From 0a7db42e07109c722af337fe89c6b1801e8c0b37 Mon Sep 17 00:00:00 2001
From: zhongwei <zhongwei@example.com>
Date: Sat, 29 Nov 2025 09:37:36 +0800
Subject: [PATCH] Initial commit

---
 .claude-plugin/plugin.json                    | 17 +++++
 README.md                                     |  3 +
 plugin.lock.json                              | 61 +++++++++++++++++
 .../agents/anticheat-engineer.md              | 48 +++++++++++++
 .../agents/blue-team-tester.md                | 30 ++++++++
 .../agents/security-engineer.md               | 33 +++++++++
 .../commands/scan-memory.md                   | 23 +++++++
 .../skills/cheat-detection-patterns.md        | 68 +++++++++++++++++++
 8 files changed, 283 insertions(+)
 create mode 100644 .claude-plugin/plugin.json
 create mode 100644 README.md
 create mode 100644 plugin.lock.json
 create mode 100644 plugins/security-anticheat/agents/anticheat-engineer.md
 create mode 100644 plugins/security-anticheat/agents/blue-team-tester.md
 create mode 100644 plugins/security-anticheat/agents/security-engineer.md
 create mode 100644 plugins/security-anticheat/commands/scan-memory.md
 create mode 100644 plugins/security-anticheat/skills/cheat-detection-patterns.md

diff --git a/.claude-plugin/plugin.json b/.claude-plugin/plugin.json
new file mode 100644
index 0000000..af7b660
--- /dev/null
+++ b/.claude-plugin/plugin.json
@@ -0,0 +1,17 @@
+{
+  "name": "security-anticheat",
+  "description": "安全与反作弊 - 游戏安全/渗透测试",
+  "version": "1.0.0",
+  "author": "743175724",
+  "skills": [
+    "./plugins/security-anticheat/skills/cheat-detection-patterns.md"
+  ],
+  "agents": [
+    "./plugins/security-anticheat/agents/anticheat-engineer.md",
+    "./plugins/security-anticheat/agents/security-engineer.md",
+    "./plugins/security-anticheat/agents/blue-team-tester.md"
+  ],
+  "commands": [
+    "./plugins/security-anticheat/commands/scan-memory.md"
+  ]
+}
\ No newline at end of file
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..8a98eeb
--- /dev/null
+++ b/README.md
@@ -0,0 +1,3 @@
+# security-anticheat
+
+安全与反作弊 - 游戏安全/渗透测试
diff --git a/plugin.lock.json b/plugin.lock.json
new file mode 100644
index 0000000..243e6b8
--- /dev/null
+++ b/plugin.lock.json
@@ -0,0 +1,61 @@
+{
+  "$schema": "internal://schemas/plugin.lock.v1.json",
+  "pluginId": "gh:743175724/agents-project:plugins/security-anticheat",
+  "normalized": {
+    "repo": null,
+    "ref": "refs/tags/v20251128.0",
+    "commit": "549549241175bd9ce40408f4601f10ab58d5d200",
+    "treeHash": "ad1f21f7b1826d76b9d6477e5dba41b177382860d7e8abd552c7eab8e2a9e942",
+    "generatedAt": "2025-11-28T10:24:44.991773Z",
+    "toolVersion": "publish_plugins.py@0.2.0"
+  },
+  "origin": {
+    "remote": "git@github.com:zhongweili/42plugin-data.git",
+    "branch": "master",
+    "commit": "aa1497ed0949fd50e99e70d6324a29c5b34f9390",
+    "repoRoot": "/Users/zhongweili/projects/openmind/42plugin-data"
+  },
+  "manifest": {
+    "name": "security-anticheat",
+    "description": "安全与反作弊 - 游戏安全/渗透测试",
+    "version": "1.0.0"
+  },
+  "content": {
+    "files": [
+      {
+        "path": "README.md",
+        "sha256": "29755ee9d7281f6d4e8166d625784a0506edc6868db2411f3b89f5446c6c442c"
+      },
+      {
+        "path": "plugins/security-anticheat/agents/anticheat-engineer.md",
+        "sha256": "03393f0316e61a2ed0cf8db4bfb20686fc49e16f0619ad523ae3359d2dcdb9b2"
+      },
+      {
+        "path": "plugins/security-anticheat/agents/security-engineer.md",
+        "sha256": "aa5c96134ce68189677389e1b43e7fd3a9409a1b707001efdc9b07f6ceb9b527"
+      },
+      {
+        "path": "plugins/security-anticheat/agents/blue-team-tester.md",
+        "sha256": "237a7518ac152354974745ffd7a3287fd0e5634cd1ba72f86dcb4b77bec11554"
+      },
+      {
+        "path": "plugins/security-anticheat/commands/scan-memory.md",
+        "sha256": "89f7593a5ac61b0bf9bdd2f8ee2cff4f198d4af95645cd725e00f22fb0c43150"
+      },
+      {
+        "path": "plugins/security-anticheat/skills/cheat-detection-patterns.md",
+        "sha256": "e77fb87641ee32fef50bdcb1d594f5572545c59ab2c26b719bf7c1b4c3e8035a"
+      },
+      {
+        "path": ".claude-plugin/plugin.json",
+        "sha256": "b52c41dec8554005e2cce4eb3019f7b381360da4ffb603afe06877d80b746ef5"
+      }
+    ],
+    "dirSha256": "ad1f21f7b1826d76b9d6477e5dba41b177382860d7e8abd552c7eab8e2a9e942"
+  },
+  "security": {
+    "scannedAt": null,
+    "scannerVersion": null,
+    "flags": []
+  }
+}
\ No newline at end of file
diff --git a/plugins/security-anticheat/agents/anticheat-engineer.md b/plugins/security-anticheat/agents/anticheat-engineer.md
new file mode 100644
index 0000000..4cb5748
--- /dev/null
+++ b/plugins/security-anticheat/agents/anticheat-engineer.md
@@ -0,0 +1,48 @@
+---
+name: 反作弊工程师
+description: 反作弊系统设计
+category: security
+version: 1.0.0
+---
+
+# 反作弊工程师（Anti-Cheat Engineer）
+
+## 角色定位
+设计和实现游戏反作弊系统，检测和防御各类作弊行为。
+
+## 核心职责
+- 反作弊系统架构设计
+- 内存完整性检测
+- 进程和模块扫描
+- 行为分析和异常检测
+- 对抗分析（与作弊开发者攻防）
+
+## 核心技能
+- Windows内核编程
+- 反调试和反注入技术
+- 游戏引擎内部机制（UE/Unity）
+- 机器学习（异常检测）
+- 密码学（签名验证）
+
+## 关键技术
+
+### 检测技术
+1. **内存扫描**：特征码匹配、模式识别
+2. **完整性校验**：CRC32、MD5、SHA256
+3. **行为分析**：异常输入、超人反应
+4. **驱动层检测**：内核回调、SSDT Hook检测
+
+### 防护技术
+1. **代码混淆**：保护检测逻辑
+2. **反调试**：IsDebuggerPresent、PEB检测
+3. **反注入**：DLL白名单、模块验证
+4. **心跳验证**：服务器定期校验
+
+## 绩效指标
+- 作弊检测率 ≥95%
+- 误报率 <1%
+- 性能开销 <3%（CPU/内存）
+
+---
+**版本**：v1.0
+**最后更新**：2025-11-06
diff --git a/plugins/security-anticheat/agents/blue-team-tester.md b/plugins/security-anticheat/agents/blue-team-tester.md
new file mode 100644
index 0000000..d5d79cf
--- /dev/null
+++ b/plugins/security-anticheat/agents/blue-team-tester.md
@@ -0,0 +1,30 @@
+---
+name: 安全测试工程师
+description: 渗透测试、攻击模拟
+category: security
+version: 1.0.0
+---
+
+# 安全测试工程师（Blue Team）
+
+## 角色定位
+模拟攻击场景、验证安全防护有效性。
+
+## 核心职责
+- 渗透测试（授权）
+- 攻击模拟和红蓝对抗
+- 安全回归测试
+- 漏洞验证和复现
+
+## 核心技能
+- Metasploit / Burp Suite
+- Fuzzing技术
+- Exploit开发基础
+- 攻击向量分析
+
+## 绩效指标
+- 漏洞发现率 ≥90%
+- 修复验证完整性 =100%
+
+---
+**版本**：v1.0
diff --git a/plugins/security-anticheat/agents/security-engineer.md b/plugins/security-anticheat/agents/security-engineer.md
new file mode 100644
index 0000000..271b227
--- /dev/null
+++ b/plugins/security-anticheat/agents/security-engineer.md
@@ -0,0 +1,33 @@
+---
+name: 安全工程师
+description: 安全架构、漏洞防护
+category: security
+version: 1.0.0
+---
+
+# 安全工程师（Security Engineer）
+
+## 角色定位
+负责系统安全设计、漏洞防护和安全合规。
+
+## 核心职责
+- 威胁建模和风险评估
+- 安全架构设计
+- 漏洞扫描和修复
+- 代码安全审计
+- 加密和签名实现
+
+## 核心技能
+- OWASP Top 10
+- 内存安全（缓冲区溢出、UAF）
+- 密码学（AES、RSA、SHA）
+- 代码签名和证书管理
+- 渗透测试
+
+## 绩效指标
+- 严重漏洞数 =0
+- 安全扫描覆盖率 =100%
+- 代码签名合规率 =100%
+
+---
+**版本**：v1.0
diff --git a/plugins/security-anticheat/commands/scan-memory.md b/plugins/security-anticheat/commands/scan-memory.md
new file mode 100644
index 0000000..91d60f0
--- /dev/null
+++ b/plugins/security-anticheat/commands/scan-memory.md
@@ -0,0 +1,23 @@
+---
+description: Scan process memory for suspicious patterns
+---
+
+# Scan Memory Command
+
+Scan target process memory for cheat signatures.
+
+## Implementation
+```cpp
+void ScanMemory(HANDLE hProcess) {
+    MEMORY_BASIC_INFORMATION mbi;
+    LPVOID addr = 0;
+
+    while (VirtualQueryEx(hProcess, addr, &mbi, sizeof(mbi))) {
+        if (mbi.State == MEM_COMMIT && mbi.Protect == PAGE_EXECUTE_READWRITE) {
+            // Suspicious RWX page
+            CheckSignatures(hProcess, mbi.BaseAddress, mbi.RegionSize);
+        }
+        addr = (LPBYTE)addr + mbi.RegionSize;
+    }
+}
+```
diff --git a/plugins/security-anticheat/skills/cheat-detection-patterns.md b/plugins/security-anticheat/skills/cheat-detection-patterns.md
new file mode 100644
index 0000000..788cf60
--- /dev/null
+++ b/plugins/security-anticheat/skills/cheat-detection-patterns.md
@@ -0,0 +1,68 @@
+---
+name: 作弊检测模式
+description: 作弊类型识别和防护方法
+version: 1.0.0
+---
+
+# Cheat Detection Patterns
+
+## Common Cheat Types
+
+### 1. Memory Editing
+Detection: CRC32/MD5 checksums on critical data
+```cpp
+struct PlayerData {
+    int health;
+    int ammo;
+    uint32_t checksum;
+
+    void UpdateChecksum() {
+        checksum = CalculateCRC32(&health, offsetof(PlayerData, checksum));
+    }
+
+    bool Validate() {
+        uint32_t expected = CalculateCRC32(&health, offsetof(PlayerData, checksum));
+        return expected == checksum;
+    }
+};
+```
+
+### 2. Speed Hacks
+Detection: Server-side timestamp validation
+```cpp
+bool ValidateMovement(Vector3 oldPos, Vector3 newPos, float deltaTime) {
+    float distance = Vector3::Distance(oldPos, newPos);
+    float maxDistance = MAX_SPEED * deltaTime * 1.1f; // 10% tolerance
+    return distance <= maxDistance;
+}
+```
+
+### 3. Wallhacks / ESP
+Detection: Visibility checks, rendering monitoring
+```cpp
+// Server: Only send data for visible entities
+if (!IsVisibleFrom(player.position, entity.position)) {
+    continue; // Don't send this entity to client
+}
+```
+
+### 4. Aimbot
+Detection: Statistical analysis
+```cpp
+struct AimStats {
+    int headshots;
+    int totalShots;
+    float avgReactionTime;
+
+    bool IsSuspicious() {
+        float headshotRatio = (float)headshots / totalShots;
+        return headshotRatio > 0.7f || avgReactionTime < 50.0f; // ms
+    }
+};
+```
+
+## Defense Layers
+1. Client-side: Basic checks (easily bypassed)
+2. Driver-level: Memory protection, process monitoring
+3. Server-side: Authoritative game state
+4. Behavioral: ML-based anomaly detection