Skip to content

Add backend-security plugin (security category)#336

Open
Ghostfreak-cypher wants to merge 1 commit into
composio-community:masterfrom
Ghostfreak-cypher:add-backend-security-plugin
Open

Add backend-security plugin (security category)#336
Ghostfreak-cypher wants to merge 1 commit into
composio-community:masterfrom
Ghostfreak-cypher:add-backend-security-plugin

Conversation

@Ghostfreak-cypher

Copy link
Copy Markdown

What this adds

A new backend-security plugin under the security category — a defensive backend security toolkit for Claude Code.

What it does

  • Audit — full-codebase security review mapping untrusted input → dangerous sinks (SQL/NoSQL/command injection, SSRF, IDOR, auth, secrets, deserialization, uploads, and more), with a severity-ranked report and ready-to-apply fixes.
  • Scan — dependency & config/supply-chain scanning (delegates to npm audit / pip-audit / osv-scanner / govulncheck, so CVE data stays current).
  • Guide — secure-coding guidance while writing auth, endpoints, queries, or uploads.
  • Harden — a phased zero→hardened roadmap with OWASP ASVS 4.0 exit criteria.

Details

  • Stack-aware (auto-detects Node/Python/Go/Java/PHP/Ruby/.NET) with a deep-dive for Node.js/TypeScript.
  • Every reference file is anchored to OWASP Top 10 2021 / ASVS 4.0 / CWE so coverage is auditable.
  • Honest about limits: it states in-product that it is not a substitute for a professional pentest or compliance program.
  • Benchmarked against OWASP NodeGoat (12/12 documented vulnerability classes after one fix-and-rerun loop, 0 false positives) — with an explicit training-data-contamination caveat.

Follows the existing marketplace conventions: plugin vendored at repo root with .claude-plugin/plugin.json + skills/, and a single catalog entry appended to marketplace.json (security category). Both JSON files validated.

Source & full docs: https://github.com/Ghostfreak-cypher/backend-security-skill · MIT licensed.

A defensive backend security plugin: full-codebase audits, dependency/config
scanning, secure-coding guidance, and a phased zero-to-hardened roadmap.
Stack-aware with a Node/TS deep-dive; anchored to OWASP Top 10 2021 and ASVS 4.0.
Source: https://github.com/Ghostfreak-cypher/backend-security-skill
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant