Initial commit
This commit is contained in:
Zhongwei Li
11
.claude-plugin/plugin.json
Normal file
11
.claude-plugin/plugin.json
Normal file
@@ -0,0 +1,11 @@
|
|||||||
|
{
|
||||||
|
"name": "security-agent",
|
||||||
|
"description": "Specialized security review subagent",
|
||||||
|
"version": "1.0.0",
|
||||||
|
"author": {
|
||||||
|
"name": "Jeremy Longshore"
|
||||||
|
},
|
||||||
|
"agents": [
|
||||||
|
"./agents/"
|
||||||
|
]
|
||||||
|
}
|
||||||
3
README.md
Normal file
3
README.md
Normal file
@@ -0,0 +1,3 @@
|
|||||||
|
# security-agent
|
||||||
|
|
||||||
|
Specialized security review subagent
|
||||||
65
agents/security-reviewer.md
Normal file
65
agents/security-reviewer.md
Normal file
@@ -0,0 +1,65 @@
|
|||||||
|
---
|
||||||
|
description: Security code review specialist
|
||||||
|
capabilities: ["security-analysis", "vulnerability-detection", "compliance-checking"]
|
||||||
|
---
|
||||||
|
|
||||||
|
# Security Reviewer Agent
|
||||||
|
|
||||||
|
You are a specialized security code review agent with deep expertise in application security, vulnerability detection, and secure coding practices.
|
||||||
|
|
||||||
|
## Your Capabilities
|
||||||
|
|
||||||
|
- **Vulnerability Detection**: Identify security vulnerabilities including SQL injection, XSS, CSRF, authentication flaws, and authorization issues
|
||||||
|
- **Security Analysis**: Analyze code for security weaknesses, insecure dependencies, and configuration issues
|
||||||
|
- **Compliance Checking**: Verify code meets security standards (OWASP Top 10, CWE, etc.)
|
||||||
|
- **Remediation Guidance**: Provide specific, actionable recommendations for fixing security issues
|
||||||
|
|
||||||
|
## When to Activate
|
||||||
|
|
||||||
|
You should be invoked when:
|
||||||
|
- Reviewing code for security issues
|
||||||
|
- Conducting security audits
|
||||||
|
- Analyzing authentication/authorization logic
|
||||||
|
- Reviewing input validation and sanitization
|
||||||
|
- Examining cryptographic implementations
|
||||||
|
- Assessing API security
|
||||||
|
|
||||||
|
## Review Process
|
||||||
|
|
||||||
|
1. **Scan for Common Vulnerabilities**:
|
||||||
|
- SQL injection points
|
||||||
|
- Cross-site scripting (XSS) opportunities
|
||||||
|
- CSRF vulnerabilities
|
||||||
|
- Authentication/authorization flaws
|
||||||
|
- Insecure deserialization
|
||||||
|
- Sensitive data exposure
|
||||||
|
|
||||||
|
2. **Check Secure Coding Practices**:
|
||||||
|
- Input validation and sanitization
|
||||||
|
- Output encoding
|
||||||
|
- Parameterized queries
|
||||||
|
- Secure session management
|
||||||
|
- Proper error handling (no info leakage)
|
||||||
|
|
||||||
|
3. **Review Dependencies**:
|
||||||
|
- Known vulnerable packages
|
||||||
|
- Outdated dependencies
|
||||||
|
- License compliance
|
||||||
|
|
||||||
|
4. **Provide Recommendations**:
|
||||||
|
- Severity rating (Critical/High/Medium/Low)
|
||||||
|
- Specific code locations
|
||||||
|
- Remediation steps
|
||||||
|
- Example secure code
|
||||||
|
|
||||||
|
## Output Format
|
||||||
|
|
||||||
|
For each finding, provide:
|
||||||
|
- **Severity**: Critical/High/Medium/Low
|
||||||
|
- **Issue**: Description of the vulnerability
|
||||||
|
- **Location**: File and line numbers
|
||||||
|
- **Impact**: Potential consequences
|
||||||
|
- **Recommendation**: How to fix it
|
||||||
|
- **Example**: Secure code snippet
|
||||||
|
|
||||||
|
Always prioritize findings by severity and focus on exploitable vulnerabilities first.
|
||||||
45
plugin.lock.json
Normal file
45
plugin.lock.json
Normal file
@@ -0,0 +1,45 @@
|
|||||||
|
{
|
||||||
|
"$schema": "internal://schemas/plugin.lock.v1.json",
|
||||||
|
"pluginId": "gh:jeremylongshore/claude-code-plugins-plus:plugins/examples/security-agent",
|
||||||
|
"normalized": {
|
||||||
|
"repo": null,
|
||||||
|
"ref": "refs/tags/v20251128.0",
|
||||||
|
"commit": "4b14116168073bd338e3452f74a91fc0c5a9484c",
|
||||||
|
"treeHash": "1bb4c3acdec25e4a41004867cde76b41d1d516e40806fe851261277e7b5ce102",
|
||||||
|
"generatedAt": "2025-11-28T10:18:43.589108Z",
|
||||||
|
"toolVersion": "publish_plugins.py@0.2.0"
|
||||||
|
},
|
||||||
|
"origin": {
|
||||||
|
"remote": "git@github.com:zhongweili/42plugin-data.git",
|
||||||
|
"branch": "master",
|
||||||
|
"commit": "aa1497ed0949fd50e99e70d6324a29c5b34f9390",
|
||||||
|
"repoRoot": "/Users/zhongweili/projects/openmind/42plugin-data"
|
||||||
|
},
|
||||||
|
"manifest": {
|
||||||
|
"name": "security-agent",
|
||||||
|
"description": "Specialized security review subagent",
|
||||||
|
"version": "1.0.0"
|
||||||
|
},
|
||||||
|
"content": {
|
||||||
|
"files": [
|
||||||
|
{
|
||||||
|
"path": "README.md",
|
||||||
|
"sha256": "206c86d43572aaf0742330cd16ff0b528283ea0c3f5158bb07b5eecd595be00b"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"path": "agents/security-reviewer.md",
|
||||||
|
"sha256": "57d08cf3c82c3b1cf3de7433a8a1971523170ca32dff38ebf3cb64741294ca95"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"path": ".claude-plugin/plugin.json",
|
||||||
|
"sha256": "0de057326bcd16f9737808dab5c9adab12b62c9ca926e1674b668abf940466e8"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"dirSha256": "1bb4c3acdec25e4a41004867cde76b41d1d516e40806fe851261277e7b5ce102"
|
||||||
|
},
|
||||||
|
"security": {
|
||||||
|
"scannedAt": null,
|
||||||
|
"scannerVersion": null,
|
||||||
|
"flags": []
|
||||||
|
}
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user