open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
Open-source Claude Code plugins for AI-assisted development, security, and planning
10 commits 2 branches 9 tags 122 MiB
  • JavaScript 67.8%
  • HTML 24%
  • CSS 2.9%
  • Shell 2.8%
  • TypeScript 2.3%
  • Other 0.2%
Find a file
Kjell Tore Guttormsen 708c898754 feat(llm-security): sandboxed remote cloning v5.1.0 
Harden git clone attack surface for remote scans with defense-in-depth:

Layer 1 (all platforms): 8 git config flags disable hooks, symlinks,
filter/smudge drivers, fsmonitor, local file protocol. 4 env vars
isolate from system/user git config and block interactive prompts.

Layer 2 (OS sandbox): macOS sandbox-exec and Linux bubblewrap (bwrap)
restrict file writes to only the specific temp directory. bwrap
probe-tests availability before use. Graceful fallback on Windows
and Ubuntu 24.04+ (git config hardening only).

Additional: post-clone 100MB size check, UUID-unique evidence filenames,
evidence file cleanup, cleanup guarantee in scan/plugin-audit commands.

32 new tests (1147 total).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-07 17:08:32 +02:00
.claude-plugin feat: initial open marketplace with llm-security, config-audit, ultraplan-local 2026-04-06 18:47:49 +02:00
plugins feat(llm-security): sandboxed remote cloning v5.1.0 2026-04-07 17:08:32 +02:00
.gitleaksignore feat: initial open marketplace with llm-security, config-audit, ultraplan-local 2026-04-06 18:47:49 +02:00
README.md docs: rename Ultraplan section to include Ultra Execute 2026-04-06 21:09:41 +02:00

README.md

ktg-plugin-marketplace

Open-source Claude Code plugins for AI-assisted development, security, and planning.

Built for my own Claude Code workflow and shared openly for anyone who finds them useful. Solo project — bug reports and feature requests are welcome, pull requests are not accepted.

Plugins

LLM Security v5.0.0

Security scanning, auditing, and threat modeling for agentic AI projects.

Built on OWASP LLM Top 10 (2025), OWASP Agentic AI Top 10, and the AI Agent Traps taxonomy (Google DeepMind, 2025). Three layers of protection:

  • Automated enforcement — 8 hooks that block dangerous operations in real time (prompt injection, secrets in code, destructive commands, supply chain guardrails)
  • Deterministic scanning — 15 Node.js scanners for byte-level analysis: Shannon entropy, Unicode codepoints, typosquatting detection, taint flow, DNS resolution, git forensics
  • Advisory analysis — 18 commands that scan, audit, and model threats with structured reports, letter grades, and actionable remediation

Key commands: /security posture, /security audit, /security scan, /security threat-model, /security plugin-audit

6 specialized agents · 15 scanners · 8 hooks · 13 knowledge docs

Full documentation

Config-Audit v3.0.1

Configuration intelligence for Claude Code — health checks, feature discovery, and auto-fix.

Claude Code reads instructions from 7+ file types across multiple scopes. This plugin tells you what's wrong, what's missing, and what's silently conflicting:

  • Health — 7 deterministic scanners verify correctness across every configuration file (broken imports, deprecated settings, conflicting rules, permission contradictions)
  • Opportunities — context-aware recommendations for Claude Code features you're not using
  • Action — auto-fix with mandatory backups, syntax validation, rollback support, and human-in-the-loop workflow

Key commands: /config-audit posture, /config-audit discover, /config-audit feature-gap, /config-audit fix

6 agents · 8 scanners · 15 commands · 482+ tests

Full documentation

Ultraplan Local and Ultra Execute Local v1.4.0

Deep implementation planning with specialized agent swarms and adversarial review, then autonomous execution with failure recovery.

Two commands, one pipeline: plan first, then execute. The plan is the contract between the two.

  • /ultraplan-local — Interview, 6-8 specialized agents explore the codebase in parallel, adversarial review by plan-critic and scope-guardian
  • /ultraexecute-local — Step-by-step implementation with git checkpoints, automatic failure recovery, and parallel session decomposition

Modes: default (interview + background), spec-driven, foreground, quick, decompose, export

13 specialized agents · 2 commands · No cloud dependency

Full documentation

AI Psychosis v1.0.0

Meta-awareness tools that counteract sycophancy, reinforcement loops, and compulsive AI interaction patterns.

AI assistants are structurally optimized to be agreeable. This creates reinforcement loops where productive collaboration is often a mirror showing you what you want to see. Research documents psychotic episodes triggered by sustained AI interaction in individuals with no prior psychiatric history.

  • Layer 1 — Behavioral instructions — SKILL.md rules that modify Claude's behavior: no unearned affirmations, mandatory risk identification, pattern naming
  • Layer 2 — Programmatic detection — 4 hooks that measure session duration, dependency language, rapid-fire bursts, edit ratios, and late-night usage with progressive alerts

Research-informed thresholds. Alerts are progressive and never blocking. Privacy-first: prompt text is never logged.

1 skill · 1 command · 4 hooks

Full documentation

Installation

claude plugin marketplace add https://git.fromaitochitta.com/open/ktg-plugin-marketplace.git

Then open Claude Code and type /plugin to browse and install plugins from the marketplace.

Compatibility

  • Claude Code CLI, desktop app, and IDE extensions
  • macOS, Linux, Windows
  • No external dependencies (all scanners and hooks are self-contained)

License

MIT