ktg-plugin-marketplace/README.md

# ktg-plugin-marketplace

Open-source Claude Code plugins for AI-assisted development, security, and planning.

Built for my own Claude Code workflow and shared openly for anyone who finds them useful. Solo project — bug reports and feature requests are welcome, pull requests are not accepted.

---

## Plugins

### [LLM Security](plugins/llm-security/) `v5.1.0`

Security scanning, auditing, and threat modeling for agentic AI projects.

Built on OWASP LLM Top 10 (2025), OWASP Agentic AI Top 10, and the AI Agent Traps taxonomy (Google DeepMind, 2025). Three layers of protection:

- **Automated enforcement** — 8 hooks that block dangerous operations in real time (prompt injection, secrets in code, destructive commands, supply chain guardrails)
- **Deterministic scanning** — 15 Node.js scanners for byte-level analysis: Shannon entropy, Unicode codepoints, typosquatting detection, taint flow, DNS resolution, git forensics
- **Advisory analysis** — 18 commands that scan, audit, and model threats with structured reports, letter grades, and actionable remediation

Key commands: `/security posture`, `/security audit`, `/security scan`, `/security threat-model`, `/security plugin-audit`

6 specialized agents · 15 scanners · 8 hooks · 13 knowledge docs

→ [Full documentation](plugins/llm-security/README.md)

---

### [Config-Audit](plugins/config-audit/) `v3.0.1`

Configuration intelligence for Claude Code — health checks, feature discovery, and auto-fix.

Claude Code reads instructions from 7+ file types across multiple scopes. This plugin tells you what's wrong, what's missing, and what's silently conflicting:

- **Health** — 7 deterministic scanners verify correctness across every configuration file (broken imports, deprecated settings, conflicting rules, permission contradictions)
- **Opportunities** — context-aware recommendations for Claude Code features you're not using
- **Action** — auto-fix with mandatory backups, syntax validation, rollback support, and human-in-the-loop workflow

Key commands: `/config-audit posture`, `/config-audit discover`, `/config-audit feature-gap`, `/config-audit fix`

6 agents · 8 scanners · 15 commands · 482+ tests

→ [Full documentation](plugins/config-audit/README.md)

---

### [Ultra{research|plan|execute}-local](plugins/ultraplan-local/) `v1.6.0`

Deep research, implementation planning, and autonomous execution with specialized agent swarms, adversarial review, and failure recovery.

Three commands, one pipeline: research first, then plan, then execute.

- **`/ultraresearch-local`** — Deep multi-source research with triangulation: 5 local agents + 4 external agents + Gemini bridge, producing structured briefs with confidence ratings
- **`/ultraplan-local`** — Interview, 6-8 specialized agents explore the codebase in parallel, adversarial review by plan-critic and scope-guardian. Accepts research briefs via `--research`
- **`/ultraexecute-local`** — Step-by-step implementation with git checkpoints, automatic failure recovery, and parallel session decomposition

Defense-in-depth security: plugin hooks block destructive commands and sensitive path writes, prompt-level denylist works in headless sessions, pre-execution plan scan catches dangerous commands before they run, scoped `--allowedTools` replaces `--dangerously-skip-permissions` in parallel sessions.

Modes: default, spec-driven, research-enriched, foreground, quick, decompose, export

19 specialized agents · 3 commands · 2 security hooks · No cloud dependency

→ [Full documentation](plugins/ultraplan-local/README.md)

---

### [AI Psychosis](plugins/ai-psychosis/) `v1.0.0`

Meta-awareness tools that counteract sycophancy, reinforcement loops, and compulsive AI interaction patterns.

AI assistants are structurally optimized to be agreeable. This creates reinforcement loops where productive collaboration is often a mirror showing you what you want to see. Research documents psychotic episodes triggered by sustained AI interaction in individuals with no prior psychiatric history.

- **Layer 1 — Behavioral instructions** — SKILL.md rules that modify Claude's behavior: no unearned affirmations, mandatory risk identification, pattern naming
- **Layer 2 — Programmatic detection** — 4 hooks that measure session duration, dependency language, rapid-fire bursts, edit ratios, and late-night usage with progressive alerts
- **Layer 3 — Interaction reports** — `/interaction-report` slash command for aggregated session statistics across configurable timeframes (weekly, monthly, all-time). Opt-in
- **Layer 4 — Contemplative references** — optional references to contemplative approaches when interaction flags are elevated. Opt-in

Research-informed thresholds. Alerts are progressive and never blocking. Privacy-first: prompt text is never logged. Layers 3 and 4 are off by default.

1 skill · 1 command · 4 hooks

→ [Full documentation](plugins/ai-psychosis/README.md)

---

### [MS AI Architect — Azure AI and Microsoft Foundry](plugins/ms-ai-architect/) `v1.7.0` `🇳🇴 Norwegian`

Microsoft AI solution architecture guidance for Norwegian public sector and enterprise.

Meet Cosmo Skyberg — a structured architect persona who understands the problem before recommending technology. Every recommendation is grounded in 387 reference documents and verified against live Microsoft Learn documentation via MCP:

- **Structured advisory** — 7-phase methodology from business need to architecture recommendation and optional diagram
- **Regulatory assessments** — ROS analysis (NS 5814), DPIA/PVK, security scoring (6×5), EU AI Act classification, cost estimation in NOK (P10/P50/P90)
- **Norwegian public sector** — Digdir architecture principles, Utredningsinstruksen, NSM, Schrems II data residency, EU AI Act compliance workflow

Key commands: `/architect`, `/architect:ros`, `/architect:security`, `/architect:dpia`, `/architect:utredning`, `/architect:cost`

12 specialized agents · 24 commands · 5 skills (387 reference docs) · 2 hooks

→ [Full documentation](plugins/ms-ai-architect/README.md)

---

### [LinkedIn Thought Leadership](plugins/linkedin-thought-leadership/) `v1.1.0`

Build authentic LinkedIn authority through algorithmic understanding, strategic consistency, and AI-assisted content creation.

Updated for the January 2026 360Brew algorithm change, which validates your creator profile before distributing content. v1.1.0 adds guided onboarding, carousel posts, multi-URL comparison, voice drift scoring, industry-specific content angles, and month-over-month analytics.

- **Guided onboarding** — `/linkedin:onboarding` walks new users through profile → setup → first post in one flow
- **360Brew profile optimization** — audit your profile against LinkedIn's creator validation criteria
- **Full content pipeline** — ideation, drafting, publishing, 48-hour monitoring, and analytics
- **Content Matrix System** — 40+ post ideas from a single topic using 8 universal angles and 48 industry-specific variants
- **Voice training** — learns your authentic writing style and detects drift with 6-dimension scoring
- **Analytics pipeline** — import LinkedIn CSV exports, weekly/monthly reports, day-of-week heatmap
- **Growth strategy** — phase-specific guidance from foundation (0-1K followers) through authority (10K+)

Key commands: `/linkedin:onboarding`, `/linkedin:post`, `/linkedin:quick`, `/linkedin:carousel`, `/linkedin:react`, `/linkedin:report`

16 specialized agents · 27 commands · 6 skills · 9 hooks · 24 reference docs

→ [Full documentation](plugins/linkedin-thought-leadership/README.md)

---

### [OKR for Public Sector](plugins/okr/) `v1.1.0` `🇳🇴 Norwegian`

Your AI-powered OKR coach for Norwegian public sector — not just methodology, but a partner that learns your organization.

Generic OKR assumes quarterly cycles, bonus-linked performance, and flat org charts. Norwegian government operates on 4-month tertials, tildelingsbrev mandates, and a six-level governance chain: Stortingsmelding → departementsstrategi → tildelingsbrev → etatsstrategi → divisjon → team OKR. v1.1 transforms the plugin from a methodology library into a personalized coach with persistent organizational context.

- **Deep onboarding** — 28-question interview across 6 phases (or 6-question MVP for quick start) builds a persistent organizational profile. Every command adapts automatically.
- **Persistent context** — store tildelingsbrev, org-OKR, and cycle data in `.claude/okr/`. Commands auto-read relevant files instead of asking you to paste.
- **Tildelingsbrev analysis** — Opus-powered agent classifies each requirement as Committed OKR, Aspirational OKR, KPI-only, or ignore. Auto-reads stored documents.
- **Antipattern detection** — 19 named failure modes (sandbagging, quarterly theater, goalpost moving, OKR-shaming) across formuleringsfeil, prosessfeil, kulturfeil, strukturfeil, ledelsesfeil
- **Cycle archival** — end-of-cycle workflow generates retrospective with scoring analysis, archives to historikk, and rolls forward to next cycle
- **CFR facilitation** — Conversations, Feedback, Recognition methodology where public sector's no-bonus structure becomes an advantage

Key commands: `/okr:oppsett`, `/okr:skriv`, `/okr:kvalitet`, `/okr:governance`, `/okr:kaskade`, `/okr:sporing`

5 specialized agents · 8 commands · 3 hooks · 16 reference docs

→ [Full documentation](plugins/okr/README.md)

---

## Installation

```bash
claude plugin marketplace add https://git.fromaitochitta.com/open/ktg-plugin-marketplace.git
```

Then open Claude Code and type `/plugin` to browse and install plugins from the marketplace.

## Compatibility

- Claude Code CLI, desktop app, and IDE extensions
- macOS, Linux, Windows
- No external dependencies (all scanners and hooks are self-contained)

## License

MIT