Plugins

Vuild LEARN 커리큘럼 스킬 29개 (개발환경 install + C1 VALUE ~ C8 비즈니스 확장). vuild.kr/learn 강의 흐름을 Claude 안에서 단계별로 안내합니다.

from secondsky/claude-skills

from bennoloeffler/maude-claude-vunds-plugins

Cloudflare WAF로 보호된 사이트에 PHP PEST + ChromeDriver(Remote Debugging Port) 방식으로 접속하여 브라우저 자동화 작업을 수행하는 스킬.

from parkerhancock/wahoolib

Collection of personal Claude Code skills for daily workflow automation

Security engineer — IAM, secrets, compliance, threat modeling

Full security audit — secrets, dependencies, IAM, auth, injection, XSS, HTTPS, rate limiting, public storage. Use when asked for "security audit", "check for vulnerabilities", "security review", or "are we secure".

Produce a hardening spec and implement it — auth patterns, security headers, rate limiting, input validation, secrets management, dependency hygiene. Use when asked to "harden this", "add security to this service", "what security do I need", or "secure this before launch".

Build IAM from scratch — roles, policies, service accounts with least privilege. Use when asked to "set up IAM", "create roles", "service accounts", or "access control".

Security reconnaissance — full inventory of secrets management, IAM, dependencies, auth, encryption, audit logging, and compliance gaps. Use when asked about "security posture", "how secure is this", or "security assessment".

Produce a threat model — assets, ranked threats, mitigations, accepted risks. Use when asked to "threat model this", "what could go wrong security-wise", "map our attack surface", or before designing any security-sensitive feature.

Warmly visitor intelligence - identified website visitors, account-level engagement, and credit balance

from wasp-lang/claude-plugins

Wallet-credential presentment via the Mandamus Digital-Credentials doorkeeper (Apple Wallet / Digital Credentials API / mdoc / EUDI) — the doorkeeper verifies the presentation (issuer-signed, holder-bound, aud/nonce-bound, unexpired) and issues scoped authority. Reading accepted types free; standard credential → passkey; high-assurance identity / age / KYC / government-ID or failed binding → passkey + iProov liveness; agent never holds the raw credential.

Microsoft Entra identity actions via the Mandamus Entra doorkeeper (directory reads free; MFA reset / privileged role grant → passkey + iProov liveness).

GitHub coding-agent actions via the Mandamus GitHub doorkeeper (protected-branch merges → passkey; force-push / CI-bypass / branch-protection / secrets → passkey + iProov liveness).

Link a payment key to an agent under a Mandamus merchant lock via the Mandamus Link doorkeeper, then pay against it. Reading the instrument free; payment to a known destination within threshold → passkey; new key / new destination / over-threshold → passkey + iProov liveness. Live-vs-sandbox is server-authoritative; the agent never sees the key.

Notion workspace actions via the Mandamus Notion doorkeeper — reads free; create/edit → passkey; delete a database / make a page public / bulk or protected-database writes → passkey + iProov liveness. The agent never holds the Notion token; every action is receipted.

Just-in-time, time-limited SaaS access via the Mandamus SaaS JIT control plane (AFPS) — production grant → passkey; privileged/admin or contained-token mode → passkey + iProov liveness; auto-revoked + reconciled, agent never holds the credential.

Salesforce actions via the Mandamus Salesforce doorkeeper (production writes + protected objects escalate to passkey + liveness).

Stripe actions via the Mandamus Stripe doorkeeper (passkey + iProov liveness for high-risk).

Intent-bound commerce via the Mandamus Verifiable-Intent doorkeeper — the agent presents a signed Verifiable-Intent mandate (merchant, amount ceiling, item, validity) and the doorkeeper verifies the order is inside that envelope under a merchant lock. Reads free; order within the mandate → passkey; over-threshold / new payee / missing-or-invalid mandate → passkey + iProov liveness; agent never holds a payment credential.

from ferni-ai/wave-orchestration

Recover product databases from defunct e-commerce sites via Wayback Machine, CommonCrawl, and Shopify CDN archaeology.

from seanedwards/ai-dotfiles

Installs the full Waza toolkit. Registers all eight skills under the waza namespace, callable as /waza:think, /waza:check, /waza:hunt, /waza:design, /waza:read, /waza:write, /waza:learn, and /waza:health. For one skill on Claude Code v2.1.143 or newer, use /plugin install waza-<name>@waza.

Reviews code diffs, PRs, issue queues, release readiness, commits, pushes, publishing, and project audits. Use when users ask in any language for code review, issue or PR triage, release gates, publishing follow-through, or project audits. Not for debugging root causes or prose review.

Produces distinctive, production-grade UI for pages, components, visual interfaces, typography, and screenshot-driven polish. Use when users ask in any language for UI, page, component, frontend, typography, screenshot-grounded visual polish, or complaints that a screen looks unclear, ugly, inconsistent, or visually wrong. Not for backend logic or data pipelines.

Runs a budget-aware agent-assisted engineering health audit for instruction/config drift, hooks/MCP, verifier surfaces, and AI maintainability. Use when users ask in any language to audit Claude, Codex, Pi, agent instructions, MCP or hooks, verifier coverage, or AI-maintainability drift. Not for debugging application code or reviewing PRs.