security-pro-pack
Professional security tools for Claude Code: vulnerability scanning, compliance, cryptography audit, container & API security
View on GitHubTable of content
Professional security tools for Claude Code: vulnerability scanning, compliance, cryptography audit, container & API security
Installation
npx claude-plugins install @jeremylongshore/claude-code-plugins-plus/security-pro-pack
Contents
Folders: docs, plugins, skills
Files: LICENSE, README.md
Documentation
Professional security tools for Claude Code developers
Version 1.0.0 | 10 Plugins | Security & Compliance Focus
Overview
The Security Pro Pack is a comprehensive collection of security-focused plugins for Claude Code, providing automated vulnerability scanning, compliance checking, cryptography review, and infrastructure security analysis.
Perfect for:
- Security engineers and DevSecOps teams
- Developers building secure applications
- Companies preparing for compliance audits (HIPAA, PCI DSS, GDPR, SOC 2)
- Organizations requiring security-first development practices
What’s Included
Core Security (3 plugins)
- Security Auditor Expert (Agent) - OWASP Top 10 vulnerability detection specialist
- Penetration Tester (Agent) - Ethical hacking and offensive security expert
- Security Scan Quick (Command,
/ss) - Fast automated security scanning (2-5 min)
Compliance (2 plugins)
- Compliance Checker (Agent) - Multi-framework regulatory compliance (HIPAA, PCI DSS, GDPR, SOC 2)
- Compliance Docs Generate (Command,
/cdg) - Automated compliance documentation generation
Cryptography (2 plugins)
- Crypto Expert (Agent) - Cryptographic implementation specialist (AES, RSA, bcrypt, Argon2)
- Crypto Audit (Command,
/ca) - Automated cryptographic code review
Infrastructure Security (3 plugins)
- Threat Modeler (Agent) - STRIDE threat modeling and architectural security
- Docker Security Scan (Command,
/dss) - Container vulnerability scanning - API Security Audit (Command,
/asa) - REST/GraphQL API security testing
Total: 5 AI agents + 5 commands = 10 professional security tools
Quick Start
# Install the pack
claude plugin install security-pro-pack
# Run your first security scan
/ss
# Scan a Docker container
/dss nginx:latest
# Audit an API
/asa https://api.example.com
# Get OWASP Top 10 analysis
# In Claude Code session:
"Please use Security Auditor Expert to review this authentication code"
See QUICK_START.md for detailed walkthrough
Key Features
Automated Security Scanning
- Detects hardcoded secrets (API keys, passwords, tokens)
- Identifies known CVEs in dependencies
- Finds security misconfigurations
- Reports severity-rated findings (Critical → Low)
- Provides actionable remediation steps
Compliance Made Easy
- Generate audit-ready documentation in minutes
- Multi-framework support (HIPAA, PCI DSS, GDPR, SOC 2)
- Gap analysis against compliance requirements
- Policy and procedure templates
- Risk assessment frameworks
Cryptography Security
- Reviews encryption implementations (AES, RSA, ECC)
- Validates password hashing (Argon2, bcrypt)
- Detects weak algorithms (MD5, SHA-1, DES)
- Checks for hardcoded keys and IV reuse
- TLS/SSL configuration analysis
Infrastructure Protection
- STRIDE threat modeling for architectural security
- Container security scanning (vulnerabilities, misconfigurations)
- Docker image hardening recommendations
- API security testing (OWASP API Top 10)
- Kubernetes pod security analysis
Real-World Value
Time Savings
- Quick Security Scan: 2-5 minutes (vs. 2-4 hours manual review)
- Compliance Documentation: 15-30 minutes (vs. 40-80 hours)
- Container Security: 5-10 minutes per image (vs. 1-2 hours)
- API Security Audit: 15-30 minutes (vs. 4-8 hours)
Total time saved: 40-80 hours per month
Cost Savings
- Replaces external security audit: $3,000-$5,000 per assessment
- Compliance consultant savings: $15,000-$25,000 per framework
- Prevents data breaches: Millions in potential losses
- Avoids regulatory fines: $50,000+ per HIPAA violation, €20M GDPR fine
Risk Reduction
- Identify vulnerabilities before attackers do
- Achieve compliance before audits
- Prevent data breaches and security incidents
- Protect customer data and company reputation
Who Should Use This
Security Engineers
- Automate security reviews
- Scale security across teams
- Implement security gates in CI/CD
- Perform threat modeling efficiently
Development Teams
- Shift security left (find issues early)
- Learn security best practices
- Meet compliance requirements
- Ship secure code faster
Compliance Officers
- Generate audit-ready documentation
- Track compliance gaps
- Prepare for regulatory audits
- Maintain compliance posture
DevOps Teams
- Secure container deployments
- Harden Kubernetes configurations
- Automate security scanning in pipelines
- Monitor infrastructure security
Documentation
- INSTALLATION.md - Complete installation guide
- QUICK_START.md - Get started in 10 minutes
- USE_CASES.md - 7 real-world scenarios
- TROUBLESHOOTING.md - Common issues and solutions
- README.md - This file
Requirements
- Claude Code (latest version)
- Optional: Docker (for container scanning)
- Optional: Python 3.8+ (for advan
…(truncated)
Included Skills
This plugin includes 1 skill definition:
performing-security-audits
|
View skill definition
Security Pro Pack
This skill provides automated assistance for security pro pack tasks.
Overview
This skill provides automated assistance for security pro pack tasks. This skill empowers Claude to perform in-depth security audits across various domains, from code vulnerability scanning to compliance verification and infrastructure security assessment. It utilizes the specialized tools within the security-pro-pack to provide a comprehensive security posture analysis.
How It Works
- Analysis Selection: Claude determines the appropriate security-pro-pack tool (e.g.,
Security Auditor Expert,Compliance Checker,Crypto Audit) based on the user’s request and the context of the code or system being analyzed. - Execution: Claude executes the selected tool, providing it with the relevant code, configuration files, or API endpoints.
- Reporting: Claude aggregates and presents the findings in a clear, actionable report, highlighting vulnerabilities, compliance issues, and potential security risks, along with suggested remediation steps.
When to Use This Skill
This skill activates when you need to:
- Assess the security of code for vulnerabilities like those in the OWASP Top 10.
- Evaluate compliance with standards such as HIPAA, PCI DSS, GDPR, or SOC 2.
- Review cryptographic implementations for weaknesses.
- Perform container security scans or API security audits.
Examples
Example 1: Vulnerability Assessment
User request: “Please perfor
…(truncated)