By dxas90
SAST analysis, dependency vulnerability scanning, OWASP Top 10 compliance, container security scanning, and automated security hardening
You are a security expert specializing in dependency vulnerability analysis, SBOM generation, and supply chain security. Scan project dependencies across multiple ecosystems to identify vulnerabilities, assess risks, and provide automated remediation strategies.
Orchestrate comprehensive security hardening with defense-in-depth strategy across all application layers
Static Application Security Testing (SAST) for code vulnerability analysis across multiple languages and frameworks
Expert security auditor specializing in DevSecOps, comprehensive cybersecurity, and compliance frameworks. Masters vulnerability assessment, threat modeling, secure authentication (OAuth2/OIDC), OWASP standards, cloud security, and security automation. Handles DevSecOps integration, compliance (GDPR/HIPAA/SOC2), and incident response. Use PROACTIVELY for security audits, DevSecOps, or compliance implementation.
Expert in threat modeling methodologies, security architecture review, and risk assessment. Masters STRIDE, PASTA, attack trees, and security requirement extraction. Use PROACTIVELY for security architecture reviews, threat identification, or building secure-by-design systems.
Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders.
Configure Static Application Security Testing (SAST) tools for automated vulnerability detection in application code. Use when setting up security scanning, implementing DevSecOps practices, or automating code vulnerability detection.
Derive security requirements from threat models and business context. Use when translating threats into actionable requirements, creating security user stories, or building security test cases.
Apply STRIDE methodology to systematically identify threats. Use when analyzing system security, conducting threat modeling sessions, or creating security documentation.
Map identified threats to appropriate security controls and mitigations. Use when prioritizing security investments, creating remediation plans, or validating control effectiveness.
Uses power tools
Uses Bash, Write, or Edit tools
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
Production-ready agentic workflow building blocks: 92 plugins, 199 agents, 162 skills, 106 commands — built for Claude Code and consumed natively by OpenAI Codex CLI, Cursor, OpenCode, Gemini CLI, and GitHub Copilot from a single Markdown source.
[!NOTE] One source-of-truth (
plugins/), five harnesses. Each harness gets idiomatic, harness-native artifacts — not lowest-common-denominator translations. See docs/harnesses.md for the capability matrix.
Pick your harness:
/plugin marketplace add wshobson/agents
/plugin install python-development # or any of 92 plugins
→ Full Claude Code setup, troubleshooting, and plugin catalog
Codex and Cursor install natively from the committed registries (which point at the source plugins/):
npx codex-marketplace add wshobson/agents # Codex; then install individual plugins
# Cursor: add the marketplace, then `/plugin install <name>` (reads .cursor-plugin/ + source)
Gemini and OpenCode install via clone + generate (the transformed trees are gitignored):
gh repo clone wshobson/agents ~/agents && cd ~/agents
make generate HARNESS=gemini && gemini extensions install . # Gemini
make install-opencode # OpenCode (runs generate + symlinks)
Setup details and per-harness gotchas: docs/harnesses.md. Gemini-specific setup: GEMINI.md (also auto-loaded by Gemini CLI).
| Count | What it is | |
|---|---|---|
| Plugins | 92 | Granular, single-purpose installable units (88 local + 4 external via git-subdir) |
| Agents | 199 | Domain experts (architecture, languages, infra, security, data, ML, docs, business, SEO) |
| Skills | 162 | Modular knowledge packages with progressive disclosure (load when activated) |
| Commands | 106 | Slash commands: scaffolding, security scans, test gen, infrastructure setup |
| Orchestrators | 16 | Multi-agent coordination workflows (full-stack, security, ML, incident response) |
Browse the catalog: docs/plugins.md · docs/agents.md · docs/agent-skills.md
Each plugin is isolated and composable: agents, commands, and skills are auto-discovered from directory structure. Installing a plugin loads only its components into context — not the whole marketplace.
plugins/python-development/
├── .claude-plugin/plugin.json
├── agents/ # 3 Python agents (python-pro, django-pro, fastapi-pro)
├── commands/ # 1 scaffolding command
└── skills/ # 16 specialized skills (async, testing, packaging, …)
Tiered model strategy:
| Tier | Model | Use |
|---|---|---|
| 0 | Fable 5 | Longest-horizon autonomous work — large migrations, multi-hour runs (opt-in, premium cost) |
| 1 | Opus | Architecture, security, code review, production-critical |
| 2 | inherit | User-chosen — backend, frontend, AI/ML, specialized |
| 3 | Sonnet | Docs, testing, debugging, API references |
| 4 | Haiku | Fast operational tasks, SEO, deployment, content |
This marketplace ships to five agentic harnesses from one Markdown source. Each adapter emits harness-native artifacts (not lowest-common-denominator translations):
| Harness | Generates | Notes |
|---|---|---|
| Claude Code | (source-of-truth) | Native marketplace.json + plugins/ |
| Codex CLI | .agents/plugins/marketplace.json + plugins/*/.codex-plugin/plugin.json (committed); .codex/skills/, .codex/agents/ (gitignored) | 8 KB skill cap respected; commands → skills |
| Cursor | .cursor-plugin/, .cursor/rules/ | Thin marketplace + curated rules; reuses .claude/ |
| OpenCode | .opencode/agents/, .opencode/commands/, .opencode/skills/ | permission: block from tools: allowlist; OpenCode-safe skill names |
| Gemini CLI | skills/, agents/, commands/ (TOML) | Native skills + subagents (April 2026 spec) |
| Copilot | .copilot/agents/, .copilot/skills/, .copilot/commands/ | Markdown agent profiles + SKILL.md skills + commands-as-skills; model maps to native Claude models |
npx claudepluginhub p/dxas90-security-scanning-plugins-security-scanningDocumentation generation, code explanation, and technical writing with automated doc generation and tutorial creation
Interactive debugging, developer experience optimization, and smart debugging workflows
Error analysis, trace debugging, and multi-agent problem diagnosis
Performance analysis, test coverage review, and AI-powered code quality assessment
Git workflow automation, pull request enhancement, and team onboarding processes
Harness-native ECC operator layer - 64 agents, 262 skills, 84 legacy command shims, reusable hooks, rules, selective install profiles, and production-ready workflows for Claude Code, Codex, OpenCode, Cursor, and related agent harnesses
Comprehensive .NET development skills for modern C#, ASP.NET, MAUI, Blazor, Aspire, EF Core, Native AOT, testing, security, performance optimization, CI/CD, and cloud-native applications
Complete collection of battle-tested Claude Code configs from an Anthropic hackathon winner - agents, skills, hooks, and rules evolved over 10+ months of intensive daily use