Releases · mp3wizard/claude-code-security-plugins

What's new

Added

OSV-Scanner — SCA/dependency vulnerability scanning via OSV.dev. Open-source, no telemetry, no API limits. (brew install osv-scanner)
mcp-scan (opt-in) — Detects MCP tool poisoning, prompt injection, rug pulls, cross-origin escalation. Requires user consent before each run — sends data to invariantlabs.ai API.
Semgrep p/typescript — TypeScript-specific SAST rules for .ts/.tsx projects
Semgrep p/secrets — Lightweight secret pattern matching, runs on all projects
Trivy supply chain warning — Pre-flight alerts if Trivy v0.69.4–v0.69.6 is installed (compromised versions per GHSA-69fq-xp46-6x23)

Changed

Semgrep now runs 4 configs (OWASP, Python, TypeScript, secrets) via $SG variable — eliminates repeated flags
Tools: 7 → 9
Pre-flight check covers osv-scanner and uvx

Prompt optimization

Added 2 tools + 2 Semgrep configs while keeping word growth to +13% (vs +31% naive). Optimization savings: ~157 words via $SG variable, report template compaction, and prose dedup.

Install

brew install osv-scanner   # new required tool
# mcp-scan runs via uvx — no install needed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Choose a tag to compare

Sorry, something went wrong.

Sorry, something went wrong.

Uh oh!

No results found

What's new

Added

Changed

Prompt optimization

Install

Uh oh!

Releases: mp3wizard/claude-code-security-plugins

v1.3.0 — OSV-Scanner, mcp-scan (opt-in), Semgrep TS/secrets, Trivy supply chain warning

What's new

Added

Changed

Prompt optimization

Install

Uh oh!