ClaudeSkillCollection

# Security & Compliance Marketplace **Professional Security, Compliance, and Productivity Plugins for Claude Code** [](https://opensource.org/licenses/MIT) [](https://github.com/diegocconsolini/ClaudeSkillCollection/releases) [](https://github.com/diegocconsolini/ClaudeSkillCollection) [](https://github.com/diegocconsolini/ClaudeSkillCollection/wiki) [](https://github.com/diegocconsolini/ClaudeSkillCollection/wiki/Start-Here) A curated collection of production-ready security, compliance, and productivity plugins for Claude Code. Built on authoritative sources and rigorously tested with real-world data. ## 📚 Documentation Wiki **[→ Full Documentation Wiki (53 pages)](https://github.com/diegocconsolini/ClaudeSkillCollection/wiki)** | Category | Topics | |----------|--------| | Getting Started | Installation, First Session, Quick Reference | | Configuration | CLAUDE.md, Memory Architecture, Settings, Permissions | | MCP Servers | Transports, Scopes, Authentication, Troubleshooting | | Plugins | Lifecycle, Plugins vs MCP, Creating Plugins | | Context | What Consumes Context, Reduction Strategies, Subagent Delegation | | Sessions | Task-Based Config, When to Restart, Workflow Patterns | | Platforms | macOS, Linux, WSL2, Windows Native | | Examples | 14 copy-paste examples for CLAUDE.md, MCP, Workflows, Settings | --- ## 🚀 Quick Start ### Step 1: Add Marketplace (GitHub Repository) ```bash # IMPORTANT: Use GitHub repository format for remote updates /plugin marketplace add diegocconsolini/ClaudeSkillCollection ``` **⚠️ Critical:** Do NOT use local paths like `/path/to/ClaudeSkillCollection` as this prevents remote updates. Always use the GitHub format `owner/repo` for automatic updates. ### Step 2: Install Plugins ```bash # Install desired plugins from the marketplace /plugin install plugin-security-checker@security-compliance-marketplace /plugin install gdpr-auditor@security-compliance-marketplace /plugin install pdf-smart-extractor@security-compliance-marketplace ``` ### Step 3: Enable Plugins and Restart After installation: 1. **Enable plugins** via `/plugin` interface (plugins are disabled by default after first install) 2. **Restart Claude Code** to load the plugins properly ### Updating Plugins ```bash # To get updates from GitHub: /plugin # Navigate to plugin details and select "Update now" # If you installed with a local path and can't update: /plugin marketplace remove security-compliance-marketplace /plugin marketplace add diegocconsolini/ClaudeSkillCollection # Re-add using GitHub format ``` --- ## 📂 Plugin Categories ### 🔒 Security & Compliance (Authoritative Sources) Professional security and compliance plugins built from official regulatory texts, industry frameworks, and authoritative guidance. No hallucinated content - every template, requirement, and guideline is traceable to its source. **What makes these authoritative:** - **GDPR Auditor:** EUR-Lex official EU regulation texts, ICO guidance, EDPB guidelines - **Cybersecurity Policy Generator:** SANS Institute templates, CIS Controls v8 official framework - **Incident Response Playbook Creator:** NIST SP 800-61r3 (April 2025), CISA federal playbooks, GDPR Article 33/34, HIPAA Breach Notification Rule ### 📊 Productivity Tools (Smart Extraction with Persistent Caching) High-performance document extraction plugins that solve the "PDF/Excel/Word too large for LLM" problem through local extraction, semantic chunking, and intelligent caching. **How caching works (v2.0.0 - Unified System):** 1. **First extraction:** Processes document locally (PyMuPDF for PDF, openpyxl for Excel, python-docx for Word) 2. **Persistent cache:** Stores extracted content in `~/.claude-cache/{doc_type}/` with SHAKE256 hash keys (SHA-3 family) 3. **Subsequent queries:** Instant - uses cached extraction, no re-processing needed 4. **Token optimization:** 10-100x reduction by loading only relevant chunks, not entire documents 5. **Automatic migration:** Old caches (SHA-256) automatically migrate to new format (SHAKE256) All three extractors share unified caching: Local extraction → Semantic chunking → Persistent caching → Efficient querying **What's new in v2.0.0:** - Unified cache location: `~/.claude-cache/` (was `~/.claude-{type}-cache/`) - Modern hashing: SHAKE256 (was SHA-256) - Automatic migration from v1.x caches - Shared caching library for consistency - See `/shared/CACHE_STRATEGY.md` for details **⚠️ IMPORTANT: Cache Location Behavior** Extracted files are stored in **user cache directory**, NOT your working directory: **Cache locations by platform:** - **Linux/Mac:** `~/.claude-cache/{pdf,xlsx,docx}/{document_name}_{hash}/` - **Windows:** `C:\Users\{username}\.claude-cache\{pdf,xlsx,docx}\{document_name}_{hash}\` **Why cache directory instead of working directory?** - **Cross-project reuse:** Same document analyzed from different projects uses the same cache - **Persistent caching:** Extract once, query forever (even after closing Claude Code) - **Performance:** Subsequent queries are instant (no re-extraction) - **Disk space efficiency:** One extraction shared across all projects **Accessing cached content:** ```bash # List all cached documents python scripts/query_{pdf,xlsx,docx}.py list # Query specific document python scripts/query_pdf.py search {cache_key} "your search" # Copy cache to working directory (if needed) cp -r ~/.claude-cache/pdf/{cache_key}/* ./extracted/ ``` **Note:** Cache is local and not meant for version control. Keep original documents in your repo and let each developer extract locally (one-time operation). --- ## 🔒 Security & Compliance Plugins ### 1. Plugin Security Checker **Production Ready** • **v3.0.0** • **Plugin Vulnerability Scanner** Advanced security scanner for Claude Code plugins with 91 specialized pattern detection agents. Performs static code analysis to detect vulnerabilities, code obfuscation, hardcoded credentials, and security anti-patterns before you install untrusted plugins. **Technical Foundation:** - **IntelligentOrchestrator:** Consensus voting across 91 specialized agents - **AccuracyCache:** Bloom filter + Trie hybrid with zero false positives - **MITRE ATT&CK/ATLAS:** Framework mapping for attack technique identification - **Adaptive Learning:** Auto-evolving rules from validated detections - **Real-World Testing:** Successfully scanned 987 plugins from 15 marketplaces (100% scan success rate) **Key Features:** - **91 Specialized Agents** - 17 CRITICAL, 39 HIGH, 23 MEDIUM, 2 LOW severity patterns - **Consensus Voting** - Multiple agents vote on each detection with conflict resolution - **Dangerous Function Detection** - Python (eval, exec, os.system) and JavaScript (eval, innerHTML) - **Code Obfuscation Detection** - Base64 encoding, hex encoding, character obfuscation - **Credential Scanning** - Hardcoded API keys, passwords, cloud credentials, private keys - **Schema Validation** - Validates plugin.json structure and configurations - **CVE Mapping** - Links findings to CVE-2025-52882, CVE-2025-54794, CVE-2025-54795, CVE-2025-59828 - **OWASP API Top 10** - Mappings to API1 (BOLA), API2 (Auth), API7 (SSRF), API8 (Misconfig) - **Comprehensive Reporting** - JSON, Markdown, and HTML report generation **Real-World Results:** - Scanned 987 plugins across 15 marketplace repositories - CRITICAL Risk: 3 plugins (0.3%) - HIGH Risk: 1 plugin (0.1%) - LOW Risk: 982 plugins (99.5%) - Test Results: 29/29 tests passed (100%) - Memory Usage: ~17 MB (3.4% of 500MB budget) - Cache Throughput: 11,111 ops/sec **Use Cases:** - Pre-installation security scanning of Claude Code plugins - Vulnerability assessm