commit 9e2521942a000120c6685003861f83a524d03d76 Author: Zhongwei Li Date: Sun Nov 30 08:22:30 2025 +0800 Initial commit diff --git a/.claude-plugin/plugin.json b/.claude-plugin/plugin.json new file mode 100644 index 0000000..d85c2d9 --- /dev/null +++ b/.claude-plugin/plugin.json @@ -0,0 +1,15 @@ +{ + "name": "security-headers-analyzer", + "description": "Analyze HTTP security headers", + "version": "1.0.0", + "author": { + "name": "Jeremy Longshore", + "email": "[email protected]" + }, + "skills": [ + "./skills" + ], + "commands": [ + "./commands" + ] +} \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..19544b9 --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +# security-headers-analyzer + +Analyze HTTP security headers diff --git a/commands/analyze-headers.md b/commands/analyze-headers.md new file mode 100644 index 0000000..205880e --- /dev/null +++ b/commands/analyze-headers.md @@ -0,0 +1,8 @@ +--- +description: DESCRIPTION_PLACEHOLDER +shortcut: SHORTCUT_PLACEHOLDER +--- + +# TITLE_PLACEHOLDER + +CONTENT_PLACEHOLDER diff --git a/plugin.lock.json b/plugin.lock.json new file mode 100644 index 0000000..ac71d23 --- /dev/null +++ b/plugin.lock.json @@ -0,0 +1,61 @@ +{ + "$schema": "internal://schemas/plugin.lock.v1.json", + "pluginId": "gh:jeremylongshore/claude-code-plugins-plus:plugins/security/security-headers-analyzer", + "normalized": { + "repo": null, + "ref": "refs/tags/v20251128.0", + "commit": "e5b3f5307ac64ab0b2bb0f1a39d1119807ff61ca", + "treeHash": "00badc403265401d8671e0ffa974eea91dda7999d6061392042b57982c83caca", + "generatedAt": "2025-11-28T10:18:43.973714Z", + "toolVersion": "publish_plugins.py@0.2.0" + }, + "origin": { + "remote": "git@github.com:zhongweili/42plugin-data.git", + "branch": "master", + "commit": "aa1497ed0949fd50e99e70d6324a29c5b34f9390", + "repoRoot": "/Users/zhongweili/projects/openmind/42plugin-data" + }, + "manifest": { + "name": "security-headers-analyzer", + "description": "Analyze HTTP security headers", + "version": "1.0.0" + }, + "content": { + "files": [ + { + "path": "README.md", + "sha256": "2b89fbf12ac3f06b0357f39663f077af35ab8ed7017e6950a4186733b91fc6b7" + }, + { + "path": ".claude-plugin/plugin.json", + "sha256": "4a22fee88f3983faaa56f775dfebcd285c1c814986e1153cd490dc3ea04d303c" + }, + { + "path": "commands/analyze-headers.md", + "sha256": "26981dafecd0bda9d89082c091325c9fdc3ac197318243e952dde0b1a38f4088" + }, + { + "path": "skills/security-headers-analyzer/SKILL.md", + "sha256": "1e02d794ee6cbe635ef67cfad45ce107d9d5ee74d1ac5d5764da07583fef3c58" + }, + { + "path": "skills/security-headers-analyzer/references/README.md", + "sha256": "7fdf04ee59adb18ae079cf16f42ce8702da29136cdfa3b7dfec198fb6746e057" + }, + { + "path": "skills/security-headers-analyzer/scripts/README.md", + "sha256": "29dc77733b37eafc174f3c6d7c697ca9822f93c5adf7a63c1ad7adb09e4f04cd" + }, + { + "path": "skills/security-headers-analyzer/assets/README.md", + "sha256": "3eef374be971d3b7b5bcfaffbeb6837f2400168e01549b2664624c6de2c26c43" + } + ], + "dirSha256": "00badc403265401d8671e0ffa974eea91dda7999d6061392042b57982c83caca" + }, + "security": { + "scannedAt": null, + "scannerVersion": null, + "flags": [] + } +} \ No newline at end of file diff --git a/skills/security-headers-analyzer/SKILL.md b/skills/security-headers-analyzer/SKILL.md new file mode 100644 index 0000000..b9745ae --- /dev/null +++ b/skills/security-headers-analyzer/SKILL.md @@ -0,0 +1,55 @@ +--- +name: analyzing-security-headers +description: | + This skill analyzes HTTP security headers of a given domain to identify potential vulnerabilities and misconfigurations. It provides a detailed report with a grade, score, and recommendations for improvement. Use this skill when the user asks to "analyze security headers", "check HTTP security", "scan for security vulnerabilities", or requests a "security audit" of a website. It will automatically activate when security-related keywords are used in conjunction with domain names or URLs. +allowed-tools: Read, WebFetch, WebSearch, Grep +version: 1.0.0 +--- + +## Overview + +This skill allows Claude to automatically analyze a website's HTTP security headers and provide a comprehensive report. It identifies missing or misconfigured headers and offers actionable recommendations to improve security posture. + +## How It Works + +1. **Receives URL**: Claude receives a URL or domain name from the user. +2. **Analyzes Headers**: The plugin fetches the HTTP headers from the specified URL and analyzes them against security best practices. +3. **Generates Report**: The plugin generates a detailed report, including a security grade, score, and specific recommendations for missing or misconfigured headers. + +## When to Use This Skill + +This skill activates when you need to: +- Analyze the security posture of a website. +- Identify missing or misconfigured HTTP security headers. +- Get recommendations for improving website security. +- Audit a website for compliance with security best practices. + +## Examples + +### Example 1: Security Audit + +User request: "Analyze the security headers for example.com" + +The skill will: +1. Fetch the HTTP headers from example.com. +2. Analyze the headers for common security vulnerabilities. +3. Generate a report outlining the security grade, score, and any identified issues with recommendations. + +### Example 2: Quick Security Check + +User request: "Check HTTP security for mywebsite.net" + +The skill will: +1. Fetch the HTTP headers from mywebsite.net. +2. Analyze the headers for common security vulnerabilities. +3. Generate a report outlining the security grade, score, and any identified issues with recommendations. + +## Best Practices + +- **Prioritize HSTS**: Ensure HSTS is properly configured to prevent downgrade attacks. +- **Implement CSP**: Start with a strict Content Security Policy to mitigate XSS vulnerabilities. +- **Regularly Scan**: Schedule regular scans to identify new vulnerabilities and misconfigurations. + +## Integration + +This skill can be used in conjunction with other security plugins to provide a more comprehensive security assessment. For example, it can be paired with a vulnerability scanner to identify both header-related and code-level vulnerabilities. \ No newline at end of file diff --git a/skills/security-headers-analyzer/assets/README.md b/skills/security-headers-analyzer/assets/README.md new file mode 100644 index 0000000..ebdbe0d --- /dev/null +++ b/skills/security-headers-analyzer/assets/README.md @@ -0,0 +1,6 @@ +# Assets + +Bundled resources for security-headers-analyzer skill + +- [ ] report_template.md: Markdown template for generating the security header analysis report. +- [ ] example_report.md: Example of a generated security header analysis report. diff --git a/skills/security-headers-analyzer/references/README.md b/skills/security-headers-analyzer/references/README.md new file mode 100644 index 0000000..276abd3 --- /dev/null +++ b/skills/security-headers-analyzer/references/README.md @@ -0,0 +1,7 @@ +# References + +Bundled resources for security-headers-analyzer skill + +- [ ] security_headers_explained.md: Detailed explanation of each security header, its purpose, and recommended configurations. +- [ ] owasp_recommendations.md: OWASP recommendations for HTTP security headers. +- [ ] csp_directives.md: Comprehensive guide to Content-Security-Policy directives. diff --git a/skills/security-headers-analyzer/scripts/README.md b/skills/security-headers-analyzer/scripts/README.md new file mode 100644 index 0000000..0431ed0 --- /dev/null +++ b/skills/security-headers-analyzer/scripts/README.md @@ -0,0 +1,6 @@ +# Scripts + +Bundled resources for security-headers-analyzer skill + +- [ ] analyze_headers.py: Script to perform the security header analysis using libraries like requests and beautifulsoup4. +- [ ] generate_report.py: Script to generate a detailed report from the analysis results in markdown format.