insecure-defaults

Anvil Plugin Registry

A harness-agnostic registry that pulls skills, commands, agents, and hooks from the open-source ecosystem, catalogs them with compatibility metadata, and generates harness-specific outputs for Claude Code, Codex, and GitHub Copilot CLI.

How It Works

Upstream Repos                Neutral Catalog              Harness Outputs
(GitHub, Forgejo)             (catalog/)                   (generated/)
                                                          
  trailofbits/skills ──┐                                  ┌─ Claude Code
  garrytan/gstack ─────┤     ┌──────────────────┐         │   marketplace.json
  mattpocock/skills ───┤────>│  Package records  │────────>│   19 plugins
  conorbronsdon/* ─────┤     │  Portability class │        │
  ComposioHQ/* ────────┤     │  Risk assessment  │        ├─ Codex
  Internal repos ──────┘     │  Capability map   │────────>│   marketplace.json
                              └──────────────────┘         │   generated + syncable
                                                           ├─ Copilot CLI
                                                           │   skills/ + syncable
                                                           └─ (future harnesses)

1. Import -- Plugins and raw skills are pulled from upstream repositories, scanned with Semgrep, and mirrored byte-for-byte into plugins-claude/ (or plugins-codex/ / plugins-copilot/ for non-Claude-native skills).
2. Catalog -- Each package gets a neutral record in catalog/packages/ with portability classification, risk assessment, and compatibility findings.
3. Generate -- The catalog renders harness-specific output artifacts. Agnostic packages pass through unchanged. Adaptable packages get shallow transforms (tool name mapping, manifest rewriting, frontmatter normalization). Harness-specific packages are included only where they work natively.

Registry

Full Package List

Plugin	Version	Components	Source	Portability
ask-questions-if-underspecified	1.0.1	skill	trailofbits/skills	Agnostic
avoid-ai-writing	3.2.0	skill	conorbronsdon/avoid-ai-writing	Agnostic
careful	0.1.0	skill	garrytan/gstack	Harness-specific
claude-vis	0.1.0	skill, command, hooks	Internal	Harness-specific
devcontainer-setup	0.1.0	skill	trailofbits/skills	Harness-specific
differential-review	1.0.0	skill, command	trailofbits/skills	Harness-specific
file-organizer	0.1.0	skill	ComposioHQ/awesome-claude-skills	Agnostic
git-cleanup	1.0.0	skill	trailofbits/skills	Adaptable
grill-me	0.1.0	skill	mattpocock/skills	Agnostic
insecure-defaults	1.0.0	skill	trailofbits/skills	Adaptable
investigate	1.0.0	skill	garrytan/gstack	Harness-specific
modern-python	1.5.0	skill, hooks	trailofbits/skills	Harness-specific
office-hours	2.0.0	skill	garrytan/gstack	Harness-specific
review	1.0.0	skill	garrytan/gstack	Harness-specific
semgrep-rule-creator	1.2.0	skill, command	trailofbits/skills	Adaptable
ship	1.0.0	skill	garrytan/gstack	Harness-specific
variant-analysis	1.0.0	skill, command	trailofbits/skills	Adaptable
workflow-skill-design	1.0.1	skill, agent	trailofbits/skills	Adaptable
yt-transcript	0.1.0	skill	Internal	Adaptable

Harness Compatibility Matrix

Each package is classified by how well it travels between harnesses: