All Security plugins

Best Claude Code plugins for security on Security (May 2026)

87 curated Claude Code plugins that handle security on Security projects. Install commands, configs, and copy-paste setup, refreshed May 2026.

87 items matching Security & Security.

Security Guidance
Real-time security linter detecting injection vulnerabilities, authentication flaws, and OWASP Top 10 issues. Monitors 9 common vulnerability patterns including SQL injection, XSS, CSRF, and insecure deserialization during file editing.
securityvulnerabilityanalysishooks+2
Dependency Auditor
Audit project dependencies for security vulnerabilities, license compliance issues, outdated packages, and unused dependencies
securitydependenciesauditnpm+1
Trail of Bits Security
Opinionated security-first Claude Code configuration with sandboxing, permission rules, hooks, and security audit skills from professional security researchers
securityaudithardeningconfiguration+1
42crunch Api Security Testing
Automate API security directly in Claude Code with 42Crunch - automatically audit OpenAPI specs, detect vulnerabilities aligned with OWASP API Security risks (including BOLA/BFLA), and apply AI-powered fixes. Designed for AI-assisted development workflows, it provides continuous…
securitytestingapiai
Ai Plugins
Set up endorctl and use Endor Labs to scan, prioritize, and fix security risks across your software supply chain
securityai
Aikido
Aikido Security scanning for Claude Code — SAST, secrets, and IaC vulnerability detection powered by the Aikido MCP server.
securityai
Auth0
Add authentication to any app with Auth0. This plugin detects your framework, scaffolds the right Auth0 SDK integration, and guides you through login, logout, sessions, and protected routes — using current SDK patterns.
securitygo
Coderabbit
Your code review partner. CodeRabbit provides external validation using a specialized AI architecture and 40+ integrated static analyzers—offering a different perspective that catches bugs, security vulnerabilities, logic errors, and edge cases. Context-aware analysis via AST pa…
productivitysecurityai
Crowdstrike Falcon Foundry
CrowdStrike Falcon Foundry development skills for building cybersecurity applications on the Falcon platform. Includes UI development, collections, functions, workflows, API integration, security patterns, and debugging workflows.
securityapi
Jfrog
Use the JFrog Platform from Claude Code: Artifactory repos and artifacts, security findings and exposures, Catalog package safety and downloads, workflows across the SDLC, and platform administration.
security
Miro
Secure access to Miro boards. Enables AI to read board context, create diagrams, and generate code with enterprise-grade security.
designsecurityai
Pagerduty
Enhance code quality and security through PagerDuty risk scoring and incident correlation. Score pre-commit diffs against historical incident data and surface deployment risk before you ship.
monitoringsecuritydeploymentai
Postman
Full API lifecycle management for Claude Code. Sync collections, generate client code, discover APIs, run tests, create mocks, publish docs, and audit security. Powered by the Postman MCP Server.
developmentsecurityapi
Semgrep
Semgrep catches security vulnerabilities in real-time and guides Claude to write secure code from the start.
security
Sonarqube
Automatically enforce SonarQube code quality and security in the agent coding loop — 7,000+ rules, secrets scanning, agentic analysis, and quality gates across 40+ languages. PostToolUse hooks run analysis after every file edit. Pre-tool secrets scanning prevents 450+ patterns f…
securityagent
Sonatype Guide
Sonatype Guide MCP server for software supply chain intelligence and dependency security. Analyze dependencies for vulnerabilities, get secure version recommendations, and check component quality metrics.
securityai
Sourcegraph
Code search and understanding across codebases. Search, read, and trace references across repositories; analyze refactor impact; investigate incidents via commit and diff search; run targeted security sweeps.
developmentsecurity
Vanta Mcp Plugin
The Vanta plugin connects Claude Code to Vanta's security and compliance platform through the Vanta MCP server. It combines Vanta's test-specific remediation intelligence with your local repository context to help you fix compliance failures faster.
securityai
Zscaler
Manage Zscaler cloud security platform including ZPA (private access), ZIA (internet access), ZDX (digital experience), ZCC (client connector), EASM (attack surface), and Z-Insights (analytics). Create and manage policies, troubleshoot connectivity, audit security configurations…
security
Access Control Auditor
Audit access control implementations
security
Api Fuzzer
Fuzz testing for APIs with malformed inputs, edge cases, and security vulnerability detection
testingsecurityapi
Api Security Scanner
Scan APIs for security vulnerabilities and OWASP API Top 10
api-developmentsecurityapi
Authentication Validator
Validate authentication implementations
security
Compliance Report Generator
Generate compliance reports
security
Container Security Scanner
Scan containers for vulnerabilities using Trivy, Snyk, and other security tools
devopssecurityai
Cors Policy Validator
Validate CORS policies
security
Cross Chain Bridge Monitor
Monitor cross-chain bridge activity, track transfers, analyze security, and detect bridge exploits
cryptosecurityai
Csrf Protection Validator
Validate CSRF protection
security
Data Privacy Scanner
Scan for data privacy issues
security
Database Security Scanner
Database plugin for database-security-scanner
databasesecurity
Dependency Checker
Check dependencies for known vulnerabilities, outdated packages, and license compliance
security
Encryption Tool
Encrypt and decrypt data with various algorithms
securitygo
Gdpr Compliance Scanner
Scan for GDPR compliance issues
security
Hipaa Compliance Checker
Check HIPAA compliance
security
Input Validation Scanner
Scan input validation practices
security
Owasp Compliance Checker
Check OWASP Top 10 compliance
security
Pci Dss Validator
Validate PCI DSS compliance
security
Penetration Tester
Automated penetration testing for web applications with OWASP Top 10 coverage
securitytestingrag
Code Cleanup
Comprehensive codebase cleanup across 11 quality dimensions — dead code, duplication, weak types, circular deps, defensive cruft, legacy code, AI slop, type consolidation, security, performance, and async patterns. Confidence scoring and build verification gates.
testingsecurityperformanceai
Secret Scanner
Scan codebase for exposed secrets, API keys, passwords, and sensitive credentials
securityapi
Severity1 Marketplace
Severity level classification and prompt improvement for marketplace plugins. Assigns severity ratings (S1-Critical through S4-Low) and enhances plugin prompts for clarity, safety, and effectiveness.
security
Security Agent
Security review subagent for code analysis
examplessecurityagent
Security Audit Reporter
Generate comprehensive security audit reports
security
Security Headers Analyzer
Analyze HTTP security headers
security
Security Incident Responder
Assist with security incident response
security
Security Misconfiguration Finder
Find security misconfigurations
security
Security Pro Pack
Professional security tools for Claude Code: vulnerability scanning, compliance, cryptography audit, container & API security
packagessecurityapiai
Security Test Scanner
Automated security vulnerability testing covering OWASP Top 10, SQL injection, XSS, CSRF, and authentication issues
testingsecurity
Session Security Checker
Check session security implementation
security
Soc2 Audit Helper
Assist with SOC2 audit preparation
security
Sql Injection Detector
Detect SQL injection vulnerabilities
security
Ssl Certificate Manager
Manage and monitor SSL/TLS certificates
security
Token Launch Tracker
Track new token launches, detect rugpulls, and analyze contract security for early-stage crypto projects
cryptosecurity
Vulnerability Scanner
Comprehensive vulnerability scanning for code, dependencies, and configurations with CVE detection
security
Xss Vulnerability Scanner
Scan for XSS vulnerabilities
security
Wallet Security Auditor
Crypto wallet security auditor for reviewing wallet implementations, key management, signing flows, and common vulnerability patterns.
cryptosecurity
Engineering Skills
36 engineering skills: architecture, frontend, backend, fullstack, QA, DevOps, security, AI/ML, data engineering, Playwright (9 sub-skills), self-improving agent, Stripe integration, TDD guide, tech stack evaluator, Google Workspace CLI, a11y audit (WCAG 2.2), Azure cloud archit…
developmentgoazuresecurity+2
Docker Development
Docker and container development — Dockerfile optimization, docker-compose orchestration, multi-stage builds, security hardening, and CI/CD container pipelines.
developmentdockersecurityai
Full Stack Orchestration
End-to-end feature orchestration with testing, security, performance, and deployment
workflowssecuritytestingperformance+1
Dependency Management
Dependency auditing, version management, and security vulnerability scanning
utilitiessecurity
Kubernetes Operations
Kubernetes manifest generation, networking configuration, security policies, observability setup, GitOps workflows, and auto-scaling
infrastructurekubernetessecurity
Comprehensive Review
Multi-perspective code analysis covering architecture, security, and best practices
qualitysecurity
Security Scanning
SAST analysis, dependency vulnerability scanning, OWASP Top 10 compliance, container security scanning, and automated security hardening
securityai
Security Compliance
SOC2, HIPAA, and GDPR compliance validation, secrets scanning, compliance checklists, and regulatory documentation
security
Backend Api Security
API security hardening, authentication implementation, authorization patterns, rate limiting, and input validation
securityapi
Frontend Mobile Security
XSS prevention, CSRF protection, content security policies, mobile app security, and secure storage patterns
securityrag
Reverse Engineering
Binary reverse engineering, malware analysis, firmware security, and software protection research for authorized security research, CTF competitions, and defensive security
security
Block No Verify
PreToolUse hook that prevents AI agents from using --no-verify, --no-gpg-sign, and other bypass flags that skip git hooks
securityaiagent
Pensive
Multi-discipline code review: architecture, bugs, APIs, blast radius analysis, security, tests, Makefiles, and NASA Power of 10 analysis
securityapi
Access Control Rbac
Role-based access control (RBAC) with permissions and policies. Use for admin dashboards, enterprise access, multi-tenant apps, fine-grained authorization, or encountering permission hierarchies, role inheritance, policy conflicts.
securityai
Api Authentication
Secure API authentication with JWT, OAuth 2.0, API keys. Use for authentication systems, third-party integrations, service-to-service communication, or encountering token management, security headers, auth flow errors.
authsecurityapi
Api Filtering Sorting
Builds flexible API filtering and sorting systems with query parameter parsing, validation, and security. Use when implementing search endpoints, building data grids, or creating dynamic query APIs.
apisecurity
Api Security Hardening
REST API security hardening with authentication, rate limiting, input validation, security headers. Use for production APIs, security audits, defense-in-depth, or encountering vulnerabilities, injection attacks, CORS issues.
apisecurityrest
Claude Code Bash Patterns
Claude Code Bash tool patterns with hooks, automation, git workflows. Use for PreToolUse hooks, command chaining, CLI orchestration, custom commands, or encountering bash permissions, command failures, security guards, hook configurations.
toolingsecurityautomationai
Cloudflare Turnstile
Cloudflare Turnstile CAPTCHA-alternative bot protection. Use for forms, login security, API protection, or encountering CSP errors, token validation failures, error codes 100*/300*/600*.
cloudflaresecurityapiai
Cloudflare Workers
Comprehensive Cloudflare Workers platform guide covering runtime APIs, testing (Vitest), CI/CD, observability, framework integration, performance, security, and migration. Use for Workers development, deployment, debugging, or optimization.
cloudflaresecuritytestingperformance+2
Csrf Protection
Implements CSRF protection using synchronizer tokens, double-submit cookies, and SameSite attributes. Use when securing web forms, protecting state-changing endpoints, or implementing defense-in-depth authentication.
security
Defense In Depth Validation
Validate at every layer data passes through to make bugs impossible. Use when invalid data causes failures deep in execution, requiring validation at multiple system layers.
securityai
Dependency Upgrade
Secure dependency upgrades with supply chain protection, cooldown periods, post-install script hardening, lockfile validation, and staged rollout across npm, Bun, pnpm, and Yarn. Use when upgrading dependencies, configuring security policies, or preventing supply chain attacks.
toolingsecurityai
Gemini Cli
Google Gemini CLI for second opinions, architectural advice, code reviews, security audits. Leverage 1M+ context for comprehensive codebase analysis via command-line tool.
aigosecurityrag
Github Project Automation
GitHub repository automation (CI/CD, issue templates, Dependabot, CodeQL). Use for project setup, Actions workflows, security scanning, or encountering YAML syntax, workflow configuration, template structure errors.
toolinggithubsecurityautomation
Multi Ai Consultant
Consult external AIs (Gemini 2.5 Pro, OpenAI Codex, Claude) for second opinions. Use for debugging failures, architectural decisions, security validation, or need fresh perspective with synthesis.
aisecurity
Security Headers Configuration
Configures HTTP security headers to protect against XSS, clickjacking, and MIME sniffing attacks. Use when hardening web applications, passing security audits, or implementing Content Security Policy.
securityai
Vulnerability Scanning
Implements automated security scanning for dependencies, code, and containers using tools like Trivy, Snyk, and npm audit. Use when setting up CI/CD security gates, conducting pre-deployment audits, or meeting compliance requirements.
securitydeploymentai
Wordpress Plugin Core
WordPress plugin development with hooks, security, REST API, custom post types. Use for plugin creation, $wpdb queries, Settings API, or encountering SQL injection, XSS, CSRF, nonce errors.
cmssecurityapirest
Xss Prevention
Prevents Cross-Site Scripting attacks through input sanitization, output encoding, and Content Security Policy. Use when handling user-generated content, implementing rich text editors, or securing web applications.
security
Fresh Eyes Review
Mandatory final sanity check before commits/PRs - catches security vulnerabilities, logic errors, and bugs that slip through tests
security

More plugins for security

Browse all security setups

Cross-reference with other workflows

Security for Code ReviewSecurity for TestingSecurity for Git WorkflowsSecurity for DocumentationSecurity for DebuggingSecurity for PerformanceSecurity for Deployment & CI/CDSecurity for DatabasesSecurity for API Development