πŸ”Œ

defending-code

πŸ”ŒPlugin

air-gapped/skills

VibeIndex|
What it does
Security check pending

Security find-and-fix loop β€” adapted (Apache-2.0) from anthropics/defending-code-reference-harness and generalised to all vulnerability classes. Four read/write-only skills (no target-code execution): threat-model (bootstrap from code+CVEs+git-history, or interview an owner via Shostack's four questions, or both -> THREAT_MODEL.md), vuln-scan (static source review, parallel per-focus-area subagents -> VULN-FINDINGS.json), triage (adversarial N-vote verification, 16 false-positive exclusion rules, root-cause dedup, impact-on-asset x exploitability severity with stated deployment conditions, owner routing, checkpoint/resume -> TRIAGE.json), and patch (root-cause candidate diffs + independent reviewer, fix-first priority for deployment-conditional dangerous primitives, never auto-applied -> PATCHES/). The autonomous C/C++ + AddressSanitizer execution pipeline this was extracted from is referenced, not bundled (vuln-scan/HARNESS.md).

πŸͺ

Part of

air-gapped/skills

security

Installation

Add marketplace in Claude Code:
/plugin marketplace add air-gapped/skills
Step 2. Install plugin:
/plugin install defending-code@air-gapped-marketplace
0
-
AddedJul 16, 2026