Security remediation + Anthropic marketplace compliance

15-fix security remediation from self-audit (SECURITY-AUDIT-2026-04-15.md):
- Remove WebFetch/WebSearch from allowed-tools (VULN-003/006)
- Add prompt injection defense to agent dispatch (VULN-001)
- Add per-agent tool restrictions for all 8 agents (VULN-010)
- Add .claude/ to file exclusion list (VULN-004)
- Add evidence redaction rules for secret masking (VULN-007)
- Add Step 2.5 agent result validation (VULN-013)
- Add integrity verification to install.sh (VULN-002)
- Fix permission path mismatch in settings (VULN-014)
- Remove nonexistent install.ps1 references (VULN-015)
- Correct OWASP 2025 references to 2021 (VULN-011/012)
- Remove unsubstantiated statistical claims (VULN-016/017)
- Harden .gitignore with cert/key patterns (VULN-019)

Marketplace compliance:
- Fix plugin.json author format (string → object)
- Add keywords and repository fields to plugin.json
- Add plugin installation method to README
- Align badges with actual capabilities (14 languages)

New files: CHANGELOG.md, checksums.sha256, CI/CD pipeline, issue templates

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: AgriciDaniel

.claude-plugin/plugin.json

@@ -1,8 +1,23 @@
 {
   "name": "cybersecurity",
   "version": "1.0.0",
-  "description": "AI-powered cybersecurity code review with 8 specialist agents, OWASP 2025, CWE Top 25, MITRE ATT&CK, and framework-aware false-positive suppression",
-  "author": "AgriciDaniel",
+  "description": "AI-powered cybersecurity code review with 8 specialist agents, OWASP Top 10:2021, CWE Top 25:2024, MITRE ATT&CK v15, and framework-aware false-positive suppression",
+  "author": {
+    "name": "AgriciDaniel"
+  },
   "license": "MIT",
-  "homepage": "https://github.com/AgriciDaniel/claude-cybersecurity"
+  "homepage": "https://github.com/AgriciDaniel/claude-cybersecurity",
+  "repository": "https://github.com/AgriciDaniel/claude-cybersecurity",
+  "keywords": [
+    "security",
+    "cybersecurity",
+    "code-review",
+    "owasp",
+    "cwe",
+    "vulnerability-scanner",
+    "secret-detection",
+    "sast",
+    "appsec",
+    "threat-modeling"
+  ]
 }

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,8 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Security Vulnerability
+    url: https://github.com/AgriciDaniel/claude-cybersecurity/security/advisories/new
+    about: Report security vulnerabilities privately
+  - name: Bug Report
+    url: https://github.com/AgriciDaniel/claude-cybersecurity/issues/new
+    about: Report detection accuracy issues or bugs

.github/workflows/ci.yml

@@ -0,0 +1,36 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Shellcheck
+        run: shellcheck install.sh uninstall.sh
+
+      - name: Validate Markdown
+        uses: DavidAnson/markdownlint-cli2-action@v19
+        with:
+          globs: 'skills/**/*.md'
+
+      - name: Verify checksums
+        run: |
+          if [ -f checksums.sha256 ]; then
+            sha256sum -c checksums.sha256
+          fi
+
+      - name: Cross-reference check
+        run: |
+          grep -oP 'references/[a-z-/]+\.md' skills/cybersecurity/SKILL.md | sort -u | while read ref; do
+            if [ ! -f "skills/cybersecurity/$ref" ]; then
+              echo "ERROR: $ref referenced in SKILL.md but does not exist"
+              exit 1
+            fi
+          done

.gitignore

@@ -15,6 +15,14 @@ desktop.ini
 .env.*
 !.env.example
 
+# Certificates and private keys
+*.pem
+*.key
+*.p12
+*.pfx
+*.jks
+*.crt
+
 # Python
 __pycache__/
 *.pyc

CHANGELOG.md

@@ -0,0 +1,34 @@
+# Changelog
+
+All notable changes to claude-cybersecurity will be documented in this file.
+
+## [Unreleased]
+### Security
+- Remove WebFetch/WebSearch phantom permissions (VULN-003, VULN-006)
+- Add prompt injection defense to agent dispatch (VULN-001)
+- Add .claude/ to file exclusion list (VULN-004)
+- Add integrity verification to install script (VULN-002)
+- Fix permission path mismatch in settings.local.json (VULN-014)
+- Add per-agent tool restrictions (VULN-010)
+- Add evidence redaction rules for secret masking (VULN-007)
+- Add agent failure handling with Step 2.5 validation (VULN-013)
+
+### Fixed
+- Correct OWASP Top 10 references from 2025 to 2021
+- Remove unsubstantiated statistical claims
+- Remove references to nonexistent install.ps1
+- Harden .gitignore with certificate/key patterns
+
+### Added
+- CI/CD pipeline with shellcheck, markdown linting, and checksum verification
+- checksums.sha256 for file integrity verification
+- CHANGELOG.md for release tracking
+
+## [1.0.0] - 2026-04-11
+### Added
+- Initial release
+- 8 parallel specialist agents with weighted scoring
+- 25 CWE categories, 11 language pattern files, 4 IaC pattern files
+- STRIDE threat modeling, MITRE ATT&CK v15 mapping
+- Framework-aware false-positive suppression (10 frameworks)
+- Compliance matrix (PCI DSS 4.0, HIPAA, SOC 2, GDPR, NIST 800-53)

README.md

@@ -7,38 +7,38 @@
   <img src="https://img.shields.io/badge/claude--code-skill-blueviolet" alt="Claude Code Skill">
   <img src="https://img.shields.io/badge/agents-8-00ff88" alt="8 Specialist Agents">
   <img src="https://img.shields.io/badge/CWE%20Top%2025-100%25-red" alt="CWE Top 25 Coverage">
-  <img src="https://img.shields.io/badge/OWASP-2025-orange" alt="OWASP 2025">
-  <img src="https://img.shields.io/badge/languages-11-blue" alt="11 Languages">
+  <img src="https://img.shields.io/badge/OWASP-2021-orange" alt="OWASP 2021">
+  <img src="https://img.shields.io/badge/languages-14-blue" alt="14 Languages">
 </p>
 
 ---
 
 **The most comprehensive AI-powered cybersecurity code review skill for Claude Code.** Spawns 8 parallel specialist agents to audit your codebase across vulnerability detection, authorization verification, secret scanning, supply chain analysis, IaC security, threat intelligence (malware/C2/backdoor detection), AI-generated code patterns, and business logic flaws.
 
-**Surpasses GitHub Advanced Security** by detecting what static tools architecturally cannot: missing security controls, business logic flaws, attack-path chaining, and obfuscated secrets — with zero configuration.
+**Complements GitHub Advanced Security** by detecting what static tools architecturally cannot: missing security controls, business logic flaws, attack-path chaining, and obfuscated secrets — with zero configuration.
 
 ---
 
 ## Installation
 
-### One-liner (recommended)
+### Manual (recommended)
 
 ```bash
-curl -fsSL https://raw.githubusercontent.com/AgriciDaniel/claude-cybersecurity/main/install.sh | bash
+git clone https://github.com/AgriciDaniel/claude-cybersecurity.git
+cd claude-cybersecurity
+bash install.sh
 ```
 
-### Manual
+### Plugin (Claude Code native)
 
 ```bash
-git clone https://github.com/AgriciDaniel/claude-cybersecurity.git
-cd claude-cybersecurity
-bash install.sh
+claude plugin install cybersecurity
 ```
 
-### Windows (PowerShell)
+### One-liner (convenience)
 
-```powershell
-irm https://raw.githubusercontent.com/AgriciDaniel/claude-cybersecurity/main/install.ps1 | iex
+```bash
+curl -fsSL https://raw.githubusercontent.com/AgriciDaniel/claude-cybersecurity/main/install.sh | bash
 ```
 
 ## Demo
@@ -79,10 +79,10 @@ https://youtu.be/aE295lLPO5A
 | Business logic flaw detection | No | Yes |
 | Authorization enforcement verification | Basic | Context-aware |
 | Race condition detection | Very limited | Concurrency pattern analysis |
-| Languages supported | 12 | 16+ (any language) |
+| Languages supported | 12 | 14 (pattern-based) + broader reasoning via LLM |
 | IaC/Container/CI-CD scanning | No | Terraform, Docker, K8s, Actions |
 | AI-generated code security | No | Specialized detection |
-| Obfuscated secret detection (84.4% recall) | Regex only | Semantic understanding |
+| Obfuscated secret detection | Regex only | Semantic context analysis |
 | Threat intelligence (malware/C2) | No | MITRE ATT&CK mapped |
 | Framework-aware false-positive suppression | No | 10 frameworks |
 | Cost | $49/committer/month | Free (with Claude Code) |
@@ -109,7 +109,7 @@ https://youtu.be/aE295lLPO5A
 
 ```
 skills/cybersecurity/
-├── SKILL.md                              (900 lines — orchestrator)
+├── SKILL.md                              (~990 lines — orchestrator)
 ├── references/
 │   ├── vulnerability-taxonomy.md         (25 CWE categories)
 │   ├── scoring-rubric.md                 (formula + confidence system)