Initial commit

2025-11-30 08:22:30 +08:00
commit 9e2521942a
8 changed files with 161 additions and 0 deletions
--- a/.claude-plugin/plugin.json
+++ b/.claude-plugin/plugin.json
@@ -0,0 +1,15 @@
+{
+  "name": "security-headers-analyzer",
+  "description": "Analyze HTTP security headers",
+  "version": "1.0.0",
+  "author": {
+    "name": "Jeremy Longshore",
+    "email": "[email protected]"
+  },
+  "skills": [
+    "./skills"
+  ],
+  "commands": [
+    "./commands"
+  ]
+}
--- a/README.md
+++ b/README.md
@@ -0,0 +1,3 @@
+# security-headers-analyzer
+
+Analyze HTTP security headers
--- a/commands/analyze-headers.md
+++ b/commands/analyze-headers.md
@@ -0,0 +1,8 @@
+---
+description: DESCRIPTION_PLACEHOLDER
+shortcut: SHORTCUT_PLACEHOLDER
+---
+
+# TITLE_PLACEHOLDER
+
+CONTENT_PLACEHOLDER
--- a/plugin.lock.json
+++ b/plugin.lock.json
@@ -0,0 +1,61 @@
+{
+  "$schema": "internal://schemas/plugin.lock.v1.json",
+  "pluginId": "gh:jeremylongshore/claude-code-plugins-plus:plugins/security/security-headers-analyzer",
+  "normalized": {
+    "repo": null,
+    "ref": "refs/tags/v20251128.0",
+    "commit": "e5b3f5307ac64ab0b2bb0f1a39d1119807ff61ca",
+    "treeHash": "00badc403265401d8671e0ffa974eea91dda7999d6061392042b57982c83caca",
+    "generatedAt": "2025-11-28T10:18:43.973714Z",
+    "toolVersion": "publish_plugins.py@0.2.0"
+  },
+  "origin": {
+    "remote": "git@github.com:zhongweili/42plugin-data.git",
+    "branch": "master",
+    "commit": "aa1497ed0949fd50e99e70d6324a29c5b34f9390",
+    "repoRoot": "/Users/zhongweili/projects/openmind/42plugin-data"
+  },
+  "manifest": {
+    "name": "security-headers-analyzer",
+    "description": "Analyze HTTP security headers",
+    "version": "1.0.0"
+  },
+  "content": {
+    "files": [
+      {
+        "path": "README.md",
+        "sha256": "2b89fbf12ac3f06b0357f39663f077af35ab8ed7017e6950a4186733b91fc6b7"
+      },
+      {
+        "path": ".claude-plugin/plugin.json",
+        "sha256": "4a22fee88f3983faaa56f775dfebcd285c1c814986e1153cd490dc3ea04d303c"
+      },
+      {
+        "path": "commands/analyze-headers.md",
+        "sha256": "26981dafecd0bda9d89082c091325c9fdc3ac197318243e952dde0b1a38f4088"
+      },
+      {
+        "path": "skills/security-headers-analyzer/SKILL.md",
+        "sha256": "1e02d794ee6cbe635ef67cfad45ce107d9d5ee74d1ac5d5764da07583fef3c58"
+      },
+      {
+        "path": "skills/security-headers-analyzer/references/README.md",
+        "sha256": "7fdf04ee59adb18ae079cf16f42ce8702da29136cdfa3b7dfec198fb6746e057"
+      },
+      {
+        "path": "skills/security-headers-analyzer/scripts/README.md",
+        "sha256": "29dc77733b37eafc174f3c6d7c697ca9822f93c5adf7a63c1ad7adb09e4f04cd"
+      },
+      {
+        "path": "skills/security-headers-analyzer/assets/README.md",
+        "sha256": "3eef374be971d3b7b5bcfaffbeb6837f2400168e01549b2664624c6de2c26c43"
+      }
+    ],
+    "dirSha256": "00badc403265401d8671e0ffa974eea91dda7999d6061392042b57982c83caca"
+  },
+  "security": {
+    "scannedAt": null,
+    "scannerVersion": null,
+    "flags": []
+  }
+}
--- a/skills/security-headers-analyzer/SKILL.md
+++ b/skills/security-headers-analyzer/SKILL.md
@@ -0,0 +1,55 @@
+---
+name: analyzing-security-headers
+description: |
+  This skill analyzes HTTP security headers of a given domain to identify potential vulnerabilities and misconfigurations. It provides a detailed report with a grade, score, and recommendations for improvement. Use this skill when the user asks to "analyze security headers", "check HTTP security", "scan for security vulnerabilities", or requests a "security audit" of a website. It will automatically activate when security-related keywords are used in conjunction with domain names or URLs.
+allowed-tools: Read, WebFetch, WebSearch, Grep
+version: 1.0.0
+---
+
+## Overview
+
+This skill allows Claude to automatically analyze a website's HTTP security headers and provide a comprehensive report. It identifies missing or misconfigured headers and offers actionable recommendations to improve security posture.
+
+## How It Works
+
+1. **Receives URL**: Claude receives a URL or domain name from the user.
+2. **Analyzes Headers**: The plugin fetches the HTTP headers from the specified URL and analyzes them against security best practices.
+3. **Generates Report**: The plugin generates a detailed report, including a security grade, score, and specific recommendations for missing or misconfigured headers.
+
+## When to Use This Skill
+
+This skill activates when you need to:
+- Analyze the security posture of a website.
+- Identify missing or misconfigured HTTP security headers.
+- Get recommendations for improving website security.
+- Audit a website for compliance with security best practices.
+
+## Examples
+
+### Example 1: Security Audit
+
+User request: "Analyze the security headers for example.com"
+
+The skill will:
+1. Fetch the HTTP headers from example.com.
+2. Analyze the headers for common security vulnerabilities.
+3. Generate a report outlining the security grade, score, and any identified issues with recommendations.
+
+### Example 2: Quick Security Check
+
+User request: "Check HTTP security for mywebsite.net"
+
+The skill will:
+1. Fetch the HTTP headers from mywebsite.net.
+2. Analyze the headers for common security vulnerabilities.
+3. Generate a report outlining the security grade, score, and any identified issues with recommendations.
+
+## Best Practices
+
+- **Prioritize HSTS**: Ensure HSTS is properly configured to prevent downgrade attacks.
+- **Implement CSP**: Start with a strict Content Security Policy to mitigate XSS vulnerabilities.
+- **Regularly Scan**: Schedule regular scans to identify new vulnerabilities and misconfigurations.
+
+## Integration
+
+This skill can be used in conjunction with other security plugins to provide a more comprehensive security assessment. For example, it can be paired with a vulnerability scanner to identify both header-related and code-level vulnerabilities.
--- a/skills/security-headers-analyzer/assets/README.md
+++ b/skills/security-headers-analyzer/assets/README.md
@@ -0,0 +1,6 @@
+# Assets
+
+Bundled resources for security-headers-analyzer skill
+
+- [ ] report_template.md: Markdown template for generating the security header analysis report.
+- [ ] example_report.md: Example of a generated security header analysis report.
--- a/skills/security-headers-analyzer/references/README.md
+++ b/skills/security-headers-analyzer/references/README.md
@@ -0,0 +1,7 @@
+# References
+
+Bundled resources for security-headers-analyzer skill
+
+- [ ] security_headers_explained.md: Detailed explanation of each security header, its purpose, and recommended configurations.
+- [ ] owasp_recommendations.md: OWASP recommendations for HTTP security headers.
+- [ ] csp_directives.md: Comprehensive guide to Content-Security-Policy directives.
--- a/skills/security-headers-analyzer/scripts/README.md
+++ b/skills/security-headers-analyzer/scripts/README.md
@@ -0,0 +1,6 @@
+# Scripts
+
+Bundled resources for security-headers-analyzer skill
+
+- [ ] analyze_headers.py: Script to perform the security header analysis using libraries like requests and beautifulsoup4.
+- [ ] generate_report.py: Script to generate a detailed report from the analysis results in markdown format.