Releases: alissonlinneker/shield-claude-skill
Releases · alissonlinneker/shield-claude-skill
Shield v0.3.1
Added
- C# Semgrep rules (
csharp.yaml) — 10 security rules covering SQL injection, command injection, XSS (Html.Raw), insecure deserialization (BinaryFormatter), hardcoded credentials, weak crypto (MD5/SHA1/DES), SSRF, open redirect, and missing HTTPS enforcement - jq validation in
check-prereqs.sh— now checks 16 tools - Maven and Gradle added to README prerequisites table
Fixed
- Rule count references corrected to 82 across 8 languages
- Package manager count corrected to 12 (includes Bun)
- Architecture section now lists all 12 scripts
- SKILL.md prerequisites now include jq, Trivy, and cargo-outdated
Stats
- 82 Semgrep rules across 8 languages (JS/TS, Python, PHP, Go, Ruby, Rust, Java, C#)
- 12 package managers supported
- 16 tool checks in prerequisites
- 191 unit tests passing
Full Changelog
Shield v0.3.0 — Full Multi-Ecosystem Support
What's New
Shield now supports 12 package managers across 7 languages with 72 Semgrep rules.
New Ecosystems
| Ecosystem | Vulnerability Audit | Outdated Check | SAST Rules |
|---|---|---|---|
| Go | govulncheck | go list -m -u | 10 rules |
| Ruby | bundle-audit | bundle outdated | 10 rules |
| Rust | cargo-audit | cargo-outdated | 8 rules |
| Java | OWASP dependency-check (Maven/Gradle) | mvn versions / gradle dependencyUpdates | 10 rules |
| C#/.NET | dotnet list --vulnerable | dotnet list --outdated | -- |
| Bun | Graceful fallback | Graceful fallback | -- |
New Semgrep Rules (28 added, 72 total)
- go.yaml (10): SQL injection, command injection, SSRF, insecure TLS, hardcoded credentials, weak crypto, path traversal, unhandled errors, open redirect, race conditions
- ruby.yaml (10): SQL injection, command injection, mass assignment, open redirect, XSS, insecure deserialization, hardcoded secrets, path traversal, CSRF disabled, weak session
- rust.yaml (8): SQL injection, command injection, unsafe blocks, hardcoded secrets, insecure TLS, path traversal, panic unwrap, weak random
- java.yaml (10): SQL injection, command injection, path traversal, XXE, insecure deserialization, hardcoded credentials, weak crypto, SSRF, open redirect, CSRF disabled
Polyglot Project Support
detect-stack.sh now outputs all_package_managers as a JSON array, enabling full coverage for projects that use multiple ecosystems (e.g., Node.js frontend + Python backend).
Extended Tool Detection
check-prereqs.shvalidates 15 tools (was 7): added govulncheck, bundle-audit, cargo-audit, cargo-outdated, trivy, dotnet, maven, gradleinstall.shinstalls new ecosystem tools automatically where possible
Full Changelog
Shield v0.2.0 — Security Auditor
What's New
Security Auditor — Intelligence Layer (/shield:audit)
Shield now has two complementary skills:
/shield:shield— runs tools (Semgrep, gitleaks, npm audit, Shannon)/shield:audit— reasons about findings, finds what tools miss
The Security Auditor works without any tools installed — it uses pure reasoning to analyze code, IaC, and architecture for vulnerabilities that static analysis tools are blind to.
What /shield:audit does
- Attack chains — not just "SQL injection found" but "here's the exact curl command to exploit it"
- Exploitability rating — Trivial / Easy / Moderate / Hard / Theoretical
- False positive analysis — confirms or dismisses Semgrep findings with code context
- Logic vulnerabilities — IDOR, race conditions, business logic flaws, JWT attacks
- IaC security review — Dockerfile, Kubernetes, Terraform, GitHub Actions, nginx
- Architecture threat modeling — trust boundaries, attack surface mapping
- Adjusted risk score — combines Shield's tool score with manual analysis delta
Reference files (loaded on demand)
| File | Content |
|---|---|
owasp-top10.md |
OWASP Top 10 2021 with CWEs and code patterns |
iac-checklist.md |
Docker, k8s, Terraform, GitHub Actions, nginx checklists |
crypto-guidance.md |
Passwords, AES-GCM, JWT, TLS, key management |
Usage
# Scan with tools, then analyze with intelligence
/shield:shield quick
/shield:audit
# Or audit any file directly (no scan needed)
/shield:audit src/auth.py
/shield:audit Dockerfile
/shield:audit terraform/main.tfFull Changelog
Shield v0.1.1
Added
- Security badge generator —
scripts/generate-badge.shcreates shields.io-compatible JSON from scan results. Projects can display their Shield Score as a README badge. - Self-scan report — Shield scanned its own codebase: 100/100 LOW RISK (report)
- Logo — minimalist
/shieldSVG wordmark
Fixed
- Plugin
authorfield format (string → object) for marketplace compatibility - Marketplace name
shield→shield-securityto avoid confusion with plugin name - All docs updated to use
/shield:shieldnamespace for plugin installations - Correct installation flow:
/plugin marketplace add+/plugin install shield@shield-security
Full Changelog
Shield v0.1.0
Shield v0.1.0 — Initial Release
Security orchestrator plugin for Claude Code that runs autonomous pentests, static analysis, secrets scanning, and dependency audits from a single /shield:shield command.
Highlights
- 6 modes: full, quick, fix, verify, score, outdated
- Shannon pentest orchestration (Docker-based, proof-by-exploitation)
- Semgrep SAST with 34 custom security rules across 3 languages
- gitleaks secrets scanning across full git history
- Dependency audit via npm/yarn/pnpm/pip/composer with severity mapping
- Dependency freshness check with SECURITY/MAJOR/MINOR/PATCH classification
- Risk scoring 0-100 with weighted formula and 4-tier risk levels
- Compliance mapping to OWASP Top 10, SOC 2, PCI-DSS, HIPAA
- SARIF 2.1.0 output for GitHub Security tab
- Fix proposals with before/after diffs
- GitHub issue creation from findings
- Graceful degradation — runs whatever tools are installed
- Zero-config stack detection for 9 ecosystems
- 189 unit tests, shellcheck-clean, bash 3.2 compatible
Install
# Inside Claude Code:
/plugin marketplace add alissonlinneker/shield-claude-skill
/plugin install shield@shield-security
# Or for quick testing:
claude --plugin-dir /path/to/shield-claude-skillSupported Ecosystems
Node.js (npm/yarn/pnpm), Python (pip/pipenv/poetry), PHP (composer), Go, Ruby, Rust, Java, C#