SecOpsAgentKit
agent
Fail
Health Pass
- License — License: NOASSERTION
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Community trust — 107 GitHub stars
Code Fail
- fs module — File system access in skills/_template/assets/ci-config-template.yml
- process.env — Environment variable access in skills/_template/assets/rule-template.yaml
- Hardcoded secret — Potential hardcoded credential in skills/_template/assets/rule-template.yaml
- fs module — File system access in skills/appsec/api-mitmproxy/assets/ci-config-template.yml
- process.env — Environment variable access in skills/appsec/api-mitmproxy/assets/rule-template.yaml
- Hardcoded secret — Potential hardcoded credential in skills/appsec/api-mitmproxy/assets/rule-template.yaml
- fs module — File system access in skills/appsec/api-spectral/assets/ci-config-template.yml
- fs module — File system access in skills/appsec/api-spectral/assets/github-actions-template.yml
- process.env — Environment variable access in skills/appsec/api-spectral/assets/rule-template.yaml
- Hardcoded secret — Potential hardcoded credential in skills/appsec/api-spectral/assets/rule-template.yaml
- fs module — File system access in skills/appsec/dast-ffuf/assets/ci-config-template.yml
- process.env — Environment variable access in skills/appsec/dast-ffuf/assets/rule-template.yaml
- Hardcoded secret — Potential hardcoded credential in skills/appsec/dast-ffuf/assets/rule-template.yaml
Permissions Pass
- Permissions — No dangerous permissions requested
Purpose
This toolkit provides 25+ specialized security operations skills for AI coding agents, enabling automated vulnerability scanning, secret detection, container scanning, and policy enforcement during development.
Security Assessment
The tool extensively accesses the local file system to manage templates and CI/CD configurations. It also interacts with environment variables, likely to handle API keys and scanner configurations. The most critical finding is multiple failed checks for hardcoded credentials scattered throughout the rule templates (e.g., in the API fuzzing and MITM proxy modules). While no inherently dangerous permissions are explicitly requested, the tool is designed to integrate heavily with external security tools and infrastructure. Overall risk is rated as Medium due to the hardcoded secrets and template configurations that developers must review.
Quality Assessment
The project is actively maintained, with its most recent push occurring today. It has garnered 107 GitHub stars, indicating a fair level of community trust and early adoption. However, the repository lacks a clearly defined license (marked as NOASSERTION), which is a significant drawback for enterprise or open-source integration as it leaves usage rights legally ambiguous.
Verdict
Use with caution — the tool is active and useful for DevSecOps, but you must audit the template files for hardcoded credentials and clarify the missing software license before adopting it.
This toolkit provides 25+ specialized security operations skills for AI coding agents, enabling automated vulnerability scanning, secret detection, container scanning, and policy enforcement during development.
Security Assessment
The tool extensively accesses the local file system to manage templates and CI/CD configurations. It also interacts with environment variables, likely to handle API keys and scanner configurations. The most critical finding is multiple failed checks for hardcoded credentials scattered throughout the rule templates (e.g., in the API fuzzing and MITM proxy modules). While no inherently dangerous permissions are explicitly requested, the tool is designed to integrate heavily with external security tools and infrastructure. Overall risk is rated as Medium due to the hardcoded secrets and template configurations that developers must review.
Quality Assessment
The project is actively maintained, with its most recent push occurring today. It has garnered 107 GitHub stars, indicating a fair level of community trust and early adoption. However, the repository lacks a clearly defined license (marked as NOASSERTION), which is a significant drawback for enterprise or open-source integration as it leaves usage rights legally ambiguous.
Verdict
Use with caution — the tool is active and useful for DevSecOps, but you must audit the template files for hardcoded credentials and clarify the missing software license before adopting it.
Security operations toolkit for AI coding agents. Give Claude Code 25+ skills to catch vulnerabilities, scan containers, detect secrets, and enforce policies automatically.
README.md
SecOpsAgentKit
An assortment of security operations skills for AI coding agents. A collaborative approach to shift-left security using Claude Code skills.
Overview
SecOpsAgentKit provides specialized Claude Code skills for security operations, covering:
- Application Security (AppSec): SAST/DAST, vulnerability analysis, secure code review
- DevSecOps: CI/CD security, infrastructure as code security, container scanning
- Secure SDLC: Threat modeling, security requirements, secure design patterns
- Compliance: Security auditing, policy enforcement, compliance frameworks
- Incident Response: Security event analysis, forensics, remediation workflows
Quick Start
/plugin marketplace add https://github.com/AgentSecOps/SecOpsAgentKit.git
Available Skills
Application Security (appsec/)
- api-mitmproxy - Interactive HTTPS proxy for API security testing with mitmproxy traffic interception and modification
- api-spectral - API specification linting and security validation using Spectral for OpenAPI and AsyncAPI
- dast-ffuf - Fast web fuzzer using ffuf for directory enumeration and parameter fuzzing
- dast-nuclei - Fast, template-based vulnerability scanning using ProjectDiscovery's Nuclei
- dast-zap - Dynamic application security testing using OWASP ZAP (Zed Attack Proxy)
- sast-bandit - Python security vulnerability detection using Bandit SAST with CWE and OWASP mappings
- sast-semgrep - Static application security testing using Semgrep for vulnerability detection
- sca-blackduck - Software Composition Analysis using Synopsys Black Duck for dependency vulnerabilities and license compliance
DevSecOps (devsecops/)
- container-grype - Container vulnerability scanning and dependency risk assessment using Grype with CVSS, EPSS, and CISA KEV prioritization
- container-hadolint - Dockerfile security linting and best practice validation using Hadolint
- iac-checkov - Infrastructure as Code security scanning using Checkov with 750+ built-in policies
- sca-trivy - Software Composition Analysis and container vulnerability scanning using Trivy for CVE detection
- secrets-gitleaks - Hardcoded secret detection and prevention in git repositories using Gitleaks
Secure SDLC (secsdlc/)
- reviewdog - Automated code review and security linting integration for CI/CD pipelines using reviewdog
- sast-horusec - Multi-language static application security testing using Horusec (18+ languages, 20+ tools)
- sbom-syft - Software Bill of Materials (SBOM) generation using Syft for container images and filesystems
Compliance (compliance/)
- policy-opa - Policy-as-code enforcement and compliance validation using Open Policy Agent (OPA)
Threat Modeling (threatmodel/)
Incident Response (incident-response/)
- detection-sigma - Generic detection rule creation and management using Sigma (universal SIEM rule format)
- forensics-osquery - SQL-powered forensic investigation and system interrogation using osquery for endpoint analysis
- ir-velociraptor - Endpoint visibility and digital forensics using Velociraptor for incident response at scale
Offensive Security (offsec/)
- pentest-metasploit - Penetration testing framework using Metasploit for exploit development and vulnerability validation
- recon-nmap - Network reconnaissance and security auditing using Nmap for port scanning and service detection
- network-netcat - Network utility using Netcat for reading/writing data across TCP/UDP connections and port scanning
- ot-security-assessment - Operational Technology security assessment using Nmap and Metasploit for OT/ICS device discovery and vulnerability assessment
- analysis-tshark - Network protocol analyzer and packet capture tool using tshark for traffic analysis
- webapp-sqlmap - Automated SQL injection detection and exploitation using SQLMap for web application security testing
- webapp-nikto - Web server vulnerability scanner using Nikto for identifying security issues and misconfigurations
- crack-hashcat - Advanced password recovery and hash cracking using Hashcat supporting multiple algorithms
Security Frameworks
Skills in this repository reference industry-standard security frameworks:
- OWASP - Open Web Application Security Project
- CWE - Common Weakness Enumeration
- MITRE ATT&CK - Adversarial Tactics, Techniques & Common Knowledge
- NIST - National Institute of Standards and Technology
- SOC2 - Service Organization Control 2
- PCI-DSS - Payment Card Industry Data Security Standard
- GDPR - General Data Protection Regulation
Contributing
We welcome contributions! Please read CONTRIBUTE.md for:
- Skill creation guidelines
- Frontmatter standards
- Quality requirements
- Submission process
Contributing a New Skill
To kickstart a new skill for this repo:
Initialize: Create a new skill from the template
./scripts/init_skill.sh my-skill-name appsecDevelop: Fill in
SKILL.mdand add bundled resourcesscripts/- Executable security toolsreferences/- Security framework documentationassets/- Templates and configurations
Validate: Run the validation script
./scripts/validate_skill.py skills/appsec/my-skill-nameUpdate Documentation:
- Add your skill to the README.md (this file) under the appropriate category
- Update
.claude-plugin/marketplace.jsonwith your skill path
Submit: Open a PR with the
[skill]tag
See CONTRIBUTE.md for detailed guidelines including the exact format for README.md entries.
Skill Standards
All skills follow these requirements:
Required Frontmatter
---
name: skill-name # kebab-case identifier
description: > # Comprehensive description with use cases
What the skill does and when to use it...
version: 0.1.0 # Semantic versioning
maintainer: github-username # Your GitHub username
category: appsec # Primary security domain
tags: [sast, owasp, security] # Searchable tags
frameworks: [OWASP, CWE] # Security frameworks referenced
---
Quality Standards
- Concise: Keep SKILL.md under 500 lines
- Tested: All scripts must be tested and working
- Secure: Include security considerations and safe defaults
- Documented: Clear instructions using imperative form
- Versioned: Follow semantic versioning (MAJOR.MINOR.PATCH)
Tools & Scripts
scripts/init_skill.sh- Initialize a new skill from templatescripts/validate_skill.py- Validate skill structure and frontmatterskills/_template/- Base template for all new skills
Resources
License
This project uses dual licensing:
- Documentation (skills - markdown files): Creative Commons Attribution-ShareAlike 4.0 International (CC-BY-SA 4.0)
- Code (scripts, configurations): Dual-licensed under CC-BY-SA 4.0 and Mozilla Public License 2.0 (MPL 2.0)
This means:
- You can freely use, share, and adapt all content with attribution
- Skills must be shared under the same CC-BY-SA 4.0 license
- Code should be used under MPL 2.0
See LICENSE.md for full license texts and details.
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found