# ktg-plugin-marketplace Open-source Claude Code plugins for AI-assisted development, security, and planning. Built for my own Claude Code workflow and shared openly for anyone who finds them useful. Solo project — bug reports and feature requests are welcome, pull requests are not accepted. --- ## Plugins ### [LLM Security](plugins/llm-security/) `v5.1.0` Security scanning, auditing, and threat modeling for agentic AI projects. Built on OWASP LLM Top 10 (2025), OWASP Agentic AI Top 10, and the AI Agent Traps taxonomy (Google DeepMind, 2025). Three layers of protection: - **Automated enforcement** — 8 hooks that block dangerous operations in real time (prompt injection, secrets in code, destructive commands, supply chain guardrails) - **Deterministic scanning** — 15 Node.js scanners for byte-level analysis: Shannon entropy, Unicode codepoints, typosquatting detection, taint flow, DNS resolution, git forensics - **Advisory analysis** — 18 commands that scan, audit, and model threats with structured reports, letter grades, and actionable remediation Key commands: `/security posture`, `/security audit`, `/security scan`, `/security threat-model`, `/security plugin-audit` 6 specialized agents · 15 scanners · 8 hooks · 13 knowledge docs → [Full documentation](plugins/llm-security/README.md) --- ### [Config-Audit](plugins/config-audit/) `v3.0.1` Configuration intelligence for Claude Code — health checks, feature discovery, and auto-fix. Claude Code reads instructions from 7+ file types across multiple scopes. This plugin tells you what's wrong, what's missing, and what's silently conflicting: - **Health** — 7 deterministic scanners verify correctness across every configuration file (broken imports, deprecated settings, conflicting rules, permission contradictions) - **Opportunities** — context-aware recommendations for Claude Code features you're not using - **Action** — auto-fix with mandatory backups, syntax validation, rollback support, and human-in-the-loop workflow Key commands: `/config-audit posture`, `/config-audit discover`, `/config-audit feature-gap`, `/config-audit fix` 6 agents · 8 scanners · 15 commands · 482+ tests → [Full documentation](plugins/config-audit/README.md) --- ### [Ultraplan Local and Ultra Execute Local](plugins/ultraplan-local/) `v1.4.0` Deep implementation planning with specialized agent swarms and adversarial review, then autonomous execution with failure recovery. Two commands, one pipeline: plan first, then execute. The plan is the contract between the two. - **`/ultraplan-local`** — Interview, 6-8 specialized agents explore the codebase in parallel, adversarial review by plan-critic and scope-guardian - **`/ultraexecute-local`** — Step-by-step implementation with git checkpoints, automatic failure recovery, and parallel session decomposition Modes: default (interview + background), spec-driven, foreground, quick, decompose, export 13 specialized agents · 2 commands · No cloud dependency → [Full documentation](plugins/ultraplan-local/README.md) --- ### [AI Psychosis](plugins/ai-psychosis/) `v1.0.0` Meta-awareness tools that counteract sycophancy, reinforcement loops, and compulsive AI interaction patterns. AI assistants are structurally optimized to be agreeable. This creates reinforcement loops where productive collaboration is often a mirror showing you what you want to see. Research documents psychotic episodes triggered by sustained AI interaction in individuals with no prior psychiatric history. - **Layer 1 — Behavioral instructions** — SKILL.md rules that modify Claude's behavior: no unearned affirmations, mandatory risk identification, pattern naming - **Layer 2 — Programmatic detection** — 4 hooks that measure session duration, dependency language, rapid-fire bursts, edit ratios, and late-night usage with progressive alerts - **Layer 3 — Interaction reports** — `/interaction-report` slash command for aggregated session statistics across configurable timeframes (weekly, monthly, all-time). Opt-in - **Layer 4 — Contemplative references** — optional references to contemplative approaches when interaction flags are elevated. Opt-in Research-informed thresholds. Alerts are progressive and never blocking. Privacy-first: prompt text is never logged. Layers 3 and 4 are off by default. 1 skill · 1 command · 4 hooks → [Full documentation](plugins/ai-psychosis/README.md) --- ## Installation ```bash claude plugin marketplace add https://git.fromaitochitta.com/open/ktg-plugin-marketplace.git ``` Then open Claude Code and type `/plugin` to browse and install plugins from the marketplace. ## Compatibility - Claude Code CLI, desktop app, and IDE extensions - macOS, Linux, Windows - No external dependencies (all scanners and hooks are self-contained) ## License MIT