All Use Cases

Claude Code setups for security

Scan for vulnerabilities, block leaked secrets, guard against prompt injection, and audit dependencies. Defensive configurations across skills, hooks, agents, and the permission system — including the built-in /security-review slash command.

283 items across skills, agents, plugins, MCP servers, prompts, hooks, and guides.

Example prompts

Concrete things you can type into Claude Code for security. Each example uses a real skill, agent, slash command, hook, or MCP server listed below.

  1. Audit the current branch for vulnerabilities
    /security-review
  2. Block accidental secret commits
    Enable the env-leak-detector and prompt-injection-defense hooks so .env values and untrusted instructions are blocked at the tool layer.
  3. Lock down which shell commands Claude can run
    Add a deny rule for `rm -rf`, `curl | sh`, and any psql against prod in .claude/settings.json.
  4. Triage a CVE in a dependency
    Use the deps-audit skill to evaluate the latest GHSA advisory against package.json and write a remediation plan.

Skills (92)

Browse all skills
Dependency Audit
Audit project dependencies for security vulnerabilities, outdated packages, and license compliance
dependenciessecurityauditnpm+1
Security Audit
Run a comprehensive security audit covering OWASP Top 10, dependency vulnerabilities, secrets detection, and code injection risks
securityauditowaspvulnerabilities+1
Ciso Advisor
Security leadership for growth-stage companies. Risk quantification in dollars, compliance roadmap (SOC 2/ISO 27001/HIPAA/GDPR), security architecture strategy, incident response leadership, and board-level security reporting. Use when building security programs, justifying secu…
rustsecurity
Google Workspace Cli
Google Workspace administration via the gws CLI. Install, authenticate, and automate Gmail, Drive, Sheets, Calendar, Docs, Chat, and Tasks. Run security audits, execute 43 built-in recipes, and use 10 persona bundles. Use for Google Workspace admin, gws CLI setup, Gmail automati…
gosecurityautomationai
Ai Security
Use when assessing AI/ML systems for prompt injection, jailbreak vulnerabilities, model inversion risk, data poisoning exposure, or agent tool abuse. Covers MITRE ATLAS technique mapping, injection signature detection, and adversarial robustness scoring.
securityaiagent
Cloud Security
Use when assessing cloud infrastructure for security misconfigurations, IAM privilege escalation paths, S3 public exposure, open security group rules, or IaC security gaps. Covers AWS, Azure, and GCP posture assessment with MITRE ATT&CK mapping.
awsgcpazuresecurity
Engineering Skills
23 engineering agent skills and plugins for Claude Code, Codex, Gemini CLI, Cursor, OpenClaw, and 6 more tools. Architecture, frontend, backend, QA, DevOps, security, AI/ML, data engineering, Playwright, Stripe, AWS, MS365. 30+ Python tools (stdlib-only).
pythonawssecurityai+1
Incident Response
Use when a security incident has been detected or declared and needs classification, triage, escalation path determination, and forensic evidence collection. Covers SEV1-SEV4 classification, false positive filtering, incident taxonomy, and NIST SP 800-61 lifecycle.
security
Ms365 Tenant Manager
Microsoft 365 tenant administration for Global Administrators. Automate M365 tenant setup, Office 365 admin tasks, Azure AD user management, Exchange Online configuration, Teams administration, and security policies. Generate PowerShell scripts for bulk operations, Conditional A…
azuresecurityautomation
Red Team
Use when planning or executing authorized red team engagements, attack path analysis, or offensive security simulations. Covers MITRE ATT&CK kill-chain planning, technique scoring, choke point identification, OPSEC risk assessment, and crown jewel targeting.
securityai
Security Pen Testing
Use when the user asks to perform security audits, penetration testing, vulnerability scanning, OWASP Top 10 checks, or offensive security assessments. Covers static analysis, dependency scanning, secret detection, API security testing, and pen test report generation.
securitytestingapi
Senior Backend
Designs and implements backend systems including REST APIs, microservices, database architectures, authentication flows, and security hardening. Use when the user asks to "design REST APIs", "optimize database queries", "implement authentication", "build microservices", "review …
nodepostgressecurityapi+2
Senior Fullstack
Fullstack development toolkit with project scaffolding for Next.js, FastAPI, MERN, and Django stacks, code quality analysis with security and complexity scoring, and stack selection guidance. Use when the user asks to "scaffold a new project", "create a Next.js app", "set up Fas…
goreactdjangosecurity+1
Senior Secops
Senior SecOps engineer skill for application security, vulnerability management, compliance verification, and secure development practices. Runs SAST/DAST scans, generates CVE remediation plans, checks dependency vulnerabilities, creates security policies, enforces secure coding…
securityai
Senior Security
Security engineering toolkit for threat modeling, vulnerability analysis, secure architecture, and penetration testing. Includes STRIDE analysis, OWASP guidance, cryptography patterns, and security scanning tools. Use when the user asks about security reviews, threat analysis, v…
securitytesting
Tech Stack Evaluator
Technology stack evaluation and comparison with TCO analysis, security assessment, and ecosystem health scoring. Use when comparing frameworks, evaluating technology stacks, calculating total cost of ownership, assessing migration paths, or analyzing ecosystem viability.
security
Docker Development
Docker and container development agent skill and plugin for Dockerfile optimization, docker-compose orchestration, multi-stage builds, and container security hardening. Use when: user wants to optimize a Dockerfile, create or improve docker-compose configurations, implement mult…
dockersecurityperformanceai+1
Helm Chart Builder
Helm chart development agent skill and plugin for Claude Code, Codex, Gemini CLI, Cursor, OpenClaw — chart scaffolding, values design, template patterns, dependency management, security hardening, and chart testing. Use when: user wants to create or improve Helm charts, design v…
securitytestingagent
Engineering Advanced Skills
25 advanced engineering agent skills and plugins for Claude Code, Codex, Gemini CLI, Cursor, OpenClaw. Agent design, RAG, MCP servers, CI/CD, database design, observability, security auditing, release management, platform ops.
securityragagent
Pr Review Expert
Use when the user asks to review pull requests, analyze code changes, check for security issues in PRs, or assess code quality of diffs.
security
Ship Gate
Pre-production audit that scans a codebase for security, database, deployment, code quality, AI/LLM, dependency, frontend, and observability issues. Intercepts deploy commands and blocks until critical items pass. Stack-agnostic. Use for "run ship gate", "am I ready to ship", "p…
gosecuritydeploymentai+1
Skill Security Auditor
Security audit and vulnerability scanner for AI agent skills before installation. Use when: (1) evaluating a skill from an untrusted source, (2) auditing a skill directory or git repo URL for malicious code, (3) pre-install security gate for Claude Code plugins, OpenClaw skills,…
pythonrustsecurityai+1
Terraform Patterns
Terraform infrastructure-as-code agent skill and plugin for Claude Code, Codex, Gemini CLI, Cursor, OpenClaw. Covers module design patterns, state management strategies, provider configuration, security hardening, policy-as-code with Sentinel/OPA, and CI/CD plan/apply workflows.…
securitydeploymentagent
Atlassian Admin
Atlassian Administrator for managing and organizing Atlassian products (Jira, Confluence, Bitbucket, Trello), users, permissions, security, integrations, system configuration, and org-wide governance. Use when asked to add users to Jira, change Confluence permissions, configure …
gojirasecurity
Fda Consultant Specialist
FDA regulatory consultant for medical device companies. Provides 510(k)/PMA/De Novo pathway guidance, QSR (21 CFR 820) compliance, HIPAA assessments, and device cybersecurity. Use when user mentions FDA submission, 510(k), PMA, De Novo, QSR, premarket, predicate device, substant…
security
Information Security Manager Iso27001
ISO 27001 ISMS implementation and cybersecurity governance for HealthTech and MedTech companies. Use for ISMS design, security risk assessment, control implementation, ISO 27001 certification, security audits, incident response, and compliance verification. Covers ISO 27001, ISO…
gosecurity
Isms Audit Expert
Information Security Management System (ISMS) audit expert for ISO 27001 compliance verification, security control assessment, and certification support. Use when the user mentions ISO 27001, ISMS audit, Annex A controls, Statement of Applicability (SOA), gap analysis, nonconfor…
security
Api Authentication
Secure API authentication with JWT, OAuth 2.0, API keys. Use for authentication systems, third-party integrations, service-to-service communication, or encountering token management, security headers, auth flow errors.
securityapi
Api Filtering Sorting
Builds flexible API filtering and sorting systems with query parameter parsing, validation, and security. Use when implementing search endpoints, building data grids, or creating dynamic query APIs.
securityapi
Api Security Hardening
REST API security hardening with authentication, rate limiting, input validation, security headers. Use for production APIs, security audits, defense-in-depth, or encountering vulnerabilities, injection attacks, CORS issues.
securityapirest
Claude Code Bash Patterns
Claude Code Bash tool patterns with hooks, automation, git workflows. Use for PreToolUse hooks, command chaining, CLI orchestration, custom commands, or encountering bash permissions, command failures, security guards, hook configurations.
securityautomationai
Cloudflare Workers Security
Cloudflare Workers security with authentication, CORS, rate limiting, input validation. Use for securing APIs, JWT/API keys, or encountering auth failures, CORS errors, XSS/injection vulnerabilities.
cloudflaresecurityapiai
Dependency Upgrade
Secure dependency upgrades with supply chain protection, cooldowns, and staged rollout. Use when upgrading deps, configuring security policies, or preventing supply chain attacks.
securityai
Gemini Cli
Google Gemini CLI for second opinions, architectural advice, code reviews, security audits. Leverage 1M+ context for comprehensive codebase analysis via command-line tool.
gosecurityrag
Github Project Automation
GitHub repository automation (CI/CD, issue templates, Dependabot, CodeQL). Use for project setup, Actions workflows, security scanning, or encountering YAML syntax, workflow configuration, template structure errors.
githubsecurityautomation
Multi Ai Consultant
Consult external AIs (Gemini 2.5 Pro, OpenAI Codex, Claude) for second opinions. Use for debugging failures, architectural decisions, security validation, or need fresh perspective with synthesis.
securityai
Security Headers Configuration
Configures HTTP security headers to protect against XSS, clickjacking, and MIME sniffing attacks. Use when hardening web applications, passing security audits, or implementing Content Security Policy.
securityai
Vulnerability Scanning
Automated security scanning for dependencies, code, containers with Trivy, Snyk, npm audit. Use for CI/CD security gates, pre-deployment audits, compliance requirements, or encountering CVE detection, outdated packages, license compliance, SBOM generation errors.
securitydeploymentai
Api Key Manager
Manage api key manager operations. Auto-activating skill for Security Fundamentals. Triggers on: api key manager, api key manager Part of the Security Fundamentals skill category. Use when working with APIs or building integrations. Trigger with phrases like "api key manager", "…
gosecurityapi
Code Injection Detector
Detect code injection detector operations. Auto-activating skill for Security Fundamentals. Triggers on: code injection detector, code injection detector Part of the Security Fundamentals skill category. Use when working with code injection detector functionality. Trigger with p…
gosecurity
Content Security Policy Generator
Generate content security policy generator operations. Auto-activating skill for Security Fundamentals. Triggers on: content security policy generator, content security policy generator Part of the Security Fundamentals skill category. Use when working with content security poli…
gosecurity
Cookie Security Analyzer
Analyze cookie security analyzer operations. Auto-activating skill for Security Fundamentals. Triggers on: cookie security analyzer, cookie security analyzer Part of the Security Fundamentals skill category. Use when analyzing or auditing cookie security analyzer. Trigger with p…
gosecurity
Cors Policy Validator
Validate cors policy validator operations. Auto-activating skill for Security Fundamentals. Triggers on: cors policy validator, cors policy validator Part of the Security Fundamentals skill category. Use when working with cors policy validator functionality. Trigger with phrases…
gosecurity
Csrf Protection Validator
Validate csrf protection validator operations. Auto-activating skill for Security Fundamentals. Triggers on: csrf protection validator, csrf protection validator Part of the Security Fundamentals skill category. Use when working with csrf protection validator functionality. Trig…
gosecurity
Dependency Vulnerability Checker
Validate dependency vulnerability checker operations. Auto-activating skill for Security Fundamentals. Triggers on: dependency vulnerability checker, dependency vulnerability checker Part of the Security Fundamentals skill category. Use when working with dependency vulnerability…
gosecurity
Env Secret Detector
Detect env secret detector operations. Auto-activating skill for Security Fundamentals. Triggers on: env secret detector, env secret detector Part of the Security Fundamentals skill category. Use when working with env secret detector functionality. Trigger with phrases like "env…
gosecurity
Hardcoded Credential Finder
Manage hardcoded credential finder operations. Auto-activating skill for Security Fundamentals. Triggers on: hardcoded credential finder, hardcoded credential finder Part of the Security Fundamentals skill category. Use when working with hardcoded credential finder functionality…
gosecurity
Http Header Security Audit
Execute http header security audit operations. Auto-activating skill for Security Fundamentals. Triggers on: http header security audit, http header security audit Part of the Security Fundamentals skill category. Use when analyzing or auditing http header security audit. Trigge…
gosecurity
Https Certificate Checker
Validate https certificate checker operations. Auto-activating skill for Security Fundamentals. Triggers on: https certificate checker, https certificate checker Part of the Security Fundamentals skill category. Use when working with https certificate checker functionality. Trig…
gosecurity
Input Validation Checker
Validate input validation checker operations. Auto-activating skill for Security Fundamentals. Triggers on: input validation checker, input validation checker Part of the Security Fundamentals skill category. Use when working with input validation checker functionality. Trigger …
gosecurity
Insecure Deserialization Checker
Validate insecure deserialization checker operations. Auto-activating skill for Security Fundamentals. Triggers on: insecure deserialization checker, insecure deserialization checker Part of the Security Fundamentals skill category. Use when working with insecure deserialization…
gosecurity
Jwt Token Validator
Validate jwt token validator operations. Auto-activating skill for Security Fundamentals. Triggers on: jwt token validator, jwt token validator Part of the Security Fundamentals skill category. Use when working with jwt token validator functionality. Trigger with phrases like "j…
gosecurity
License Compliance Scanner
Scan license compliance scanner operations. Auto-activating skill for Security Fundamentals. Triggers on: license compliance scanner, license compliance scanner Part of the Security Fundamentals skill category. Use when working with license compliance scanner functionality. Trig…
gosecurity
Oauth2 Flow Helper
Configure with oauth2 flow helper operations. Auto-activating skill for Security Fundamentals. Triggers on: oauth2 flow helper, oauth2 flow helper Part of the Security Fundamentals skill category. Use when working with oauth2 flow helper functionality. Trigger with phrases like …
gosecurity
Password Hash Generator
Generate password hash generator operations. Auto-activating skill for Security Fundamentals. Triggers on: password hash generator, password hash generator Part of the Security Fundamentals skill category. Use when working with password hash generator functionality. Trigger with…
gosecurity
Password Strength Analyzer
Analyze password strength analyzer operations. Auto-activating skill for Security Fundamentals. Triggers on: password strength analyzer, password strength analyzer Part of the Security Fundamentals skill category. Use when analyzing or auditing password strength analyzer. Trigge…
gosecurity
Path Traversal Finder
Manage path traversal finder operations. Auto-activating skill for Security Fundamentals. Triggers on: path traversal finder, path traversal finder Part of the Security Fundamentals skill category. Use when working with path traversal finder functionality. Trigger with phrases l…
gosecurity
Rate Limiter Config
Configure rate limiter config operations. Auto-activating skill for Security Fundamentals. Triggers on: rate limiter config, rate limiter config Part of the Security Fundamentals skill category. Use when configuring systems or services. Trigger with phrases like "rate limiter co…
gosecurity
Secret Scanner
Scan secret scanner operations. Auto-activating skill for Security Fundamentals. Triggers on: secret scanner, secret scanner Part of the Security Fundamentals skill category. Use when working with secret scanner functionality. Trigger with phrases like "secret scanner", "secret …
gosecurity
Security Headers Generator
Generate security headers generator operations. Auto-activating skill for Security Fundamentals. Triggers on: security headers generator, security headers generator Part of the Security Fundamentals skill category. Use when working with security headers generator functionality. …
gosecurity
Session Security Checker
Validate session security checker operations. Auto-activating skill for Security Fundamentals. Triggers on: session security checker, session security checker Part of the Security Fundamentals skill category. Use when working with session security checker functionality. Trigger …
gosecurity
Sql Injection Detector
Detect sql injection detector operations. Auto-activating skill for Security Fundamentals. Triggers on: sql injection detector, sql injection detector Part of the Security Fundamentals skill category. Use when working with sql injection detector functionality. Trigger with phras…
gosecurity
Xss Vulnerability Scanner
Scan xss vulnerability scanner operations. Auto-activating skill for Security Fundamentals. Triggers on: xss vulnerability scanner, xss vulnerability scanner Part of the Security Fundamentals skill category. Use when working with xss vulnerability scanner functionality. Trigger …
gosecurity
Attack Surface Analyzer
Analyze attack surface analyzer operations. Auto-activating skill for Security Advanced. Triggers on: attack surface analyzer, attack surface analyzer Part of the Security Advanced skill category. Use when analyzing or auditing attack surface analyzer. Trigger with phrases like …
gosecurity
Certificate Lifecycle Manager
Manage certificate lifecycle manager operations. Auto-activating skill for Security Advanced. Triggers on: certificate lifecycle manager, certificate lifecycle manager Part of the Security Advanced skill category. Use when working with certificate lifecycle manager functionality…
gosecurity
Cloud Security Posture
Manage cloud security posture operations. Auto-activating skill for Security Advanced. Triggers on: cloud security posture, cloud security posture Part of the Security Advanced skill category. Use when working with cloud security posture functionality. Trigger with phrases like …
gosecurity
Container Security Auditor
Audit container security auditor operations. Auto-activating skill for Security Advanced. Triggers on: container security auditor, container security auditor Part of the Security Advanced skill category. Use when analyzing or auditing container security auditor. Trigger with phr…
gosecurityai
Encryption At Rest Checker
Validate encryption at rest checker operations. Auto-activating skill for Security Advanced. Triggers on: encryption at rest checker, encryption at rest checker Part of the Security Advanced skill category. Use when working with encryption at rest checker functionality. Trigger …
gosecurityrest
Forensics Data Collector
Process forensics data collector operations. Auto-activating skill for Security Advanced. Triggers on: forensics data collector, forensics data collector Part of the Security Advanced skill category. Use when working with forensics data collector functionality. Trigger with phra…
gosecurity
Gdpr Compliance Scanner
Scan gdpr compliance scanner operations. Auto-activating skill for Security Advanced. Triggers on: gdpr compliance scanner, gdpr compliance scanner Part of the Security Advanced skill category. Use when working with gdpr compliance scanner functionality. Trigger with phrases lik…
gosecurity
Hipaa Audit Helper
Assist with hipaa audit helper operations. Auto-activating skill for Security Advanced. Triggers on: hipaa audit helper, hipaa audit helper Part of the Security Advanced skill category. Use when analyzing or auditing hipaa audit helper. Trigger with phrases like "hipaa audit hel…
gosecurity
Iam Policy Reviewer
Execute iam policy reviewer operations. Auto-activating skill for Security Advanced. Triggers on: iam policy reviewer, iam policy reviewer Part of the Security Advanced skill category. Use when working with iam policy reviewer functionality. Trigger with phrases like "iam policy…
gosecurity
Incident Response Planner
Configure incident response planner operations. Auto-activating skill for Security Advanced. Triggers on: incident response planner, incident response planner Part of the Security Advanced skill category. Use when working with incident response planner functionality. Trigger wit…
gosecurity
Iso27001 Gap Analyzer
Analyze iso27001 gap analyzer operations. Auto-activating skill for Security Advanced. Triggers on: iso27001 gap analyzer, iso27001 gap analyzer Part of the Security Advanced skill category. Use when analyzing or auditing iso27001 gap analyzer. Trigger with phrases like "iso2700…
gosecurity
Key Rotation Manager
Manage key rotation manager operations. Auto-activating skill for Security Advanced. Triggers on: key rotation manager, key rotation manager Part of the Security Advanced skill category. Use when working with key rotation manager functionality. Trigger with phrases like "key rot…
gosecurity
Kubernetes Rbac Analyzer
Analyze kubernetes rbac analyzer operations. Auto-activating skill for Security Advanced. Triggers on: kubernetes rbac analyzer, kubernetes rbac analyzer Part of the Security Advanced skill category. Use when analyzing or auditing kubernetes rbac analyzer. Trigger with phrases l…
gokubernetessecurity
Log Analysis Security
Execute log analysis security operations. Auto-activating skill for Security Advanced. Triggers on: log analysis security, log analysis security Part of the Security Advanced skill category. Use when working with log analysis security functionality. Trigger with phrases like "lo…
gosecurity
Network Security Scanner
Scan network security scanner operations. Auto-activating skill for Security Advanced. Triggers on: network security scanner, network security scanner Part of the Security Advanced skill category. Use when working with network security scanner functionality. Trigger with phrases…
gosecurity
Pci Dss Validator
Validate pci dss validator operations. Auto-activating skill for Security Advanced. Triggers on: pci dss validator, pci dss validator Part of the Security Advanced skill category. Use when working with pci dss validator functionality. Trigger with phrases like "pci dss validator…
gosecurity
Penetration Test Planner
Plan penetration test planner operations. Auto-activating skill for Security Advanced. Triggers on: penetration test planner, penetration test planner Part of the Security Advanced skill category. Use when writing or running tests. Trigger with phrases like "penetration test pla…
gosecurity
Security Benchmark Runner
Manage security benchmark runner operations. Auto-activating skill for Security Advanced. Triggers on: security benchmark runner, security benchmark runner Part of the Security Advanced skill category. Use when working with security benchmark runner functionality. Trigger with p…
gosecurity
Security Policy Generator
Generate security policy generator operations. Auto-activating skill for Security Advanced. Triggers on: security policy generator, security policy generator Part of the Security Advanced skill category. Use when working with security policy generator functionality. Trigger with…
gosecurity
Siem Rule Generator
Generate siem rule generator operations. Auto-activating skill for Security Advanced. Triggers on: siem rule generator, siem rule generator Part of the Security Advanced skill category. Use when working with siem rule generator functionality. Trigger with phrases like "siem rule…
gosecurity
Soc2 Compliance Checker
Validate soc2 compliance checker operations. Auto-activating skill for Security Advanced. Triggers on: soc2 compliance checker, soc2 compliance checker Part of the Security Advanced skill category. Use when working with soc2 compliance checker functionality. Trigger with phrases…
gosecurity
Threat Model Creator
Create threat model creator operations. Auto-activating skill for Security Advanced. Triggers on: threat model creator, threat model creator Part of the Security Advanced skill category. Use when working with threat model creator functionality. Trigger with phrases like "threat …
gosecurity
Vulnerability Report Generator
Generate vulnerability report generator operations. Auto-activating skill for Security Advanced. Triggers on: vulnerability report generator, vulnerability report generator Part of the Security Advanced skill category. Use when working with vulnerability report generator functio…
gosecurity
Waf Rule Creator
Create waf rule creator operations. Auto-activating skill for Security Advanced. Triggers on: waf rule creator, waf rule creator Part of the Security Advanced skill category. Use when working with waf rule creator functionality. Trigger with phrases like "waf rule creator", "waf…
gosecurity
Zero Trust Config Helper
Configure with zero trust config helper operations. Auto-activating skill for Security Advanced. Triggers on: zero trust config helper, zero trust config helper Part of the Security Advanced skill category. Use when configuring systems or services. Trigger with phrases like "zer…
rustgosecurity
Security Group Generator
Generate security group generator operations. Auto-activating skill for AWS Skills. Triggers on: security group generator, security group generator Part of the AWS Skills skill category. Use when working with security group generator functionality. Trigger with phrases like "sec…
goawssecurity
Code Review
Code review with principal-engineer-level depth. Reviews for correctness, performance, security, maintainability, and architecture. Use when completing tasks, reviewing PRs, or before merging.
securityperformanceai
Pentest
Automated penetration testing — web, API, browser, GitHub, and local code. Zero false positives. Use when user wants to hack-test their app, find vulnerabilities, or run security pentesting.
githubsecuritytestingbrowser+1
Security Audit
Run security audit — dependency vulnerabilities, secret scanning, OWASP pattern detection, HTTP headers. Use when user wants to harden their project.
security

Agents (3)

Browse all agents
Security Auditor
Comprehensive security assessment specialist for threat modeling, penetration testing, and code reviews
Securitysecuritypenetration-testing+3
Code Reviewer Pro
Comprehensive code review agent functioning as a senior engineering lead for quality, security, and best practices
Quality & Testingcode-reviewquality+3
Code Reviewer (Feature Dev)
Reviews code for bugs, logic errors, security vulnerabilities, code quality issues, and adherence to project conventions, using confidence-based filtering to report only high-priority issues
Quality & Testingreviewquality+4

Plugins (88)

Browse all plugins
Security Guidance
Real-time security linter detecting injection vulnerabilities, authentication flaws, and OWASP Top 10 issues. Monitors 9 common vulnerability patterns including SQL injection, XSS, CSRF, and insecure deserialization during file editing.
securityvulnerabilityanalysishooks+2
Dependency Auditor
Audit project dependencies for security vulnerabilities, license compliance issues, outdated packages, and unused dependencies
securitydependenciesauditnpm+1
Env Manager
Manage environment variables across .env files with validation, secret detection, sync across environments, and .env.example generation
envconfigurationsecretsdotenv+1
Trail of Bits Security
Opinionated security-first Claude Code configuration with sandboxing, permission rules, hooks, and security audit skills from professional security researchers
securityaudithardeningconfiguration+1
42crunch Api Security Testing
Automate API security directly in Claude Code with 42Crunch - automatically audit OpenAPI specs, detect vulnerabilities aligned with OWASP API Security risks (including BOLA/BFLA), and apply AI-powered fixes. Designed for AI-assisted development workflows, it provides continuous…
securitytestingapiai
Ai Plugins
Set up endorctl and use Endor Labs to scan, prioritize, and fix security risks across your software supply chain
securityai
Aikido
Aikido Security scanning for Claude Code — SAST, secrets, and IaC vulnerability detection powered by the Aikido MCP server.
securityai
Auth0
Add authentication to any app with Auth0. This plugin detects your framework, scaffolds the right Auth0 SDK integration, and guides you through login, logout, sessions, and protected routes — using current SDK patterns.
securitygo
Coderabbit
Your code review partner. CodeRabbit provides external validation using a specialized AI architecture and 40+ integrated static analyzers—offering a different perspective that catches bugs, security vulnerabilities, logic errors, and edge cases. Context-aware analysis via AST pa…
productivitysecurityai
Crowdstrike Falcon Foundry
CrowdStrike Falcon Foundry development skills for building cybersecurity applications on the Falcon platform. Includes UI development, collections, functions, workflows, API integration, security patterns, and debugging workflows.
securityapi
Jfrog
Use the JFrog Platform from Claude Code: Artifactory repos and artifacts, security findings and exposures, Catalog package safety and downloads, workflows across the SDLC, and platform administration.
security
Miro
Secure access to Miro boards. Enables AI to read board context, create diagrams, and generate code with enterprise-grade security.
designsecurityai
Pagerduty
Enhance code quality and security through PagerDuty risk scoring and incident correlation. Score pre-commit diffs against historical incident data and surface deployment risk before you ship.
monitoringsecuritydeploymentai
Postman
Full API lifecycle management for Claude Code. Sync collections, generate client code, discover APIs, run tests, create mocks, publish docs, and audit security. Powered by the Postman MCP Server.
developmentsecurityapi
Semgrep
Semgrep catches security vulnerabilities in real-time and guides Claude to write secure code from the start.
security
Sonarqube
Automatically enforce SonarQube code quality and security in the agent coding loop — 7,000+ rules, secrets scanning, agentic analysis, and quality gates across 40+ languages. PostToolUse hooks run analysis after every file edit. Pre-tool secrets scanning prevents 450+ patterns f…
securityagent
Sonatype Guide
Sonatype Guide MCP server for software supply chain intelligence and dependency security. Analyze dependencies for vulnerabilities, get secure version recommendations, and check component quality metrics.
securityai
Sourcegraph
Code search and understanding across codebases. Search, read, and trace references across repositories; analyze refactor impact; investigate incidents via commit and diff search; run targeted security sweeps.
developmentsecurity
Vanta Mcp Plugin
The Vanta plugin connects Claude Code to Vanta's security and compliance platform through the Vanta MCP server. It combines Vanta's test-specific remediation intelligence with your local repository context to help you fix compliance failures faster.
securityai
Zscaler
Manage Zscaler cloud security platform including ZPA (private access), ZIA (internet access), ZDX (digital experience), ZCC (client connector), EASM (attack surface), and Z-Insights (analytics). Create and manage policies, troubleshoot connectivity, audit security configurations…
security
Access Control Auditor
Audit access control implementations
security
Api Fuzzer
Fuzz testing for APIs with malformed inputs, edge cases, and security vulnerability detection
testingsecurityapi
Api Security Scanner
Scan APIs for security vulnerabilities and OWASP API Top 10
api-developmentsecurityapi
Authentication Validator
Validate authentication implementations
security
Compliance Report Generator
Generate compliance reports
security
Container Security Scanner
Scan containers for vulnerabilities using Trivy, Snyk, and other security tools
devopssecurityai
Cors Policy Validator
Validate CORS policies
security
Cross Chain Bridge Monitor
Monitor cross-chain bridge activity, track transfers, analyze security, and detect bridge exploits
cryptosecurityai
Csrf Protection Validator
Validate CSRF protection
security
Data Privacy Scanner
Scan for data privacy issues
security
Database Security Scanner
Database plugin for database-security-scanner
databasesecurity
Dependency Checker
Check dependencies for known vulnerabilities, outdated packages, and license compliance
security
Encryption Tool
Encrypt and decrypt data with various algorithms
securitygo
Gdpr Compliance Scanner
Scan for GDPR compliance issues
security
Hipaa Compliance Checker
Check HIPAA compliance
security
Input Validation Scanner
Scan input validation practices
security
Owasp Compliance Checker
Check OWASP Top 10 compliance
security
Pci Dss Validator
Validate PCI DSS compliance
security
Penetration Tester
Automated penetration testing for web applications with OWASP Top 10 coverage
securitytestingrag
Code Cleanup
Comprehensive codebase cleanup across 11 quality dimensions — dead code, duplication, weak types, circular deps, defensive cruft, legacy code, AI slop, type consolidation, security, performance, and async patterns. Confidence scoring and build verification gates.
testingsecurityperformanceai
Secret Scanner
Scan codebase for exposed secrets, API keys, passwords, and sensitive credentials
securityapi
Severity1 Marketplace
Severity level classification and prompt improvement for marketplace plugins. Assigns severity ratings (S1-Critical through S4-Low) and enhances plugin prompts for clarity, safety, and effectiveness.
security
Security Agent
Security review subagent for code analysis
examplessecurityagent
Security Audit Reporter
Generate comprehensive security audit reports
security
Security Headers Analyzer
Analyze HTTP security headers
security
Security Incident Responder
Assist with security incident response
security
Security Misconfiguration Finder
Find security misconfigurations
security
Security Pro Pack
Professional security tools for Claude Code: vulnerability scanning, compliance, cryptography audit, container & API security
packagessecurityapiai
Security Test Scanner
Automated security vulnerability testing covering OWASP Top 10, SQL injection, XSS, CSRF, and authentication issues
testingsecurity
Session Security Checker
Check session security implementation
security
Soc2 Audit Helper
Assist with SOC2 audit preparation
security
Sql Injection Detector
Detect SQL injection vulnerabilities
security
Ssl Certificate Manager
Manage and monitor SSL/TLS certificates
security
Token Launch Tracker
Track new token launches, detect rugpulls, and analyze contract security for early-stage crypto projects
cryptosecurity
Vulnerability Scanner
Comprehensive vulnerability scanning for code, dependencies, and configurations with CVE detection
security
Xss Vulnerability Scanner
Scan for XSS vulnerabilities
security
Wallet Security Auditor
Crypto wallet security auditor for reviewing wallet implementations, key management, signing flows, and common vulnerability patterns.
cryptosecurity
Engineering Skills
36 engineering skills: architecture, frontend, backend, fullstack, QA, DevOps, security, AI/ML, data engineering, Playwright (9 sub-skills), self-improving agent, Stripe integration, TDD guide, tech stack evaluator, Google Workspace CLI, a11y audit (WCAG 2.2), Azure cloud archit…
developmentgoazuresecurity+2
Docker Development
Docker and container development — Dockerfile optimization, docker-compose orchestration, multi-stage builds, security hardening, and CI/CD container pipelines.
developmentdockersecurityai
Full Stack Orchestration
End-to-end feature orchestration with testing, security, performance, and deployment
workflowssecuritytestingperformance+1
Dependency Management
Dependency auditing, version management, and security vulnerability scanning
utilitiessecurity
Kubernetes Operations
Kubernetes manifest generation, networking configuration, security policies, observability setup, GitOps workflows, and auto-scaling
infrastructurekubernetessecurity
Comprehensive Review
Multi-perspective code analysis covering architecture, security, and best practices
qualitysecurity
Security Scanning
SAST analysis, dependency vulnerability scanning, OWASP Top 10 compliance, container security scanning, and automated security hardening
securityai
Security Compliance
SOC2, HIPAA, and GDPR compliance validation, secrets scanning, compliance checklists, and regulatory documentation
security
Backend Api Security
API security hardening, authentication implementation, authorization patterns, rate limiting, and input validation
securityapi
Frontend Mobile Security
XSS prevention, CSRF protection, content security policies, mobile app security, and secure storage patterns
securityrag
Reverse Engineering
Binary reverse engineering, malware analysis, firmware security, and software protection research for authorized security research, CTF competitions, and defensive security
security
Block No Verify
PreToolUse hook that prevents AI agents from using --no-verify, --no-gpg-sign, and other bypass flags that skip git hooks
securityaiagent
Pensive
Multi-discipline code review: architecture, bugs, APIs, blast radius analysis, security, tests, Makefiles, and NASA Power of 10 analysis
securityapi
Access Control Rbac
Role-based access control (RBAC) with permissions and policies. Use for admin dashboards, enterprise access, multi-tenant apps, fine-grained authorization, or encountering permission hierarchies, role inheritance, policy conflicts.
securityai
Api Authentication
Secure API authentication with JWT, OAuth 2.0, API keys. Use for authentication systems, third-party integrations, service-to-service communication, or encountering token management, security headers, auth flow errors.
authsecurityapi
Api Filtering Sorting
Builds flexible API filtering and sorting systems with query parameter parsing, validation, and security. Use when implementing search endpoints, building data grids, or creating dynamic query APIs.
apisecurity
Api Security Hardening
REST API security hardening with authentication, rate limiting, input validation, security headers. Use for production APIs, security audits, defense-in-depth, or encountering vulnerabilities, injection attacks, CORS issues.
apisecurityrest
Claude Code Bash Patterns
Claude Code Bash tool patterns with hooks, automation, git workflows. Use for PreToolUse hooks, command chaining, CLI orchestration, custom commands, or encountering bash permissions, command failures, security guards, hook configurations.
toolingsecurityautomationai
Cloudflare Turnstile
Cloudflare Turnstile CAPTCHA-alternative bot protection. Use for forms, login security, API protection, or encountering CSP errors, token validation failures, error codes 100*/300*/600*.
cloudflaresecurityapiai
Cloudflare Workers
Comprehensive Cloudflare Workers platform guide covering runtime APIs, testing (Vitest), CI/CD, observability, framework integration, performance, security, and migration. Use for Workers development, deployment, debugging, or optimization.
cloudflaresecuritytestingperformance+2
Csrf Protection
Implements CSRF protection using synchronizer tokens, double-submit cookies, and SameSite attributes. Use when securing web forms, protecting state-changing endpoints, or implementing defense-in-depth authentication.
security
Defense In Depth Validation
Validate at every layer data passes through to make bugs impossible. Use when invalid data causes failures deep in execution, requiring validation at multiple system layers.
securityai
Dependency Upgrade
Secure dependency upgrades with supply chain protection, cooldown periods, post-install script hardening, lockfile validation, and staged rollout across npm, Bun, pnpm, and Yarn. Use when upgrading dependencies, configuring security policies, or preventing supply chain attacks.
toolingsecurityai
Gemini Cli
Google Gemini CLI for second opinions, architectural advice, code reviews, security audits. Leverage 1M+ context for comprehensive codebase analysis via command-line tool.
aigosecurityrag
Github Project Automation
GitHub repository automation (CI/CD, issue templates, Dependabot, CodeQL). Use for project setup, Actions workflows, security scanning, or encountering YAML syntax, workflow configuration, template structure errors.
toolinggithubsecurityautomation
Multi Ai Consultant
Consult external AIs (Gemini 2.5 Pro, OpenAI Codex, Claude) for second opinions. Use for debugging failures, architectural decisions, security validation, or need fresh perspective with synthesis.
aisecurity
Security Headers Configuration
Configures HTTP security headers to protect against XSS, clickjacking, and MIME sniffing attacks. Use when hardening web applications, passing security audits, or implementing Content Security Policy.
securityai
Vulnerability Scanning
Implements automated security scanning for dependencies, code, and containers using tools like Trivy, Snyk, and npm audit. Use when setting up CI/CD security gates, conducting pre-deployment audits, or meeting compliance requirements.
securitydeploymentai
Wordpress Plugin Core
WordPress plugin development with hooks, security, REST API, custom post types. Use for plugin creation, $wpdb queries, Settings API, or encountering SQL injection, XSS, CSRF, nonce errors.
cmssecurityapirest
Xss Prevention
Prevents Cross-Site Scripting attacks through input sanitization, output encoding, and Content Security Policy. Use when handling user-generated content, implementing rich text editors, or securing web applications.
security
Fresh Eyes Review
Mandatory final sanity check before commits/PRs - catches security vulnerabilities, logic errors, and bugs that slip through tests
security

MCP Servers (96)

Browse all MCP servers
E2B Code Sandbox
Secure cloud sandbox for executing code in isolated environments with full system access
sandboxcode-executionsecuritycloud+1
Semgrep
Scan code for security vulnerabilities, bugs, and anti-patterns using Semgrep static analysis rules
securitysemgrepstatic-analysissast+1
RNWY Trust Intelligence
Check if an AI agent is trustworthy before you hire it. Sybil detection, signed attestations, and reviewer wallet analysis across 150,000+ agents. Free, no key.
trustsecurityai-agentsblockchain+1
Profullstack Server
A comprehensive MCP server aggregating 20+ tools including SEO optimization, document conversion, domain lookup, email validation, QR generation, weather data, social media posting, security scanning, and more developer utilities.
aggregatorssecurityai
Chrome Mcp Secure
Security-hardened Chrome automation with post-quantum encryption (ML-KEM-768 + ChaCha20-Poly1305), secure credential vault, memory scrubbing, and audit logging. 22 tools for browser automation and secure logins.
browser-automationsecuritybrowserautomation
Cloudwright
Natural-language cloud architecture intelligence for AWS, GCP, Azure, and Databricks. 19 tools for architecture design, cost estimation, compliance validation (HIPAA, SOC 2, FedRAMP, GDPR, PCI-DSS, Well-Architected), security scanning, Terraform/CloudFormation export, and blast-…
cloud-platformsawsgcpazure+1
Cli
Command line interface with secure execution and customizable security policies
coding-agentssecurity
Multi
Parallel multi-model code review, security analysis, and AI debate with ChatGPT, Claude, and Gemini. Orchestrates multiple LLMs for compare, consensus, and OWASP Top 10 security checks.
coding-agentssecurityaillm
Mysql
MySQL database integration with configurable access controls, schema inspection, and comprehensive security guidelines
databasesmysqlsecurity
Postgres
PostgreSQL MCP server with 14 tools for querying, schema exploration, and table analysis. Features security-first design with SQL injection prevention and read-only by default.
databasespostgressecurity
Libsql
Production-ready MCP server for libSQL databases with comprehensive security and management tools.
databasessecurity
AI SOC Sher
MCP Server to do dynamic AI SOC Security Threat analysis for a Text2SQL AI Agent.
developer-toolssecurityaiagent
Conan
Official MCP server for Conan C/C++ package manager. Create projects, manage dependencies, check licenses, and scan for security vulnerabilities.
developer-toolssecurity
GoSQLX
7 SQL tools (validate, format, parse, lint, security scan, metadata extraction, full analysis) over Streamable HTTP. Public remote server at mcp.gosqlx.dev - no install needed. 1.25M+ ops/sec, 6 SQL dialects.
developer-toolsgosecurity
Droidmind
Control Android devices with AI through MCP, enabling device control, debugging, system analysis, and UI automation with a comprehensive security framework.
developer-toolssecurityautomationai
Adr Analysis
AI-powered architectural analysis server for software projects. Provides technology stack detection, ADR management, security checks, enhanced TDD workflow, and deployment readiness validation with support for multiple AI models.
developer-toolssecuritydeploymentai
Heurist Mesh
Access specialized web3 AI agents for blockchain analysis, smart contract security auditing, token metrics evaluation, and on-chain interactions through the Heurist Mesh network. Provides comprehensive tools for DeFi analysis, NFT valuation, and transaction monitoring across mul…
finance-fintechsecuritymonitoringai+1
Notebooklm Mcp Secure
Security-hardened NotebookLM MCP with post-quantum encryption (ML-KEM-768), GDPR/SOC2/CSSF compliance, and 14 security layers. Query Google's Gemini-grounded research from Claude and AI agents.
knowledge-memorygosecurityai+1
Mureo
Framework for AI agents (Claude Code, Cursor, Codex, Gemini) to operate Google Ads, Meta Ads, and Search Console. Grounded in a local STRATEGY.md — not metric-chasing. Defense-in-depth security, local-first. Apache 2.0.
marketinggosecurityai+1
Dynatrace
Leverage AI-driven observability, security, and automation to analyze anomalies, logs, traces, events, metrics.
monitoringsecurityautomationai+1
Lucidity
Enhance AI-generated code quality through intelligent, prompt-based analysis across 10 critical dimensions from complexity to security vulnerabilities
monitoringsecurityai
Gopher
Modern, cross-platform MCP server enabling AI assistants to browse and interact with both Gopher protocol and Gemini protocol resources safely and efficiently. Features dual protocol support, TLS security, and structured content extraction.
search-data-extractiongosecurityai
GhidraMCP
MCP server for integrating Ghidra with AI assistants. This plugin enables binary analysis, providing tools for function inspection, decompilation, memory exploration, and import/export analysis via the Model Context Protocol.
securityai
Dandan
Real-time security framework for MCP servers that detects and blocks malicious AI agent behavior by analyzing tool call patterns and intent across multiple threat detection engines.
securityaiagent
Authbox
Zero-knowledge password manager with MCP credential gateway. BIP-39 seed phrase recovery, deterministic passwords, policy-gated AI agent access (scope, rate limits, time windows, step-up approval), 70+ API key providers, and hash-chain audit trail. Go + Next.js + TypeScript.
securitytypescriptgoapi+2
Aegis
Policy-based governance for AI agent tool calls. YAML policies, approval gates, risk assessment, and audit logging. Cross-platform: LangChain, OpenAI, Anthropic, MCP.
securitygoaiagent
Solvitor
Solvitor MCP server provides tools to access reverse engineering tools that help developers extract IDL files from closed-source Solana smart contracts and decompile them.
security
Agntor Mcp
MCP audit server for agent discovery and certification. Provides trust and payment rail for AI agents including identity verification, escrow, settlement, and reputation management.
securityrustaiagent
Agentstamp
Trust intelligence for AI agents — identity stamps, reputation scoring (0-100), registry, forensic audit trails, and A2A passports via x402 micropayments.
securityrustaiagent
AIM
Security-focused MCP server that provides safety guidelines and content analysis for AI agents.
securityaiagent
Kastell
Server security auditing and hardening toolkit. 413 security checks across 29 categories (SSH, Firewall, Docker, TLS, HTTP Headers), CIS/PCI-DSS/HIPAA compliance mapping, 19-step production hardening, fleet management, and forensic evidence collection. Supports Hetzner, DigitalO…
securitygonodedocker
Arkforge
Third-party certifying proxy — sign any HTTP call (AI agents, webhooks, microservices) with an independent Ed25519 signature, RFC 3161 timestamp, and Sigstore Rekor anchor. Works with Claude, GPT-4, Mistral, LangChain, AutoGen, or any HTTP client.
securityaiagent
Firewall
Deterministic security proxy (iptables for MCP) that intercepts tool calls, enforces YAML policies, scans for secret leakage, and logs everything. No AI, no cloud.
securityai
Dnstwist
MCP server for dnstwist, a powerful DNS fuzzing tool that helps detect typosquatting, phishing, and corporate espionage.
security
Maigret
MCP server for maigret, a powerful OSINT tool that collects user account information from various public sources. This server provides tools for searching usernames across social networks and analyzing URLs.
securityai
Shodan
MCP server for querying the Shodan API and Shodan CVEDB. This server provides tools for IP lookups, device searches, DNS lookups, vulnerability queries, CPE lookups, and more.
securityapi
Virustotal
MCP server for querying the VirusTotal API. This server provides tools for scanning URLs, analyzing file hashes, and retrieving IP address reports.
securityrustapi
Csl Core
Deterministic AI safety policy engine with Z3 formal verification. Write, verify, and enforce machine-verifiable constraints for AI agents via MCP.
securityaiagent
Attestable
An MCP server running inside a trusted execution environment (TEE) via Gramine, showcasing remote attestation using [RA-TLS](https://gramine.readthedocs.io/en/stable/attestation.html). This allows an MCP client to verify the server before conencting.
securityrust
Cyntrisec Cli
Local-first AWS security analyzer that discovers attack paths and generates remediations using graph theory.
securityaws
Onepassword
An MCP server that enables secure credential retrieval from 1Password to be used by Agentic AI.
securityaiagent
Authenticator
A secure MCP (Model Context Protocol) server that enables AI agents to interact with the Authenticator App.
securityaiagent
Secretctl
AI-safe secrets manager with MCP integration. Run commands with credentials injected as environment variables - AI agents never see plaintext secrets. Features output sanitization, AES-256-GCM encryption, and Argon2id key derivation.
securitygoaiagent
Binary Ninja
A Binary Ninja plugin, MCP server, and bridge that seamlessly integrates [Binary Ninja](https://binary.ninja) with your favorite MCP client. It enables you to automate the process of performing binary analysis and reverse engineering.
security
Security
MCP server for querying the ORKL API. This server provides tools for fetching threat reports, analyzing threat actors, and retrieving intelligence sources.
securityapi
Volatility
MCP server for Volatility 3.x, allowing you to perform memory forensics analysis with AI assistant. Experience memory forensics without barriers as plugins like pslist and netscan become accessible through clean REST APIs and LLMs.
securityapirestai+1
Server Cortex
A Rust-based MCP server to integrate Cortex, enabling observable analysis and automated security responses through AI.
securityrustai
Server Thehive
A Rust-based MCP server to integrate TheHive, facilitating collaborative security incident response and case management via AI.
securityrustai
Server Wazuh
A Rust-based MCP server bridging Wazuh SIEM with AI assistants, providing real-time security alerts and event data for enhanced contextual understanding.
securityrustai
Aegis
Credential isolation proxy for AI agents. Injects secrets at the network boundary with domain restrictions, agent authentication, and audit logging. No SDK required — works as a transparent HTTP proxy or MCP server.
securityrestaiagent
Gia
Enterprise AI governance layer with 29 tools: MAI decision classification (Mandatory/Advisory/Informational), hash-chained forensic audit trails, human-in-the-loop gates, compliance mapping (NIST AI RMF, EU AI Act, ISO 42001), governed memory packs, and site reliability tools.
securitygoai
Cybersec Watchdog
Comprehensive Linux server security audit with 89 CIS Benchmark controls, NIST 800-53, and PCI-DSS compliance checks. Real-time monitoring with anomaly detection across 23 analyzers: firewall, SSH, fail2ban, Docker, CVE, rootkit, SSL/TLS, filesystem, network, and more.
securitydockermonitoringai
Inspector
MCP server for domain and URL security analysis powered by GridinSoft Inspector, enabling AI agents to verify website and link safety.
securityaiagent
Guardvibe
Security MCP for vibe coding with 330 rules and 29 tools. Purpose-built for AI-generated code — scans Next.js, Supabase, Clerk, Stripe, Prisma, Hono, GraphQL, and 25+ modules. Cross-file taint analysis, host security audit, auto-fix, SARIF export, pre-commit hook, and CVE versio…
securitygraphqlai
Vuln Nist
A Model Context Protocol (MCP) server for querying NIST National Vulnerability Database (NVD) API endpoints.
securityapi
Entraid
A MCP server for Microsoft Entra ID (Azure AD) directory, user, group, device, sign-in, and security operations via Microsoft Graph Python SDK.
securitypythonazureai
Quantum Ring
Quantum-inspired keyring for AI coding agents. Secure secrets with superposition, entanglement, tunneling, and teleportation.
securityaiagent
Intruder
MCP server to access [Intruder](https://www.intruder.io/), helping you identify, understand, and fix security vulnerabilities in your infrastructure.
security
ModelSafetyMCP
MCP server for scanning machine learning model artifacts for unsafe serialization, malicious model patterns, risky packaging, URL-based artifact scanning, and directory-level triage using ModelScan, PickleScan, and heuristic inspection.
security
Server Inject Bender
Security through absurdity: transforms SQL injection and XSS attempts into harmless comedy responses using AI-powered humor defense.
securityai
Shellward
AI Agent Security Middleware & MCP Server with 8-layer defense including prompt injection detection, DLP data flow tracking, command blocking, and PII detection. 7 MCP tools, zero dependencies.
securityaiagent
GhidrAssistMCP
A native Model Context Protocol server for Ghidra. Includes GUI configuration and logging, 31 powerful tools and no external dependencies.
security
Vms
A Model Context Protocol (MCP) server designed to connect to a CCTV recording program (VMS) to retrieve recorded and live video streams. It also provides tools to control the VMS software, such as showing live or playback dialogs for specific channels at specified times.
security
GhidraMCP
A Model Context Protocol server for Ghidra that enables LLMs to autonomously reverse engineer applications. Provides tools for decompiling binaries, renaming methods and data, and listing methods, classes, imports, and exports.
securityllm
Beelzebub
Beelzebub is a honeypot framework that lets you build honeypot tools using MCP. Its purpose is to detect prompt injection or malicious agent behavior. The underlying idea is to provide the agent with tools it would never use in its normal work.
securityagent
Ida Pro
MCP server for IDA Pro, allowing you to perform binary analysis with AI assistants. This plugin implement decompilation, disassembly and allows you to generate malware analysis reports automatically.
securityai
Recon
Conversational recon interface and MCP server powered by httpx and asnmap. Supports various reconnaissance levels for domain analysis, security header inspection, certificate analysis, and ASN lookup.
securityai
Panther
MCP server that enables security professionals to interact with Panther's SIEM platform using natural language for writing detections, querying logs, and managing alerts.
security
Mobsf
A MCP server for MobSF which can be used for static and dynamic analysis of Android and iOS application.
security
Cervellaswarm
Verify AI agent communication protocols using session types. Formal specification with Lean 4 proofs, linter, formatter, and LSP. Catches deadlocks and role violations before deployment.
securitydeploymentaiagent
Rad Security Server
MCP server for RAD Security, providing AI-powered security insights for Kubernetes and cloud environments. This server provides tools for querying the Rad Security API and retrieving security findings, reports, runtime data and many more.
securitykubernetesapiai
Radare2
MCP server for Radare2 disassembler. Provides AI with capability to disassemble and look into binaries for reverse engineering.
securityai
Cve Search
A Model Context Protocol (MCP) server for querying the CVE-Search API. This server provides comprehensive access to CVE-Search, browse vendor and product、get CVE per CVE-ID、get the last updated CVEs.
securityapi
Vet
vet-mcp checks open source packages—like those suggested by AI coding tools—for vulnerabilities and malicious code. It supports npm and PyPI, and runs locally via Docker or as a standalone binary for fast, automated vetting.
securitydockerai
Dawshund
An MCP server based on dAWShund to enumerate AWS IAM data, analyze effective permissions, and visualize access relationships across users, roles, and resources. Built for cloud security engineers who want fast, easy and effective insights into AWS identity risk.
securityaws
Ciphertrust Manager
MCP server for Thales CipherTrust Manager integration, enabling secure key management, cryptographic operations, and compliance monitoring through AI assistants.
securityrustmonitoringai
Thales Cdsp Cakm
MCP server for Thales CDSP CAKM integration, enabling secure key management, cryptographic operations, and compliance monitoring through AI assistants for Ms SQL and Oracle Databases.
securitymonitoringai
Thales Cdsp Crdp
MCP server for Thales CipherTrust Manager RestFul Data Protection service.
securityrustrest
Secops
All-in-one security testing toolbox that brings together popular open source tools through a single MCP interface. Connected to an AI agent, it enables tasks like pentesting, bug bounty hunting, threat hunting, and more.
securitytestingaiagent
Skillssafe
Free AI agent skill security scanner. Scan SKILL.md, MCP configs, and system prompts for credential theft, prompt injection, zero-width character attacks, and ClawHavoc indicators. Supports OpenClaw, Claude Code, Cursor, and Codex. No signup required.
securityaiagent
Cyberchef Api
MCP server for interacting with the CyberChef server API which will allow an MCP client to utilise the CyberChef operations.
securityapi
Platform
Governance proxy for MCP servers. Wraps any upstream server with policy evaluation, human approval workflows, and hash-chain audit trails. 18+ framework integrations. Apache 2.0 SDK.
securitygoai
Studio
Embeds Snyk's security engines into agentic workflows. Secures AI-generated code in real-time and accelerates the fixing vulnerability backlogs.
securityaiagent
Osv
Access the OSV (Open Source Vulnerabilities) database for vulnerability information. Query vulnerabilities by package version or commit, batch query multiple packages, and get detailed vulnerability information by ID.
securityai
OPNSenseMCP
MCP Server for managing & interacting with Open Source NGFW OPNSense via Natural Language
security
Aegis
AI-agent admission-control MCP server: validates file edits against Ring 0 syntax + Ring 0.5 structural-cost regression + workspace boundary (path / glob / shell-redirect / symlink). Negative-space framing — emits BLOCK / WARN / PASS verdicts, never coaches the agent.
securityaiagent
Ida Headless
Headless IDA Pro binary analysis via MCP. Multi-session concurrency with Go orchestration and Python workers. Supports Il2CppDumper and Blutter metadata import for Unity and Flutter reverse engineering.
securitypythongo
Apktool
APKTool MCP Server is a MCP server for the Apk Tool to provide automation in reverse engineering of Android APKs.
securityautomation
Zitadel
MCP server for Zitadel identity management — manage users, projects, OIDC apps, roles, and service accounts through natural language.
security
Arai
Policy enforcement for AI coding agents derived from existing instruction files (CLAUDE.md, .cursorrules, .windsurfrules, .github/copilot-instructions.md) — no separate YAML to maintain. Rules with prohibitive predicates (`never`, `forbids`, `must_not`) emit `permissionDecision:…
securitygithubaiagent
Jadx Ai
JADX-AI-MCP is a plugin and MCP Server for the JADX decompiler that integrates directly with Model Context Protocol (MCP) to provide live reverse engineering support with LLMs like Claude.
securityaillm
DocSentinel
MCP server for AI agent for cybersecurity: automate assessment of documents, questionnaires & reports. Multi-format parsing, RAG knowledge base,Risks, compliance gaps, remediations.
securityairagagent
Urldna Mcp
MCP server for automated URL scanning and forensic phishing triage. Captures full DOM snapshots, network requests, and visual screenshots to identify malicious redirects and infrastructure. Supports historical threat hunting using Custom Query Language (CQL) to map actor pattern…
security
Depscope
Package Intelligence for AI agents. 22 tools across 17 ecosystems (npm/pypi/cargo/go/maven/nuget/rubygems/composer/pub/hex/swift/cocoapods/cpan/hackage/cran/conda/homebrew) — check health, vulnerabilities (OSV + CISA KEV + EPSS), typosquats, malicious flags, alternatives, known …
securitygoswiftai+1
Contrastapi
Security intelligence API with 31 MCP tools for CVE/EPSS/KEV lookup, domain recon (DNS/WHOIS/SSL/subdomains/CT logs), IOC/threat intel, OSINT (email/phone/username), and code security scanning (secrets, injection). Free 100 req/hr.
securityapiai
Depguard
Pre-install guardian for npm packages with static code analysis, supply-chain attack detection, vulnerability audit (npm + GitHub Advisory Database), AI hallucination guard, and CycloneDX 1.6 SBOM generation with VEX. 12 MCP tools. Zero runtime dependencies — the SBOM serializer…
securitygithubai

Hooks (4)

Browse all hooks
Dependency Vulnerability Check
PostToolUse
Runs npm audit / pip-audit / cargo audit when dependency manifests change, blocking edits that introduce known vulnerabilities
securitydependenciesvulnerabilityaudit+1
Secret Scanner
PreToolUse
Scans files for accidentally committed secrets, API keys, and credentials before they are written
securitysecretsscanningprevention
Prompt Injection Defense
PostToolUse
Scans tool outputs for prompt injection patterns including instruction overrides, role-playing attempts, and encoding obfuscation
securityprompt-injectiondefensescanning
Environment Variable Leak Detector
PostToolUse
Scans files after edits for hardcoded secrets, API keys, and tokens that should be in environment variables
securitysecretsenvironment-variablesapi-keys+1

Other use cases

Code ReviewTestingGit WorkflowsDocumentationDebuggingPerformanceDeployment & CI/CDDatabasesAPI DevelopmentRefactoringFrontend DevelopmentCodebase OnboardingAI & Agent DevelopmentMobile DevelopmentObservability & MonitoringRefactoringFrontend DevelopmentCodebase Onboarding