Auth, encryption, vulnerability scanning, and compliance
48 boosters
A specialized AI agent for detecting vulnerabilities in smart contracts and DeFi protocols through expert analysis, formal verification, and exploit testing. Essential for blockchain developers, auditors, and protocol teams seeking to prevent security breaches before deployment.
A technical compliance auditor agent that guides organizations through SOC 2, ISO 27001, HIPAA, and PCI-DSS certification processes, handling readiness assessment, evidence collection, and gap remediation. Ideal for security teams and compliance officers preparing for audits.
Configure the Slack channel MCP plugin by providing your Slack bot token and app-level token. Writes credentials to a secure file with owner-only permissions. 1. Parse the two arguments from : 2. If either token is missing or has the wrong prefix, show this error and stop:
Check HIPAA compliance for healthcare data security requirements. Use when auditing healthcare applications. Trigger with 'check HIPAA compliance', 'validate health data security', or 'audit PHI protection'.
"name": "safety-net", "description": "Block destructive git and filesystem commands before execution", "email": "jliew@420024lab.com"
Checks Claude Octopus setup status and provides configuration instructions for missing dependencies like Codex CLI. Useful for developers setting up AI coding environments, though references appear outdated.
"description": "確定申告を自動化する Claude Code Plugin。会社員+副業(事業所得・青色申告)の所得税・消費税確定申告をエンドツーエンドで支援。", "name": "kazukinagata" "keywords": ["確定申告", "tax-filing", "bookkeeping", "blue-return", "japan-tax"]
A Cursor IDE rules configuration for the pig-ui framework that enforces MCP feedback loops during development workflows. Beneficial for teams using Spring Boot 3.5, Spring Cloud, and Vue with role-based access control requirements.
"name": "clawdstrike", "name": "Backbay Labs", "email": "hello@backbay.io"
"name": "token-optimizer", "description": "Audit, fix, and monitor Claude Code context window usage. Find the ghost tokens.", "name": "Alex Greenshpun",
Manage bookmarks via Raindrop.io REST API. User must have env var set. If not configured, instruct them to: 1. Create app at https://app.raindrop.io/settings/integrations
"description": "rr CLI skill - sync code and run commands on remote machines", "name": "Riley Hilliard"
이 항목들은 Anthropic 내부 빌드에서 실행될 때만 포함됩니다. Carefully consider the reversibility and blast radius of actions. Generally you can freely take local, reversible actions like editing files or running tests. But for actions that are hard to reverse, affect shared systems beyond your local environment, or coul
Secure agent runtime with trusted process mediation
Transform a Vibes app into a multi-tenant SaaS with subdomain-based tenancy. Adds Clerk authentication, subscription gating, and generates a unified app with landing page, tenant routing, and admin dashboard.
gog is a Google Workspace CLI tool that enables AI coding assistants to interact with Gmail, Calendar, Drive, Contacts, Sheets, and Docs directly from code. Developers building automation or integrations with Google services benefit from this skill.
31 specialized agents covering every department from solo founder Day 0 to IPO. 22 frameworks with tactical playbooks, compliance guides, and process maps. Before loading any agent files, consult . It contains:
Automated security scanning for dependencies, code, containers with Trivy, Snyk, npm audit. Use for CI/CD security gates, pre-deployment audits, compliance requirements, or encountering CVE detection, outdated packages, license compliance, SBOM generation errors.
This project includes deepsafe-scan, a preflight security scanner for AI agent environments. When the user asks to audit, scan, or check security of their AI agent setup, skills, or MCP servers, run the scanner: For a full scan with LLM analysis (if OPENAIAPIKEY is set):
Mazeway provides cursor-integrated authentication rules for building secure auth systems in Next.js projects using Supabase, emphasizing best practices for 2FA and device trust without external auth libraries.
Mazeway provides Cursor-specific rules for implementing authentication and authorization patterns in Next.js projects using Supabase, enabling developers to own their auth logic instead of relying on external packages. Ideal for developers building secure, self-contained authentication systems.
"description": "Ship software systematically: project lifecycle, TDD, parallel agents, code review, security auditing, and infrastructure validation", "email": "lgbarn@users.noreply.github.com"
"name": "ultraship", "description": "Claude Code plugin — 36 tools, 42 skills, 12 agents. Elite SEO strategy with AI traffic tracking, IndexNow, GSC-GA4 cross-reference, CTR anomalies, brand filtering, keyword intelligence, index doctor, pentest, ship, launch, grow, rescue.", "name": "Houseofmvps",
"name": "andrew-architect", "description": "Claude Skills for architecture design distilled from Andrew Wu's published articles", "name": "Andrew Wu",
"name": "kernel-vuln-analyzer", "description": "Analyze Linux kernel vulnerabilities from KASAN/UBSAN/BUG crash logs or CVE descriptions. Full root cause analysis, exploitability assessment, patch development, and QEMU verification.", "url": "https://github.com/winmin"
Advanced security research skill for web servers, REST APIs, web applications, and network infrastructure. Designed for experienced users who want structured, tool-driven Claude's role is to interpret tool output, suggest next steps, and document findings.
Performs comprehensive email deliverability auditing for a domain. Checks DNS authentication records (SPF, DKIM, DMARC), infrastructure (MX, PTR, TLS), reputation (blacklists), and bulk sender compliance. Generates a health score (0-100) with prioritized fixes. 1. Both SPF AND DKIM must pass (not ju
"name": "quantum-loop", "description": "Universal CLI orchestrator with multi-runner support. Autonomous spec-driven development with dependency DAG, parallel worktree execution, two-stage review gates, and modular merge hardening.", "name": "andyzengmath"
"version": "5.10.0", "description": "Memory → Evaluation → Credential → Access Control for AI agents. Persistent memory with W3C Verifiable Credentials, capability-based access control, drift detection, and FSRS-6 spaced repetition.", "name": "kobie3717",
"name": "sensitive-canary", "description": "Blocks secrets and PII before they reach the Anthropic API", "repository": "https://github.com/coo-quack/sensitive-canary",
"name": "cadre-devkit-claude", "description": "Cadre team development kit for Claude Code - security hooks, workflow automation, and productivity tools", "name": "Cadre Team"
Heuristic scoring (no AI key configured).
"name": "claude-mlx-tts", "description": "Voice-cloned TTS notifications using MLX Chatterbox Turbo. Clone any voice from a 20-second sample.", "command": "${CLAUDEPLUGINROOT}/scripts/run-tts.sh",
"name": "compliance-pilot", "description": "AWS compliance engine — SOC 2 + HIPAA scanning, remediation, and audit reporting powered by Prowler", "name": "Mehul Prajapati",
"name": "keep-it-simple", "description": "Keep it simple skills ruthlessly kills complexity."
A web vulnerability assessment skill for CTF challenges that automates reconnaissance and exploit development against target URLs. Useful for security practitioners and CTF competitors looking to systematically identify and exploit web vulnerabilities.
"name": "mcp-keyring-injector", "description": "Securely inject MCP API credentials from system keyring into Claude Code configuration at session start", "name": "Sankalp Gilda, Ph.D.",
"name": "claude-privacy-guard", "description": "Privacy guard plugin for Claude Code - prevents PII and secrets from leaking into AI prompts", "name": "Datum Brain"
A binary exploitation analysis booster that automates reconnaissance and vulnerability detection for CTF challenges, helping security researchers and students quickly identify exploitation vectors in compiled binaries.
SkillGuard is a security reviewer for Claude/Cursor Skills that detects prompt injection, tool injection, data exfiltration, and unsafe automation risks. It's essential for developers and organizations installing or developing AI skills to ensure safe, policy-compliant code execution.
An MCP Server that automates Section 508 and WCAG accessibility compliance checking for websites, with multi-page crawling and report generation capabilities. Ideal for developers, QA teams, and organizations required to meet federal accessibility standards.
Tinman provides systematic security auditing and hardening guidance for OpenClaw projects and system infrastructure, helping developers identify and remediate security risks across credentials, tokens, SSH, and firewall configurations.
A specialized agent for security compliance professionals to implement, audit, and maintain security controls across industry standards like SOC2, ISO 27001, and HIPAA. Ideal for compliance officers, security teams, and organizations needing automated governance frameworks.
An expert agent for penetration testing and vulnerability assessment that helps security professionals conduct authorized red team operations and identify security weaknesses. Ideal for security engineers, penetration testers, and organizations needing structured ethical hacking guidance.
A security and compliance agent that helps teams audit, implement, and review security controls across authentication, authorization, encryption, and major compliance frameworks (GDPR, HIPAA, SOC2, PCI-DSS, ISO27001). Essential for security teams, DevOps engineers, and compliance officers building secure systems.
A comprehensive MongoDB security and administration agent that teaches and implements authentication methods (SCRAM/X.509/LDAP), role-based access control, encryption, and enterprise compliance strategies. Ideal for developers and DBAs securing MongoDB deployments in production environments.
An API security audit specialist agent that helps developers identify and fix vulnerabilities in REST APIs, including authentication flaws, injection attacks, and compliance issues. Ideal for security-conscious development teams and API developers seeking proactive vulnerability assessment.
A cybersecurity specialist agent that performs security assessments, vulnerability analysis, and compliance auditing across applications and infrastructure. Developers, security teams, and DevOps engineers benefit from automated security reviews and threat identification.
