SecOpsAgentKit

An assortment of security operations skills for AI coding agents. A collaborative approach to shift-left security using Claude Code skills.

Overview

SecOpsAgentKit provides specialized Claude Code skills for security operations, covering:

• Application Security (AppSec): SAST/DAST, vulnerability analysis, secure code review
• DevSecOps: CI/CD security, infrastructure as code security, container scanning
• Secure SDLC: Threat modeling, security requirements, secure design patterns
• Compliance: Security auditing, policy enforcement, compliance frameworks
• Incident Response: Security event analysis, forensics, remediation workflows

Quick Start

/plugin marketplace add https://github.com/AgentSecOps/SecOpsAgentKit.git

Available Skills

Application Security (appsec/)

• api-mitmproxy - Interactive HTTPS proxy for API security testing with mitmproxy traffic interception and modification
• api-spectral - API specification linting and security validation using Spectral for OpenAPI and AsyncAPI
• dast-ffuf - Fast web fuzzer using ffuf for directory enumeration and parameter fuzzing
• dast-nuclei - Fast, template-based vulnerability scanning using ProjectDiscovery's Nuclei
• dast-zap - Dynamic application security testing using OWASP ZAP (Zed Attack Proxy)
• sast-bandit - Python security vulnerability detection using Bandit SAST with CWE and OWASP mappings
• sast-semgrep - Static application security testing using Semgrep for vulnerability detection
• sca-blackduck - Software Composition Analysis using Synopsys Black Duck for dependency vulnerabilities and license compliance

DevSecOps (devsecops/)

• container-grype - Container vulnerability scanning and dependency risk assessment using Grype with CVSS, EPSS, and CISA KEV prioritization
• container-hadolint - Dockerfile security linting and best practice validation using Hadolint
• iac-checkov - Infrastructure as Code security scanning using Checkov with 750+ built-in policies
• sca-trivy - Software Composition Analysis and container vulnerability scanning using Trivy for CVE detection
• secrets-gitleaks - Hardcoded secret detection and prevention in git repositories using Gitleaks
• vuln-defectdojo - Vulnerability management and findings aggregation using DefectDojo for deduplication, SLA tracking, and compliance reporting

Secure SDLC (secsdlc/)

• reviewdog - Automated code review and security linting integration for CI/CD pipelines using reviewdog
• sast-horusec - Multi-language static application security testing using Horusec (18+ languages, 20+ tools)
• sbom-syft - Software Bill of Materials (SBOM) generation using Syft for container images and filesystems

Compliance (compliance/)

• policy-opa - Policy-as-code enforcement and compliance validation using Open Policy Agent (OPA)

Threat Modeling (threatmodel/)

• pytm - Python-based threat modeling using pytm for STRIDE analysis and data flow diagrams

Incident Response (incident-response/)

• detection-sigma - Generic detection rule creation and management using Sigma (universal SIEM rule format)
• forensics-osquery - SQL-powered forensic investigation and system interrogation using osquery for endpoint analysis
• ir-velociraptor - Endpoint visibility and digital forensics using Velociraptor for incident response at scale

Offensive Security (offsec/)

• pentest-metasploit - Penetration testing framework using Metasploit for exploit development and vulnerability validation
• recon-nmap - Network reconnaissance and security auditing using Nmap for port scanning and service detection
• network-netcat - Network utility using Netcat for reading/writing data across TCP/UDP connections and port scanning
• ot-security-assessment - Operational Technology security assessment using Nmap and Metasploit for OT/ICS device discovery and vulnerability assessment
• analysis-tshark - Network protocol analyzer and packet capture tool using tshark for traffic analysis
• webapp-sqlmap - Automated SQL injection detection and exploitation using SQLMap for web application security testing
• webapp-nikto - Web server vulnerability scanner using Nikto for identifying security issues and misconfigurations
• crack-hashcat - Advanced password recovery and hash cracking using Hashcat supporting multiple algorithms
• privesc-linpeas - Linux privilege escalation enumeration and attack surface analysis using LinPEAS for post-exploitation privesc vector discovery

Security Frameworks

Skills in this repository reference industry-standard security frameworks:

• OWASP - Open Web Application Security Project
• CWE - Common Weakness Enumeration
• MITRE ATT&CK - Adversarial Tactics, Techniques & Common Knowledge
• NIST - National Institute of Standards and Technology
• SOC2 - Service Organization Control 2
• PCI-DSS - Payment Card Industry Data Security Standard
• GDPR - General Data Protection Regulation

Contributing

We welcome contributions! Please read CONTRIBUTE.md for:

• Skill creation guidelines
• Frontmatter standards
• Quality requirements
• Submission process

Contributing a New Skill

To kickstart a new skill for this repo:

1. Initialize: Create a new skill from the template

   ./scripts/init_skill.sh my-skill-name appsec
   

2. Develop: Fill in SKILL.md and add bundled resources

   • scripts/ - Executable security tools
   • references/ - Security framework documentation
   • assets/ - Templates and configurations

3. Validate: Run the validation script

   ./scripts/validate_skill.py skills/appsec/my-skill-name
   

4. Update Documentation:

   • Add your skill to the README.md (this file) under the appropriate category
   • Update .claude-plugin/marketplace.json with your skill path

5. Submit: Open a PR with the [skill] tag

See CONTRIBUTE.md for detailed guidelines including the exact format for README.md entries.

Skill Standards

All skills follow these requirements:

Required Frontmatter

---
name: skill-name                 # kebab-case identifier
description: >                   # Comprehensive description with use cases
  What the skill does and when to use it...
version: 0.1.0                   # Semantic versioning
maintainer: github-username      # Your GitHub username
category: appsec                 # Primary security domain
tags: [sast, owasp, security]   # Searchable tags
frameworks: [OWASP, CWE]        # Security frameworks referenced
---

Quality Standards

• Concise: Keep SKILL.md under 500 lines
• Tested: All scripts must be tested and working
• Secure: Include security considerations and safe defaults
• Documented: Clear instructions using imperative form
• Versioned: Follow semantic versioning (MAJOR.MINOR.PATCH)

Tools & Scripts

• scripts/init_skill.sh - Initialize a new skill from template
• scripts/validate_skill.py - Validate skill structure and frontmatter
• skills/_template/ - Base template for all new skills

Resources

• Claude Code Documentation
• Claude Code Skills Guide
• OWASP Top 10
• [CWE Top 25](https://