Govern AI use across the firm: triage use cases against your registry, run impact assessments under relevant regimes, review vendor AI terms for training-data and liability gaps, and keep policies current with automated drift detection and regulatory gap analysis.

Implement, customize, secure, deploy, troubleshoot, and scale Clerk authentication in Next.js apps using 24 skills for SDK installation, sign-up/sign-in UIs, middleware protection, error debugging, webhook handling, performance tuning, cost optimization, RBAC/SSO, GDPR compliance, production checklists, CI/CD pipelines, local dev loops, and migrations from Auth0, Firebase, or Supabase.

Audit codebases with a security agent that scans for vulnerabilities like SQL injection, XSS, CSRF, auth flaws, insecure dependencies, and secrets; generates severity-rated reports including file locations, explanations, compliance checks, and code fixes with examples.

Integrate secrets managers like Vault, AWS Secrets Manager, GCP Secret Manager, and Azure Key Vault into applications and infrastructure. Generate policies, auth configs, rotation schedules, Kubernetes manifests, retrieval code, setup scripts, and documentation from simple inputs.

Automates product launch legal review by calibrating risk tolerance, reviewing PRDs and marketing copy for claims needing substantiation, flagging upcoming launches in Jira/Linear, and triaging Slack questions — all within configurable practice profiles.

Manage privacy compliance workflows: triage processing activities, generate PIAs, review DPAs, draft DSAR responses, detect policy drift, and track regulatory changes — all within a configurable practice profile.

Create and validate custom Semgrep rules for detecting security vulnerabilities, bugs, code patterns, and standards using test-first methodology, conversation context for patterns and languages, plus taint mode support.

Scan smart contract codebases in Solidity, Vyper, Solana/Rust, Move, TON, or CosmWasm to identify externally callable state-changing functions, categorize them by access levels, and generate structured reports for security audits and access control reviews.

Automated bug hunting and red-team engagement platform for web, cloud, mobile, and enterprise targets. Runs recon, vulnerability scanning, exploit chaining, and report generation across 70+ attack classes with slash commands and auto-loaded skill sets.

Scaffold production-grade Claude Code plugins with marketplace integration, validate structure and schemas, audit for security vulnerabilities and best practices, and automate semantic version bumps across manifests and catalogs using auto-invoked skills and interactive commands.

Exploit Apache Shiro rememberMe deserialization vulnerabilities (Shiro-550, CVE-2016-4437) via CLI — automate key cracking, gadget chain detection, command execution, and memory shell injection for penetration testing.

Monitor new token launches on Ethereum, BSC, Polygon, and Arbitrum DEXes to detect rugpulls and security risks. Analyze contracts for honeypots, ownership renouncement, liquidity locks, mint functions, proxies, blacklists, and perform verification plus social legitimacy checks.

Simulate flash loan strategies on Aave, dYdX, Uniswap V3, and Balancer to analyze DeFi arbitrage, liquidations, and collateral swaps. Compute profitability with gas estimation, slippage and fee modeling, plus risk assessments for MEV and front-running.

Automate OWASP Top 10 vulnerability scans and penetration testing on JavaScript, Python, and Java codebases using Semgrep, ESLint-security, Bandit, and dependency audits. Delegate comprehensive security audits to a specialized agent covering injections, XSS, CSRF, authentication flaws, access control, and misconfigurations.

Scan codebases for data privacy risks, identifying PII exposures, hardcoded sensitive data, unsafe logging practices, unencrypted storage, insecure transmission, missing consent mechanisms, and retention policy violations to audit and remediate compliance issues.

Audit and optimize web projects for Lighthouse scores, Core Web Vitals, WCAG 2.2 accessibility, technical SEO, performance bottlenecks, security best practices, and code quality using specialized agent skills that apply fixes with code examples.

Build complete API authentication and authorization systems supporting JWT, OAuth2, API keys, sessions, MFA, RBAC, token refresh, validation, and brute-force protection. Generates models, middleware, and services for JavaScript/Node.js, Python, and Java backends.

Configure, troubleshoot, and optimize Sentry error tracking and performance monitoring across Node.js, Python, React/Next.js apps, CI/CD pipelines, and enterprise setups, including SDK installs, source maps, sampling, PII scrubbing, and incident response.

Build deep architectural context through line-by-line and per-function code analysis using First Principles and 5 Whys, enabling precise vulnerability hunting and bug detection in security audits. Target entire codebases, specific modules, or dense functions to map dependencies, data flows, assumptions, and effects.

Generate tailored legal documents like NDAs, freelancer agreements, privacy policies, and terms of service by scanning websites or apps for data practices. Review contracts via multi-agent analysis for risks, compliance gaps (GDPR/CCPA), missing protections, plain-English summaries, and negotiation proposals. Audit sites for regulatory adherence with scored reports and remediation roadmaps.

Discover similar bugs and vulnerabilities across your codebase by generalizing patterns from an initial issue using ripgrep, Semgrep, and CodeQL for iterative, pattern-based analysis via skills or commands.

Parse Burp Suite .burp project files from the command line to search headers and bodies with regex, extract security findings like audit items, and dump filtered proxy history or sitemap for targeted HTTP security analysis workflows.

Audit web app session management for vulnerabilities like fixation, ID generation flaws, expiration issues, cookie misconfigurations, insecure storage, and poor invalidation in Express, Django, Rails, Python, and Java apps. Check current Claude Code session status, including active state and user details.

Audit authentication in JavaScript, Python, and Java web apps/APIs against OWASP/NIST standards—covering password hashing, JWT handling, sessions, OAuth flows, MFA, and account controls. Validate project setups by checking credentials, tokens, and config files for errors and compliance status.

Add Redis-backed rate limiting to Express, FastAPI, Python, Node.js, or Java APIs using token bucket, sliding window, or quota algorithms. Enforce per-user or per-IP limits with configurable tiers, monitoring headers, and automatic 429 responses to protect against abuse.

Scan your codebase for OWASP Top 10 web security risks including injections, broken authentication, access control flaws, cryptographic failures, and misconfigurations. Generate detailed reports with remediation guidance to audit compliance and strengthen security.

Audit codebases, configurations, and documentation for HIPAA compliance in healthcare applications. Detect PHI protection gaps, access control weaknesses, encryption issues, logging deficiencies, and BAA adherence problems via targeted skills and commands.

Follow NIST SP 800-61 to handle security incidents: classify breaches, preserve evidence, analyze logs using Bash tools on Linux, contain threats, investigate IOCs, eradicate malware, and recover systems. Invoke playbook with 'sir' shortcut for quick response workflow.

Audit dependencies across Node.js, Python, PHP, Ruby, Go, and Rust projects for vulnerabilities, outdated versions, transitive issues, and license compliance. Generate detailed reports with CVE information, upgrade recommendations, and fix commands using tools like npm audit and pip-audit.

Run interactive penetration tests on web apps and codebases: scan HTTP security headers for CSP/HSTS issues, audit npm/pip dependencies for vulnerabilities, analyze code for secrets/injections with bandit, get severity-prioritized findings, fix suggestions, and JSON reports.

Scan your current codebase for security vulnerabilities using SAST on code, CVE detection in npm, pip, and composer dependencies, plus configuration issues. Receive a structured report with severity ratings, detailed findings, and remediation steps to fix them quickly.

Scan REST API code and endpoints for OWASP Top 10 vulnerabilities like injection, BOLA, broken auth, mass assignment, and rate limit issues. Run OWASP ZAP scans to detect misconfigurations and attack vectors, generating HTML reports, JSON findings, remediation guides, evidence, and Python regression tests.

Audit PostgreSQL, MySQL, and MongoDB databases for security risks including misconfigurations, privileges, encryption, network exposure, default credentials, and SQL injection in app code. Run scans for 50+ OWASP vulnerabilities, generate compliance reports, automated remediation scripts, and audit trails from your IDE.

Verify blockchain smart contracts match specifications from whitepapers, PDFs, Markdown, or URLs, detecting implementation gaps, undocumented behaviors, logic discrepancies, and security issues via structured audits and generating compliance reports.

Scan Android APK files or directories for Firebase security misconfigurations like open Realtime Database, Firestore, storage buckets, authentication issues, and exposed Cloud Functions to conduct mobile security audits and authorized pentesting.

Perform security reviews of pull requests, commits, or code diffs using git history for context, blast radius estimation, test coverage checks, and markdown report generation.

Scan cryptographic code for timing side-channel vulnerabilities like secret-dependent branches and divisions across Go, Rust, Java, Kotlin, C#, PHP, JS/TS, Python, and Ruby. Run constant-time analysis via skills or commands to get violation reports in JSON, with filters for warnings, architecture, and functions.

Prevent destructive git and filesystem commands from executing, block or audit dangerous Bash commands, and configure custom safety rules at user or project scope.

Master Cursor IDE AI workflows using 30 guided skills: install and authenticate, configure custom models and rules, optimize indexing and performance, automate Composer for multi-file refactoring and scaffolding, troubleshoot errors, manage teams with SSO, and audit compliance.

Monitor cross-chain bridge activity across protocols like Wormhole, Stargate, Arbitrum, and Optimism. Track transfers, TVL, volume, fees, and transaction status. Analyze security models and validators while detecting exploits and anomalies.

Initialize Firestore Admin SDK in Node.js projects with authentication, manage safe CRUD operations batch writes queries schema design data migrations indexes, generate validate production-ready security rules using least privilege and emulator testing, and optimize performance costs.

Scan codebases for SQL injection vulnerabilities by tracing user inputs through code to database queries, identifying unsafe patterns like string concatenation and unparameterized ORM usage in Django, Rails, Express, and Go apps. Get risk reports and mitigation recommendations via skills or direct commands.

Inspect Vertex AI Agent Engine deployments on Google Cloud to validate runtime configuration, agent health, security posture, performance, A2A compliance, and best practices. Generate readiness scores and detailed reports for production validation and monitoring.

Use Claude to manage Granola AI meeting notes workflows end-to-end: automate installations and upgrades, integrate with GitHub/Linear/Slack via Zapier for action items, optimize costs/performance/security, export data, troubleshoot issues, and deploy enterprise setups with RBAC/observability.

Monitor Ethereum and L2 mempools like BSC, Polygon, Arbitrum in real-time to detect MEV opportunities including sandwich attacks, arbitrage, liquidations; analyze pending transactions, DEX swaps; optimize gas prices via Python scripts and specialized agents.

Build secure Rust applications integrating Azure services: authenticate with Entra ID, manage Key Vault secrets/keys/certificates, perform CRUD on Cosmos DB documents and Blob Storage, and stream data via Event Hubs using official SDK patterns and code examples.

Scan Python, JavaScript, Ruby, and Docker configurations for insecure defaults like hardcoded secrets, fallback credentials, weak authentication, permissive settings, and dangerous production values. Run during security audits, config reviews, and pre-deployment checks to block fail-open vulnerabilities.

Audit GitHub Actions workflows to detect security vulnerabilities in AI agent integrations like Claude Code Action, Gemini CLI, OpenAI Codex, and GitHub AI Inference. Identify prompt injection risks and unsafe input flows in CI/CD pipelines before deployment.

Master Windsurf AI IDE with 30 skills to automate Cascade multi-file coding workflows, troubleshoot IDE issues, optimize performance and costs, configure enterprise RBAC/security/CI gates, deploy to Netlify/Vercel, and scale for large teams/monorepos.

Validate Vertex AI Agent Engine deployments for production readiness, generating weighted scores across security, monitoring, performance, compliance, and best practices, plus actionable remediation plans.

Scan Docker images and Dockerfiles for vulnerabilities, misconfigurations, and compliance using Trivy, Grype, Snyk, and Hadolint. Generate remediation reports with CI/CD integration plus production-ready secure container configurations, setup code, and documentation.

Validate PCI-DSS compliance in payment systems by scanning codebases, configurations, and infrastructure for cardholder data security issues, generating status reports or detailed audits.

Audit access controls including IAM policies, RBAC, ACLs, file permissions, and API authorizations in AWS, GCP, Azure, and local projects to detect vulnerabilities, privilege escalation paths, and least privilege violations, generating detailed compliance reports.

Scan codebases for reflected, stored, and DOM-based XSS vulnerabilities across HTML, JavaScript, CSS, and URLs. Test WAF bypass techniques and CSP protections, then receive reports on risks with remediation suggestions via commands or natural language triggers.

Encrypt and decrypt data with various algorithms using the /encrypt command and shortcut. Audit encryption implementations, validate crypto algorithms, and verify key management in codebases and configs during security reviews.

Protect backend APIs from overload by generating throttling middleware, quota services, and management APIs with token bucket, sliding window algorithms, concurrency limits, circuit breakers, priority queues, and adaptive controls using Redis in Express, FastAPI, or JavaScript apps.

Audit EVM wallet security by scanning ERC20 approvals, transaction patterns, and contract interactions to compute risk scores and generate revoke lists via Python scripts.

Scan codebases for input validation weaknesses risking SQL injection, XSS, command injection, path traversal, and buffer overflows, targeting user inputs from HTTP parameters, forms, and APIs during security audits.

Audit Terraform, Kubernetes, and cloud configurations for CIS, SOC2, HIPAA, PCI-DSS compliance using Checkov, tfsec, and OPA. Generate detailed reports, remediation patches, CI/CD gating steps, plus production-ready secure DevOps configurations, setup code, and documentation with security-first best practices.

Fuzz test REST and GraphQL APIs using OpenAPI specs to detect crashes, vulnerabilities, edge cases, and unexpected behaviors with tools like Schemathesis, RESTler, OWASP ZAP. Generate test suites, security reports, and reproducible payloads for input validation and security auditing.

Analyze any website's HTTP/HTTPS security headers to detect vulnerabilities, misconfigurations, OWASP compliance gaps, cookie problems, and info leaks. Receive overall grades plus targeted configuration fixes for Nginx, Apache, or Cloudflare servers.

Implement structured logging for API requests with automatic correlation IDs, PII redaction, performance metrics, and security audit trails in JavaScript, Python, and Java backends. Use the setup command to configure request/response capture and log shipping in Node.js or Python apps for debugging, compliance, and observability workflows.

Validate CORS configurations in Express, Django, Flask, Nginx, and Python web apps/APIs to detect security misconfigurations like wildcard origins, origin reflection, permissive methods/headers, and ensure compliance with origins, methods, credentials.

Generate Kubernetes NetworkPolicy manifests enforcing zero-trust networking via ingress/egress rules with pod labels, namespaces, CIDRs, and ports. Create production-ready configurations, setup code, and documentation matching your infrastructure and security requirements.

Automate SOC 2 audit preparation by assessing Trust Service Criteria controls (CC1-CC9), gathering evidence from documents, logs, and IaC, identifying gaps, and generating readiness reports across AWS, GCP, and Azure environments.

Monitor SSL/TLS certificate expiry dates, automate renewals, list installed certificates, diagnose chain issues, and manage project configurations including setup, renewal, and verification tasks.