Stats
Actions
Tags
'%20stop-opacity%3D'0.16'%2F%3E%3Cstop%20offset%3D'1'%20stop-color%3D'rgb(200%2C90%2C60)'%20stop-opacity%3D'0.03'%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Crect%20width%3D'320'%20height%3D'200'%20fill%3D'url(%23g)'%2F%3E%3Ccircle%20cx%3D'250'%20cy%3D'56'%20r%3D'92'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.06'%2F%3E%3Ccircle%20cx%3D'64'%20cy%3D'172'%20r%3D'58'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.05'%2F%3E%3C%2Fsvg%3E)
Proactive attack-path engine. The chain-finder agent SEARCHES for ordered entry→…→asset attack paths where each step is enabled by a finding — composing even sub-threshold (candidate/lead) primitives into a critical chain — using the threat-model assets, attacker-reachable entry points, and the reachability graph. Records each path (ordered narrative + member fingerprints) in .kuzushi/chains.json and attaches a `chains` ref onto each member (status unchanged). Needs ≥2 live findings.
How this skill is triggered — by the user, by Claude, or both
Slash command
/kuzushi-security-plugin:chainchain-finderThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Findings are triaged independently; the highest-impact issues are often a *path* assembled from
Findings are triaged independently; the highest-impact issues are often a path assembled from
individually-unremarkable bugs (a low info-leak + a medium auth gap + a candidate SSRF ⇒ critical
RCE). This searches for those paths — it doesn't just restate confirmed findings. Requires ≥2
live findings in .kuzushi/findings.json (run the hunts first); richer with a threat model +
code-graph built (they supply the assets + reachability the search keys off).
node "${CLAUDE_PLUGIN_ROOT}/scripts/cmd/chain-prepare.mjs" --target "<repo root>". If
there are fewer than 2 live findings, tell the user to run more hunts and stop. Read prepPath —
it carries the findings (incl. sub-threshold leads), the crown-jewel context.assets, the
attacker-reachable context.entryPoints, and a context.reachability summary.fingerprint verbatim. Write { chains: [...] } (with kind/entryPoint/asset)
to draftPath. If nothing genuinely composes, write { "chains": [] } — don't force a chain.assembleCommand (finalize). It validates each chain (≥2 real members, ordered
narrative ≥120 chars), escalates severity to at least the max member's (composed impact is
never under-reported), writes .kuzushi/chains.json, and attaches a chains ref onto each
member (status unchanged). Report the paths highest-impact first; /report renders them./sweep / /threat-hunt / /taint-analysis first.npx claudepluginhub allsmog/kuzushi-security-plugin --plugin kuzushi-security-pluginBlocks Edit/Write/Bash actions until Claude investigates importers, data schemas, and user instructions. Improves output quality by forcing concrete facts before edits.