Auth, encryption, vulnerability scanning, and compliance
48 boosters
A technical compliance auditor agent that guides organizations through SOC 2, ISO 27001, HIPAA, and PCI-DSS certification processes, handling readiness assessment, evidence collection, and gap remediation. Ideal for security teams and compliance officers preparing for audits.
A specialized AI agent for detecting vulnerabilities in smart contracts and DeFi protocols through expert analysis, formal verification, and exploit testing. Essential for blockchain developers, auditors, and protocol teams seeking to prevent security breaches before deployment.
Configure the Slack channel MCP plugin by providing your Slack bot token and app-level token. Writes credentials to a secure file with owner-only permissions. 1. Parse the two arguments from : 2. If either token is missing or has the wrong prefix, show this error and stop:
Check HIPAA compliance for healthcare data security requirements. Use when auditing healthcare applications. Trigger with 'check HIPAA compliance', 'validate health data security', or 'audit PHI protection'.
"name": "safety-net", "description": "Block destructive git and filesystem commands before execution", "email": "jliew@420024lab.com"
Checks Claude Octopus setup status and provides configuration instructions for missing dependencies like Codex CLI. Useful for developers setting up AI coding environments, though references appear outdated.
"description": "確定申告を自動化する Claude Code Plugin。会社員+副業(事業所得・青色申告)の所得税・消費税確定申告をエンドツーエンドで支援。", "name": "kazukinagata" "keywords": ["確定申告", "tax-filing", "bookkeeping", "blue-return", "japan-tax"]
A Cursor IDE rules configuration for the pig-ui framework that enforces MCP feedback loops during development workflows. Beneficial for teams using Spring Boot 3.5, Spring Cloud, and Vue with role-based access control requirements.
"name": "clawdstrike", "name": "Backbay Labs", "email": "hello@backbay.io"
"name": "token-optimizer", "description": "Audit, fix, and monitor Claude Code context window usage. Find the ghost tokens.", "name": "Alex Greenshpun",
Manage bookmarks via Raindrop.io REST API. User must have env var set. If not configured, instruct them to: 1. Create app at https://app.raindrop.io/settings/integrations
"description": "rr CLI skill - sync code and run commands on remote machines", "name": "Riley Hilliard"
이 항목들은 Anthropic 내부 빌드에서 실행될 때만 포함됩니다. Carefully consider the reversibility and blast radius of actions. Generally you can freely take local, reversible actions like editing files or running tests. But for actions that are hard to reverse, affect shared systems beyond your local environment, or coul
Secure agent runtime with trusted process mediation
Transform a Vibes app into a multi-tenant SaaS with subdomain-based tenancy. Adds Clerk authentication, subscription gating, and generates a unified app with landing page, tenant routing, and admin dashboard.
gog is a Google Workspace CLI tool that enables AI coding assistants to interact with Gmail, Calendar, Drive, Contacts, Sheets, and Docs directly from code. Developers building automation or integrations with Google services benefit from this skill.
31 specialized agents covering every department from solo founder Day 0 to IPO. 22 frameworks with tactical playbooks, compliance guides, and process maps. Before loading any agent files, consult . It contains:
Automated security scanning for dependencies, code, containers with Trivy, Snyk, npm audit. Use for CI/CD security gates, pre-deployment audits, compliance requirements, or encountering CVE detection, outdated packages, license compliance, SBOM generation errors.
This project includes deepsafe-scan, a preflight security scanner for AI agent environments. When the user asks to audit, scan, or check security of their AI agent setup, skills, or MCP servers, run the scanner: For a full scan with LLM analysis (if OPENAIAPIKEY is set):
Mazeway provides Cursor-specific rules for implementing authentication and authorization patterns in Next.js projects using Supabase, enabling developers to own their auth logic instead of relying on external packages. Ideal for developers building secure, self-contained authentication systems.
Mazeway provides cursor-integrated authentication rules for building secure auth systems in Next.js projects using Supabase, emphasizing best practices for 2FA and device trust without external auth libraries.
"description": "Ship software systematically: project lifecycle, TDD, parallel agents, code review, security auditing, and infrastructure validation", "email": "lgbarn@users.noreply.github.com"
"name": "ultraship", "description": "Claude Code plugin — 36 tools, 42 skills, 12 agents. Elite SEO strategy with AI traffic tracking, IndexNow, GSC-GA4 cross-reference, CTR anomalies, brand filtering, keyword intelligence, index doctor, pentest, ship, launch, grow, rescue.", "name": "Houseofmvps",
"name": "andrew-architect", "description": "Claude Skills for architecture design distilled from Andrew Wu's published articles", "name": "Andrew Wu",
"name": "kernel-vuln-analyzer", "description": "Analyze Linux kernel vulnerabilities from KASAN/UBSAN/BUG crash logs or CVE descriptions. Full root cause analysis, exploitability assessment, patch development, and QEMU verification.", "url": "https://github.com/winmin"
Advanced security research skill for web servers, REST APIs, web applications, and network infrastructure. Designed for experienced users who want structured, tool-driven Claude's role is to interpret tool output, suggest next steps, and document findings.
Performs comprehensive email deliverability auditing for a domain. Checks DNS authentication records (SPF, DKIM, DMARC), infrastructure (MX, PTR, TLS), reputation (blacklists), and bulk sender compliance. Generates a health score (0-100) with prioritized fixes. 1. Both SPF AND DKIM must pass (not ju
"name": "quantum-loop", "description": "Universal CLI orchestrator with multi-runner support. Autonomous spec-driven development with dependency DAG, parallel worktree execution, two-stage review gates, and modular merge hardening.", "name": "andyzengmath"
"version": "5.10.0", "description": "Memory → Evaluation → Credential → Access Control for AI agents. Persistent memory with W3C Verifiable Credentials, capability-based access control, drift detection, and FSRS-6 spaced repetition.", "name": "kobie3717",
"name": "sensitive-canary", "description": "Blocks secrets and PII before they reach the Anthropic API", "repository": "https://github.com/coo-quack/sensitive-canary",
"name": "claude-mlx-tts", "description": "Voice-cloned TTS notifications using MLX Chatterbox Turbo. Clone any voice from a 20-second sample.", "command": "${CLAUDEPLUGINROOT}/scripts/run-tts.sh",
Heuristic scoring (no AI key configured).
"name": "cadre-devkit-claude", "description": "Cadre team development kit for Claude Code - security hooks, workflow automation, and productivity tools", "name": "Cadre Team"
"name": "compliance-pilot", "description": "AWS compliance engine — SOC 2 + HIPAA scanning, remediation, and audit reporting powered by Prowler", "name": "Mehul Prajapati",
"name": "keep-it-simple", "description": "Keep it simple skills ruthlessly kills complexity."
"name": "mcp-keyring-injector", "description": "Securely inject MCP API credentials from system keyring into Claude Code configuration at session start", "name": "Sankalp Gilda, Ph.D.",
A binary exploitation analysis booster that automates reconnaissance and vulnerability detection for CTF challenges, helping security researchers and students quickly identify exploitation vectors in compiled binaries.
A web vulnerability assessment skill for CTF challenges that automates reconnaissance and exploit development against target URLs. Useful for security practitioners and CTF competitors looking to systematically identify and exploit web vulnerabilities.
"name": "claude-privacy-guard", "description": "Privacy guard plugin for Claude Code - prevents PII and secrets from leaking into AI prompts", "name": "Datum Brain"
SkillGuard is a security reviewer for Claude/Cursor Skills that detects prompt injection, tool injection, data exfiltration, and unsafe automation risks. It's essential for developers and organizations installing or developing AI skills to ensure safe, policy-compliant code execution.
Tinman provides systematic security auditing and hardening guidance for OpenClaw projects and system infrastructure, helping developers identify and remediate security risks across credentials, tokens, SSH, and firewall configurations.
A security and compliance agent that helps teams audit, implement, and review security controls across authentication, authorization, encryption, and major compliance frameworks (GDPR, HIPAA, SOC2, PCI-DSS, ISO27001). Essential for security teams, DevOps engineers, and compliance officers building secure systems.
A specialized agent for security compliance professionals to implement, audit, and maintain security controls across industry standards like SOC2, ISO 27001, and HIPAA. Ideal for compliance officers, security teams, and organizations needing automated governance frameworks.
An expert agent for penetration testing and vulnerability assessment that helps security professionals conduct authorized red team operations and identify security weaknesses. Ideal for security engineers, penetration testers, and organizations needing structured ethical hacking guidance.
A comprehensive MongoDB security and administration agent that teaches and implements authentication methods (SCRAM/X.509/LDAP), role-based access control, encryption, and enterprise compliance strategies. Ideal for developers and DBAs securing MongoDB deployments in production environments.
An MCP Server that automates Section 508 and WCAG accessibility compliance checking for websites, with multi-page crawling and report generation capabilities. Ideal for developers, QA teams, and organizations required to meet federal accessibility standards.
A security-focused agent that guides developers through application security, authentication, authorization, and compliance best practices for cloud-native applications. Ideal for teams building secure AI applications who need expert security guidance integrated into their development workflow.
Heuristic scoring (no AI key configured).
