stallion
SolidSecurity guardrails for Claude Code, MCP tools, and Claude cowork workflows. Local-first modular YARA-style guard packs for secrets, exfiltration, prompt injection, MCP abuse, and risky agent actions.
plugin
13 stars
1 forks Updated 1 months ago MIT
Install
Plugins install via a marketplace, in two steps.
This plugin isn't listed in a marketplace we've indexed. Install it directly from its GitHub repository — the README has the setup steps.
View on GitHubBundles
Everything this plugin ships — skills, agents, commands, hooks, and MCP servers it bundles.
Hooks (127)
abuse-chain-defense.sh agent-session-secret-guard.sh archive-and-upload-guard.sh artifact-poisoning-guard.sh audit-evasion-guard.sh binary-payload-guard.sh block-dangerous-commands.sh block-test-deletion.sh block-unsafe-git.sh browser-cookie-guard.sh browser-profile-export-guard.sh browser-remote-debug-guard.sh ci-artifact-secret-upload-guard.sh ci-secret-release-guard.sh ci-self-hosted-runner-guard.sh clipboard-exfiltration-guard.sh cloud-credential-assume-guard.sh cloud-key-creation-guard.sh cloud-metadata-guard.sh cluster-admin-binding-guard.sh config-secret-inline-guard.sh config-tamper-guard.sh container-escape-guard.sh container-socket-guard.sh context-chain-guard.sh credential-export-guard.sh credential-helper-downgrade-guard.sh dangerous-migration-guard.sh dependency-script-guard.sh desktop-credential-store-guard.sh devcontainer-trust-guard.sh dns-exfiltration-guard.sh docker-build-secret-leak-guard.sh env-sample-secret-guard.sh git-attributes-filter-guard.sh git-credential-store-guard.sh git-history-rewrite-guard.sh git-hook-persistence-guard.sh git-remote-rewire-guard.sh git-submodule-source-swap-guard.sh hooks.json hosts-file-tamper-guard.sh indirect-prompt-injection-guard.sh instruction-override-bridge-guard.sh instruction-source-dropper-guard.sh kube-exec-prod-guard.sh kube-secret-guard.sh kubectl-port-forward-prod-guard.sh lib local-ca-trust-guard.sh local-tunnel-guard.sh local-webhook-guard.sh log-poisoning-guard.sh mass-delete-guard.sh mcp-binary-dropper-guard.sh mcp-bulk-read-exfil-guard.sh mcp-egress-destination-class-guard.sh mcp-egress-policy-guard.sh mcp-egress-private-network-guard.sh mcp-install-source-allowlist.sh mcp-parameter-smuggling-guard.sh mcp-permission-guard.sh mcp-response-prompt-smuggling-guard.sh mcp-response-secret-leak-guard.sh mcp-response-shell-snippet-guard.sh mcp-response-suspicious-url-guard.sh mcp-secret-env-guard.sh mcp-server-command-chain-guard.sh mcp-tool-impersonation-guard.sh mcp-tool-schema-widening-guard.sh mcp-upstream-swap-guard.sh netrc-credential-guard.sh network-exfiltration.sh oauth-device-flow-guard.sh package-lock-source-swap-guard.sh package-manager-auth-inline-guard.sh package-publish-guard.sh plugin-exec-chain-guard.sh plugin-hook-origin-guard.sh plugin-manifest-guard.sh plugin-surface-expansion-guard.sh plugin-trust-boundary-tamper-guard.sh plugin-update-source-swap-guard.sh post-edit-quality-reminder.sh pre-push-scan.sh prod-db-dump-guard.sh prod-db-shell-guard.sh prod-target-guard.sh production-shell-guard.sh protect-secrets-read.sh protect-sensitive-files.sh protect-tests.sh public-artifact-secret-guard.sh registry-credential-guard.sh registry-target-guard.sh release-key-guard.sh remote-script-dropper-guard.sh repo-mass-harvest-guard.sh sandbox-escape-guard.sh sandbox-policy-tamper-guard.sh scheduled-task-persistence-guard.sh secret-diff-guard.sh secret-manager-abuse-guard.sh shell-profile-persistence-guard.sh sideloaded-extension-guard.sh signed-commit-bypass-guard.sh skill-exec-chain-guard.sh skill-install-source-guard.sh skill-multi-stage-dropper-guard.sh skill-trust-boundary-tamper-guard.sh ssh-agent-abuse-guard.sh ssh-authorized-keys-guard.sh ssh-config-include-guard.sh ssh-proxycommand-guard.sh ssh-trust-downgrade-guard.sh sudoers-tamper-guard.sh terraform-destroy-guard.sh terraform-provider-source-swap-guard.sh test-fixture-secret-guard.sh token-broker-guard.sh token-paste-guard.sh tool-capability-escalation-guard.sh tool-origin-guard.sh trusted-config-symlink-guard.sh tunnel-beacon-guard.sh unexpected-registry-login-guard.sh workspace-boundary-guard.sh
Quality Score: 71/100
Stars 20%
Recency 20%
Manifest 20%
Documentation 15%
Issue Health 10%
License 10%
Description 5%
Details
- Author
- efij
- Repository
- efij/secure-claude-code
- Created
- 2 months ago
- Last Updated
- 1 months ago
- Language
- Python
- License
- MIT