ktg-plugin-marketplace

Open-source Claude Code plugins for AI-assisted development, security, and planning.

Built for my own Claude Code workflow and shared openly for anyone who finds them useful. Solo project — bug reports and feature requests are welcome, pull requests are not accepted.

AI-generated code disclosure

All code in this marketplace is generated by Claude Code through a dialog-based process. I direct, review, test, and validate; Claude writes. Every commit reflects this — treat the plugins as AI-authored, human-curated.

Installation

claude plugin marketplace add https://git.fromaitochitta.com/open/ktg-plugin-marketplace.git

Then open Claude Code and type /plugin to browse and install plugins from the marketplace.

Compatibility

• Claude Code CLI, desktop app, and IDE extensions
• macOS, Linux, Windows
• No external dependencies (all scanners and hooks are self-contained)

---

Plugins

LLM Security v7.3.1

Security scanning, auditing, and threat modeling for agentic AI projects.

Built on OWASP LLM Top 10 (2025), OWASP Agentic AI Top 10, and the AI Agent Traps taxonomy (Google DeepMind, 2025). Three layers of protection:

• Automated enforcement — 9 hooks that block dangerous operations in real time (prompt injection, secrets in code, destructive commands, supply chain guardrails, transcript scanning before context compaction)
• Deterministic scanning — 23 Node.js scanners (10 orchestrated + 13 standalone) for byte-level analysis: Shannon entropy, Unicode codepoints, typosquatting detection, taint flow, DNS resolution, git forensics, AI-BOM, attack simulation, IDE extension prescan (VS Code + JetBrains — URL fetch from Marketplace / OpenVSX / direct VSIX / JetBrains Marketplace, hardened ZIP extractor for zip-slip / symlinks / bombs, plus OS sandbox via sandbox-exec / bwrap so the kernel enforces FS confinement), MCP cumulative-drift baseline reset (E14 — sticky baseline catches slow-burn rug-pulls). Bash-normalize T1-T6 for obfuscation-resistant denylists
• Advisory analysis — 20 commands that scan, audit, and model threats with structured reports, letter grades, and actionable remediation
• Enterprise governance — Compliance mapping (EU AI Act, NIST AI RMF, ISO 42001), SARIF 2.1.0 output, structured audit trail, policy-as-code, standalone CLI
• v8.0.0 env-var deprecation runway (D3, v7.3.0) — Hook configuration has historically been split between process env-vars and the team-distributable .llm-security/policy.json file. Until v7.3.0 the two surfaces could disagree silently. The new getPolicyValueWithEnvWarn() helper in scanners/lib/policy-loader.mjs now emits a one-time-per-process stderr line whenever both surfaces are explicitly set:
  • Affected pairs: LLM_SECURITY_INJECTION_MODE↔injection.mode, LLM_SECURITY_TRIFECTA_MODE↔trifecta.mode, LLM_SECURITY_ESCALATION_WINDOW↔trifecta.escalation_window (new key in DEFAULT_POLICY), LLM_SECURITY_AUDIT_LOG↔audit.log_path
  • Env still wins through the v7.x window — no behaviour change today, only a runway signal
  • Suppress headless-log noise with LLM_SECURITY_DEPRECATION_QUIET=1
  • Teams should converge on policy.json for distributable configuration before v8.0.0 removes the env-var path
• Opus 4.7 aligned — Agent instructions rewritten for literal instruction-following (system card §6.3.1.1), defense-in-depth posture per §5.2.1, production hardening guide

Key commands: /security posture, /security audit, /security scan, /security ide-scan, /security threat-model, /security plugin-audit

6 specialized agents · 23 scanners · 9 hooks · 20 knowledge docs · 1768 tests

→ Full documentation

---

Config-Audit v5.0.0

Configuration intelligence for Claude Code — health checks, feature discovery, auto-fix, active-config inventory, and reality-based Opus-4.7 token analysis.

Claude Code reads instructions from 7+ file types across multiple scopes. This plugin tells you what's wrong, what's missing, what's silently conflicting, what's actually loaded, and where you're burning tokens unnecessarily:

• Health — 12 deterministic scanners verify correctness across every configuration file (broken imports, deprecated settings, conflicting rules, permission contradictions, Opus-4.7-era token waste, cache-prefix instability, dead tool grants, cross-plugin skill collisions)
• Opportunities — context-aware recommendations for Claude Code features you're not using
• Action — auto-fix with mandatory backups, syntax validation, rollback support, and human-in-the-loop workflow
• What's active — read-only inventory of plugins, skills, MCP servers, hooks, and CLAUDE.md cascade for a repo, with token estimates
• Token hotspots — /config-audit tokens ranks files by estimated waste across 6 Opus-4.7 patterns (cache-breaking volatile content, redundant tool permissions, deep import chains, oversized cascades, bloated SKILL.md descriptions, MCP tool-schema budget). Optional --accurate-tokens calibrates against Anthropic's count_tokens API.
• System-prompt manifest — /config-audit manifest ranks every token source (CLAUDE.md cascade, plugins, skills, MCP servers, hooks) by estimated tokens

Key commands: /config-audit posture, /config-audit feature-gap, /config-audit fix, /config-audit whats-active, /config-audit tokens, /config-audit manifest

6 agents · 12 scanners · 18 commands · 635+ tests

→ Full documentation

---

Ultra {brief | research | plan | execute} - local v3.1.0

Deep requirements gathering, research, implementation planning, and self-verifying execution with specialized agent swarms, adversarial review, and failure recovery.

Four commands, one pipeline with clear division of labor:

• /ultrabrief-local — Capture intent. Dynamic, quality-gated interview: a section-driven completeness loop (Phase 3) followed by a brief-reviewer stop-gate (Phase 4, max 3 review iterations). Required sections must reach an initial-signal gate AND pass review across completeness, consistency, testability, scope clarity, and research-plan validity before brief.md is written. Identifies research topics with copy-paste-ready /ultraresearch-local commands. Optional auto-orchestration runs research + planning in foreground. Always interactive.
• /ultraresearch-local — Gather context. Deep multi-source research with triangulation: 5 local agents + 4 external agents + Gemini bridge, producing structured briefs with confidence ratings. Makes no build decisions.
• /ultraplan-local — Transform intent into an executable contract. Per-step YAML manifests (expected_paths, commit_message_pattern, bash_syntax_check). Plan-critic is a hard gate on manifest quality. Requires a task brief as input (--brief or --project). Auto-discovers architecture/overview.md when the optional ultra-cc-architect plugin is installed and cross-references its cc_features_proposed against exploration findings.
• /ultraexecute-local — Execute the contract disciplined. Manifest-based verification, independent Phase 7.5 audit from git log + filesystem (ignores agent bookkeeping), Phase 7.6 bounded recovery dispatch for missing steps. Step 0 pre-flight catches sandbox push-denial before any work. --validate mode offers a fast schema-only sanity-check between planning and execution.

All artifacts land in one project directory: .claude/projects/{YYYY-MM-DD}-{slug}/ contains brief.md, research/NN-*.md, plan.md, sessions/, and progress.json. --project <dir> works across /ultraresearch-local, /ultraplan-local, and /ultraexecute-local.

v3.0.0 extracts the Claude-Code-specific architecture phase to a separate plugin (ultra-cc-architect, see below). The planning pipeline now stays technology-agnostic; CC-feature matching becomes opt-in. The plan command still auto-discovers architecture/overview.md if the new plugin is installed — the contract is filesystem-level, not code-level. Non-breaking for users of brief/research/plan/execute. See plugins/ultraplan-local/CHANGELOG.md for migration steps.

v2.4.0 (breaking, default behavior) removes background mode. The commands now run foreground in the main context because the harness does not expose the Agent tool to sub-agents — background orchestrators silently degraded the swarm to inline reasoning without external research tools. The --fg flag is preserved as a no-op alias for backward compatibility. Source: github.com/anthropics/claude-code/issues/19077.

v2.1 (non-breaking) replaced the hardcoded Q1–Q8 interview with a dynamic, quality-gated loop; brief-reviewer emits machine-readable per-dimension JSON scores so /ultrabrief-local can use it as an internal stop-gate. v2.0 (breaking) extracted the interview from planning: briefs are reviewable artifacts that downstream agents (brief-reviewer, plan-critic, scope-guardian) validate independently. /ultraplan-local requires --brief or --project. See plugins/ultraplan-local/MIGRATION.md.

v1.7 self-verifying chain (preserved): a step may not be marked completed unless its manifest verifies. v1.8 Opus 4.7 literalism fixes (preserved): literal Step+Manifest template, forbidden narrative headers, schema self-check.

v3.1.0 (in progress) adds a lib/-tree of zero-dep validators (brief-validator, research-validator, plan-validator, progress-validator, architecture-discovery) wired into the four commands as CLI shims, plus 109 node:test cases and a doc-consistency invariant test. The Phase 5.5 schema self-check now runs as node lib/validators/plan-validator.mjs --strict instead of three grep -cE calls — same checks, single source of truth, machine-readable error codes. Architecture discovery treats the ultra-cc-architect contract as drift-WARN, never drift-FAIL. Forking the plugin? npm test is the readiness gate.

v3.1.0 also adds: docs/HANDOVER-CONTRACTS.md as the single source of truth for the 5 pipeline handovers; PreCompact-hook (pre-compact-flush.mjs, CC v2.1.105+) that fixes the documented progress.json drift bug — --resume now works after long conversations; UserPromptSubmit-hook that sets session titles ultra:<command>:<slug> for headless multiplexing (CC v2.1.94+); PostToolUse-hook that captures Bash duration_ms per call (CC v2.1.97+); semantic plan-critic rubric that catches paraphrased deferred decisions ("implement as needed", "wire it up") instead of just exact-string blacklist; examples/01-add-verbose-flag/ showing a calibrated end-to-end pipeline run; SECURITY.md boilerplate; docs/architect-bridge-test.md smoke checklist.

Defense-in-depth security: plugin hooks block destructive commands and sensitive path writes, prompt-level denylist works in headless sessions, pre-execution plan scan catches dangerous commands before they run, scoped --allowedTools replaces --dangerously-skip-permissions in parallel sessions. Recommended hardening: disableSkillShellExecution: true for fork-ers handling untrusted plans (CC v2.1.91+).

Modes: default, brief-driven, project-scoped, research-enriched, foreground, quick, decompose, export

19 specialized agents · 4 commands · 4 plugin hooks · No cloud dependency

→ Full documentation · Migration guide

---

Ultra CC Architect v0.1.0 🚧 pre-release

Match a task brief and research against available Claude Code features, with brief-anchored rationale and explicit coverage gaps. Extracted from ultraplan-local v2.4.0 in 2026-04-30.

Two commands, both Claude-Code-specific:

• /ultra-cc-architect-local — Reads brief.md + research/*.md (typically produced by ultraplan-local), consults the seeded cc-architect-catalog skill (hooks, subagents, skills, output styles, MCP, plan mode, worktrees, background agents), and produces architecture/overview.md with brief-anchored rationale plus architecture/gaps.md with issue-ready drafts for missing catalog entries. Hallucination gate (enforced by architecture-critic) blocks proposals for features not covered by the catalog.
• /ultra-skill-author-local (skill-factory Fase 1) — Generates one cc-architect-catalog draft skill from a curated local source file with IP-hygiene enforcement. Sequential pipeline: concept-extractor → skill-drafter → ip-hygiene-checker. Drafts land in skills/cc-architect-catalog/.drafts/ for manual review and mv promotion. Pure-Node n-gram containment scorer (scripts/ngram-overlap.mjs) enforces verdict bands; rejected drafts are deleted.

The plugin sits between /ultraresearch-local and /ultraplan-local in the typical workflow. ultraplan-local v3.0.0+ auto-discovers architecture/overview.md when present — install both plugins to keep the full pipeline (brief → research → architect → plan → execute) working.

Pre-release because: catalog is thin (11 seed skills across 8 features), decision-layer is intentionally empty, skill-factory has only Fase 1 (Fase 2/3 unbuilt), and feature-matcher falls back to a hardcoded list when the catalog is sparse. v1.0 ships when the catalog is dense enough that the fallback list can be removed.

Slug convention: <cc_feature>[-<qualifier>]-<layer>.md. Unqualified slugs are the canonical baseline per (feature, layer) pair; qualified slugs cover specific sub-patterns. feature-matcher prefers the unqualified baseline unless the brief justifies a variant. Slug collisions with approved skills are a hard error. skill-drafter warns before overwrite.

8 specialized agents · 2 commands · 1 skill (CC-feature catalog, 11 seeds) · 1 IP-hygiene script

→ Full documentation

---

AI Psychosis v1.0.0

Meta-awareness tools that counteract sycophancy, reinforcement loops, and compulsive AI interaction patterns.

AI assistants are structurally optimized to be agreeable. This creates reinforcement loops where productive collaboration is often a mirror showing you what you want to see. Research documents psychotic episodes triggered by sustained AI interaction in individuals with no prior psychiatric history.

• Layer 1 — Behavioral instructions — SKILL.md rules that modify Claude's behavior: no unearned affirmations, mandatory risk identification, pattern naming
• Layer 2 — Programmatic detection — 4 hooks that measure session duration, dependency language, rapid-fire bursts, edit ratios, and late-night usage with progressive alerts
• Layer 3 — Interaction reports — /interaction-report slash command for aggregated session statistics across configurable timeframes (weekly, monthly, all-time). Opt-in
• Layer 4 — Contemplative references — optional references to contemplative approaches when interaction flags are elevated. Opt-in

Research-informed thresholds. Alerts are progressive and never blocking. Privacy-first: prompt text is never logged. Layers 3 and 4 are off by default.

1 skill · 1 command · 4 hooks

→ Full documentation

---

Graceful Handoff v2.1.0

Auto-trigger session handoff at context threshold. Manual /graceful-handoff always works as backup. Built for Opus 4.7.

When you hit 60-70% context and have to start a new session, three things usually get rushed or forgotten: summarizing state, committing finished work, and writing a continuation prompt. v2.0 removed all three from the user's hands; v2.1 makes context detection model-aware so auto-trigger fires at the right moment on Opus 4.7's 1M window.

• Auto-trigger via Stop hook — at estimated ≥70% context, writes artifact + commits (push remains user-triggered: irreversible operations stay manual)
• Model-aware context detection (v2.1) — 4-step fallback chain (used_percentage → payload-size → model-map → 1M default), so Opus 4.7 no longer fires 5–7× too early
• statusLine hint — display-only warning at 60% and urgent reminder at 70% (never runs git, safe per research)
• SessionStart auto-load — on --resume / compact, handoff content is injected into the new session via additionalContext; no manual cat needed
• Skill-architecture — disable-model-invocation: true so Claude can't autonomously invoke the side-effect-bearing flow; user triggers manually or hooks call the pipeline directly
• Deterministic JSON pipeline — scripts/handoff-pipeline.mjs returns structured JSON; tests run without LLM involvement
• Explicit staging — pipeline stages ONLY the artifact (never git add -A, regression-tested)
• No subagents, no web — under 60s budget; pinned to Sonnet 4.6 to free Opus for the next session

Key command: /graceful-handoff [topic-slug] [--no-commit] [--no-push] [--dry-run]

3 hooks · 1 skill · 1 pipeline · 57 tests · BREAKING from v1.0

→ Full documentation

---

MS AI Architect — Azure AI and Microsoft Foundry v1.8.0 🇳🇴 Norwegian

Microsoft AI solution architecture guidance for Norwegian public sector and enterprise.

Meet Cosmo Skyberg — a structured architect persona who understands the problem before recommending technology. Every recommendation is grounded in 387 reference documents and verified against live Microsoft Learn documentation via MCP:

• Structured advisory — 7-phase methodology from business need to architecture recommendation and optional diagram
• Regulatory assessments — ROS analysis (NS 5814), DPIA/PVK, security scoring (6×5), EU AI Act classification, cost estimation in NOK (P10/P50/P90)
• Norwegian public sector — Digdir architecture principles, Utredningsinstruksen, NSM, Schrems II data residency, EU AI Act compliance workflow
• Automated freshness — sitemap-based change detection polls Microsoft Learn weekly, flags which reference files need updating based on source page changes, and discovers new relevant pages

Key commands: /architect, /architect:ros, /architect:security, /architect:dpia, /architect:utredning, /architect:cost

12 specialized agents · 24 commands · 5 skills (387 reference docs) · 2 hooks · sitemap-based KB monitoring

→ Full documentation

---

LinkedIn Thought Leadership v1.2.0

Build authentic LinkedIn authority through algorithmic understanding, strategic consistency, and AI-assisted content creation.

Updated for the January 2026 360Brew algorithm change, which validates your creator profile before distributing content. v1.2.0 reduces friction: auto-clipboard on all content commands, max 2 interactive steps per post, deterministic state management, MCP image carousel pipeline, progressive onboarding, and iCal calendar integration for batch scheduling.

• Guided onboarding — /linkedin:onboarding walks new users through profile → setup → first post in one flow
• 360Brew profile optimization — audit your profile against LinkedIn's creator validation criteria
• Full content pipeline — ideation, drafting, publishing, 48-hour monitoring, and analytics
• Content Matrix System — 40+ post ideas from a single topic using 8 universal angles and 48 industry-specific variants
• Voice training — learns your authentic writing style and detects drift with 6-dimension scoring
• Analytics pipeline — import LinkedIn CSV exports, weekly/monthly reports, day-of-week heatmap
• Growth strategy — phase-specific guidance from foundation (0-1K followers) through authority (10K+)

Key commands: /linkedin:onboarding, /linkedin:post, /linkedin:quick, /linkedin:carousel, /linkedin:react, /linkedin:report

16 specialized agents · 27 commands · 6 skills · 9 hooks · 24 reference docs

→ Full documentation

---

OKR for Public Sector v1.3.0 🇳🇴 Norwegian

Turn strategy into measurable goals. An AI coach that learns your organization, tracks progress across cycles, and guides you from first OKR to organizational mastery.

Most OKR tools explain methodology. This plugin knows your organization. After a one-time onboarding conversation, it remembers your maturity level, strategic goals, current OKR, and cultural challenges. Every interaction builds on that knowledge — so you spend time on strategy, not re-explaining context.

• Strategy to OKR — transform goals from virksomhetsplan, tildelingsbrev, or any strategic document into well-structured OKR with guided writing, quality checks, and alignment scoring
• Gap analysis — /okr:gap compares your strategic documents against current OKR and shows what's covered, what's missing, and what to do about it
• Cross-cycle learning — /okr:analyse tracks score trends, recurring antipatterns, and alignment progress across cycles with visual charts
• Proactive coaching — automatically tells you where you are in the cycle and what to focus on — progress checks mid-cycle, retrospective prep near the end
• 19 antipattern detection — catches sandbagging, activity-disguised-as-KR, set-and-forget, and 16 more named failure modes before they take root
• Built for norsk offentlig sektor — 4-month tertials, DFO terminology, tillitsvalgt involvement, Riksrevisjon-ready documentation, governance chain from Stortingsmelding to team OKR

Key commands: /okr:skriv, /okr:kvalitet, /okr:gap, /okr:analyse, /okr:kaskade, /okr:sporing, /okr:governance, /okr:oppsett

7 agents · 10 commands · 4 hooks · 16 reference docs

→ Full documentation

---

License

MIT