Summary

This repository provides a collection of AI-native application security (AppSec) skills designed for AI coding agents, specifically Claude Code. It aims to enhance the security analysis capabilities of AI agents by offering specialized tools for vulnerability detection, context building, and reporting, thereby streamlining the AppSec workflow for developers and security professionals.

How It Works

The project offers a plugin marketplace for Claude Code, allowing users to easily integrate a suite of AppSec skills. These skills leverage AI to analyze code, dependencies, and secrets, build repository context, and even perform dynamic validation against live applications. This approach integrates advanced security tooling directly into the AI coding environment, enabling proactive security assessments.

Quick Start & Requirements

• Primary install / run command:
  • claude plugin marketplace add ghostsecurity/skills
  • claude plugin install ghost@ghost-security
  • Alternatively, within Claude Code: /plugin marketplace add ghostsecurity/skills followed by /plugin install ghost@ghost-security.
• Non-default prerequisites and dependencies: Requires Claude Code.
• Estimated setup time or resource footprint: Installation is quick, but requires a restart of Claude Code for the plugin to load.
• Links: Comprehensive documentation, tutorials, and video guides are available at ghostsecurity.ai.

Highlighted Details

• ghost-repo-context: Builds shared repository context, including business criticality, sensitive data, and component maps.
• ghost-scan-deps: Performs exploitability analysis of dependency vulnerabilities (SCA).
• ghost-scan-secrets: Assesses detected secrets and credentials within the codebase.
• ghost-scan-code: Utilizes AI for detecting code security issues (SAST).
• ghost-validate: Dynamically validates findings against a live application (DAST).
• ghost-report: Generates a combined security report from all scan results.

Maintenance & Community

Contributions, feedback, feature requests, and issues should be opened via GitHub Issues, adhering to the project's Contributing guidelines and Code of Conduct.

Licensing & Compatibility

• License type: Apache License 2.0.
• Compatibility notes: The Apache License 2.0 is generally permissive and compatible with commercial use and closed-source linking.

Limitations & Caveats

Users must restart Claude Code after installing the plugin for it to become active.