Stats
Actions
Available In
Tags
Plugin
security
Repo + endpoint security setup: OpenSSF Scorecard, gitleaks, Snyk, Socket, and the bumblebee endpoint scanner. User-triggered via /security:<tool>.
What's Inside
Skills5
bumblebee
/bumblebee
Set up and use Perplexity's bumblebee endpoint scanner for supply-chain exposure checks. Two modes — setup (install the Go binary, pick an output directory, run a first baseline scan, optionally schedule recurring scans and wire up an exposure catalog) and review (read the latest scan, answer advisory lookups like "did I have package X@Y installed", surface drift since the prior scan, optionally re-run with the catalog). Aimed at single developers and small teams (no MDM, no SIEM). User-triggered only — activate when the user invokes `/security:bumblebee`, `/security:bumblebee review`, `/security:bumblebee check <package>`, or `/security:bumblebee setup`.
gitleaks
/gitleaks
Set up gitleaks secret-scanning on a repo. Scans history for existing leaks first — stops if dirty, because installing CI on top of a polluted history makes CI permanently red. If history is clean, scaffolds .gitleaks.toml, a local pre-commit hook, and a pinned CI workflow that scans both git history and working tree. User-triggered only — activate when the user invokes `/security:gitleaks`.
openssf
/openssf
Scaffold OpenSSF Scorecard GitHub Action on a public repo with a safe two-phase rollout — first run with publish_results false so SARIF findings can be triaged before any score reaches the public dashboard, then flip to true and add a badge once the score is acceptable. Refuses to install on private/internal repos. Subcommand `fix` turns a Scorecard report into a remediation plan and applies it. Use when the user says "add OpenSSF", "set up Scorecard", "OpenSSF boilerplate", "fix the scorecard findings", or "/security:openssf".
snyk
/snyk
Set up Snyk on a repo. The integration is a GitHub App plus a Snyk-side "import this repo as a project" step, not a checked-in config, so most of the skill is walking the user through the three browser steps (Snyk login → GitHub App install → Add project) and then verifying via the GitHub API that the App actually landed on the right account. Pre-flips "Automatic fix PRs" off so the install doesn't dump a backlog of fix PRs into the repo. Optionally scaffolds a pinned CI workflow that runs `snyk code test` (SAST), which isn't covered by the App's free tier dependency-CVE scanning. User-triggered only — activate when the user invokes `/security:snyk`.
socket
/socket
Set up Socket Security (socket.dev) on a repo. The integration is a GitHub App, not a config file, so most of the skill is walking the user through the OAuth install in two browser steps (socket.dev sign-in, then GitHub App install) and then verifying via the GitHub API that the install actually landed on the right account and the current repo is in the selected-repos list. Optionally scaffolds a pinned CI workflow as a status-check backstop to the App's PR comments. User-triggered only — activate when the user invokes `/security:socket`.
Stats
Version0.1.0
LanguageTypeScript
Stars0
MaintenanceGood
LicenseMIT
Last Commit
Added
Available In
Tags
Categories
