ayalaphiscan/web-security-guard

4 stars · Last commit 2026-06-12

Security plugin for Claude Code: 6 skills + 2 commands for hardening, secure auth (2FA/passkeys), payment privacy, WAF defense agent, 4-layer Fortress architecture and GitHub security workflows.

PluginWorkflow & Automation TDD & Testing Documentation Design & UI DevOps & Infra Productivity AI & Prompting Data & ML Security

README preview

# Web Security Guard

[![Claude Code Plugin](https://img.shields.io/badge/Claude%20Code-plugin-d97757)](https://docs.claude.com/en/docs/claude-code)
[![Version](https://img.shields.io/badge/version-0.3.0-blue)](https://github.com/ayalaphiscan/web-security-guard/releases)
[![License: MIT](https://img.shields.io/badge/license-MIT-green)](LICENSE)
[![Built with Claude Fable 5](https://img.shields.io/badge/built%20with-Claude%20Fable%205-d97757)](https://claude.com/claude-code)

A security plugin for [Claude Code](https://docs.claude.com/en/docs/claude-code) and Claude Cowork that turns Claude into a security-aware engineer. It bundles 6 skills, 2 slash commands and ready-to-deploy infrastructure templates covering the full lifecycle: hardening, authentication, payments privacy, active defense, stealth architecture and CI security. All skills are **bilingual (English + Italiano)**.

```
/plugin marketplace add ayalaphiscan/web-security-guard
```

## What's inside

| Skill | What it does |
|---|---|
| `hardening-siti` | Applies security hardening whenever a site/app is built or reviewed: security headers, CSP, HTTPS, input validation, cookies, CORS, uploads, OWASP Top 10 |
| `autenticazione-sicura` | Secure auth flows: email verification codes, 2FA/TOTP, passkeys, password hashing, sessions, account recovery |
| `difesa-attacchi` | Installs a defense agent (WAF middleware for Express) that detects SQLi, XSS, path traversal, brute force and bots — with rate limiting, IP blocklist and a data-preserving lockdown mode |

View full repository on GitHub →