BridgeSecurity
A Claude Code plugin from BridgeMind that gives your AI agents the instincts of a senior application security engineer.
Stop shipping classic vulnerabilities — start shipping production-secure code.
AI coding agents write functional code, but they keep shipping the same classic vulnerabilities — SQL injection, XSS, IDOR, hardcoded secrets, missing auth on Server Actions, public S3 buckets, pull_request_target with checkout-of-fork-code. The bugs that have headlined CVEs for fifteen years.
BridgeSecurity fixes this. It's a set of detection patterns, vulnerability taxonomies, threat-modeling discipline, and a specialized auditor agent that teach your AI teammates to think like a senior security engineer — find the trust boundary, match input to sink, check auth on every state-changing path, treat every secret as already leaked, fail closed.
- Injection — SQLi, NoSQLi, command, code, template, XSS, LDAP, XPath
- Broken Access Control — IDOR, BOLA, BOPLA, missing auth, mass assignment, Server Action authz gaps,
x-middleware-subrequestbypass class - Cryptographic Failures — MD5/SHA1,
Math.random()for tokens, ECB mode, hardcoded keys, JWTalg: none, HS256/RS256 confusion,===for HMAC compare - SSRF — including private-IP / cloud-metadata /
file:/// TOCTOU - Path Traversal —
path.joinwithout prefix-check,send_filewith raw input - Insecure Deserialization —
pickle.loads,yaml.load,ObjectInputStream,vm2 - Hardcoded Secrets — AWS, GitHub, Stripe, OpenAI, Anthropic, Slack, JWTs, private keys (25+ patterns)
- Cloud Misconfig — public S3, IAM
*:*,0.0.0.0/0:22, IMDSv1, missing encryption - Container / k8s —
privileged: true,runAsUser: 0,hostNetwork,/var/run/docker.sockmount,image:latest - CI/CD —
pull_request_target+ checkout-fork-code, mutable Action tags (CVE-2025-30066 class), shell-injection via PR title - Auth flaws — JWT in localStorage, no MFA, missing rate limit on login, predictable reset tokens
- Open Redirect —
//evil.combypass class - Markdown exfil — image URLs constructed from secrets (EchoLeak class)
- LLM-specific — output-to-eval, excessive agency, secrets in system prompt
| Component | Type | What It Does |
|---|---|---|
bridgesecurity |
Skill | Core security discipline — auto-loaded when your agent reads, writes, or reviews code. Five Disciplines, threat-model checklist, detection cheat-sheet. |
security-audit |
Skill | Slash-command audit. Scans a file/dir/PR/repo for vulnerabilities, returns severity-ranked report with CWE/OWASP mapping. |
security-auditor |
Agent | Read-only senior security engineer subagent. Cannot write, edit, or delete. Walks every file with the OWASP Top 10 + CWE Top 25 + threat model. |
The skill ships with eight deep reference docs (~50 pages of practitioner-grade content):
- vulnerability-taxonomies.md — OWASP Top 10 (2021), API Top 10 (2023), Mobile Top 10 (2024), LLM Top 10 (2025), CWE Top 25 (2024), CISA KEV recurring classes, DBIR top vectors
- language-patterns.md — JS/TS, Python, Go, Rust, Java/Spring, Ruby/Rails, PHP — vulnerable + fixed code pairs, per-ORM SQLi reference
- frontend-patterns.md — React, Next.js (Server Actions, middleware, hydration), Vue, Svelte, browser specifics
- infrastructure-patterns.md — AWS, GCP, Azure, Docker, Kubernetes, Terraform, GitHub Actions, GitLab CI
- secrets-patterns.md — regex catalog for 25+ secret types
- case-studies.md — Log4Shell, Spring4Shell, MOVEit, XZ backdoor, Polyfill.io, Snowflake, Ivanti, regreSSHion, Next.js CVE-2025-29927, tj-actions supply chain, recent agent CVEs
- tooling.md — Semgrep, CodeQL, Snyk, Trivy, Gitleaks, OSV, govulncheck, Brakeman, Checkov, kube-bench, MobSF
- threat-modeling.md — the full 10-question discipline
claude plugin install bridgesecurity@bridgemind-plugins# Project-level
mkdir -p .claude/skills .claude/agents
cp -r skills/bridgesecurity .claude/skills/
cp -r skills/security-audit .claude/skills/
cp agents/security-auditor.md .claude/agents/# Personal / global
mkdir -p ~/.claude/skills ~/.claude/agents
cp -r skills/bridgesecurity ~/.claude/skills/
cp -r skills/security-audit ~/.claude/skills/
cp agents/security-auditor.md ~/.claude/agents/Once installed, the bridgesecurity skill activates whenever your agent reads, writes, or reviews code. Your agent now thinks like a senior:
- Find the trust boundaries — every place untrusted data crosses into trusted code.
- Match input to sink — every
(source, sink)pair is a potential vulnerability. - Auth on every state-changing path — authentication + authorization (ownership, not just role) + input validation.
- Secrets are already leaked — assume rotation as default, plan for it.
- Fail closed, log loudly, blast-radius small — default deny, sanitized errors, audit logs, network/IAM segmentation.
Before declaring code "secure":
- Trust boundaries — where does data cross?
- AuthN/AuthZ — server-side, ownership-checked?
- Input validation — schema at the boundary?
- Output encoding — correct context?
- Secrets — safe storage + rotation?
- Failure mode — fail closed?
- Blast radius — what falls if owned?
- Supply chain — pinned + audited?
- Logging — security events captured? PII redacted?
- Replay protection — idempotency, nonces, CSRF, rate limits?
If any answer is "I don't know" — the code is not cleared.
> /security-audit src/api/users.ts
> /security-audit https://github.com/owner/repo/pull/123
> /security-audit ./terraform/
> /security-audit "all server actions in this app"
The security-auditor agent walks the target, applies all 20 audit categories, and produces a severity-ranked report with:
- File:line — exact location
- Class — vulnerability category
- CWE / OWASP — canonical IDs
- Code — verbatim vulnerable snippet
- Exploit scenario — concrete, not generic
- Fix — patched code
- References — links to CWE, OWASP, BridgeSecurity references
Direct. Functional. Pairs with BridgeWard — Trust nothing. Ship safely. — for prompt-injection defense:
- BridgeWard protects your agent from prompt injection in untrusted content.
- BridgeSecurity protects your code from classic application vulnerabilities.
Both rooted in the BridgeMind brand line: Ship with agents. The security corollary: Find vulnerabilities. Ship secure.
You should install BridgeSecurity if your agent:
- Writes any production code
- Reviews PRs or diffs
- Generates infrastructure-as-code (Terraform, Kubernetes, Dockerfiles)
- Edits CI/CD configurations (GitHub Actions, GitLab CI)
- Refactors authentication / authorization / payments code
- Handles user input on any code path
- Writes Server Actions, RPC handlers, API endpoints
- Touches anything with
eval,exec,query,fetch,redirect, file paths, or secrets
If your agent only writes pure functions and unit tests, you may not need this. Everyone else does.
BridgeSecurity/
├── .claude-plugin/
│ └── plugin.json
├── skills/
│ ├── bridgesecurity/
│ │ ├── SKILL.md
│ │ └── references/
│ │ ├── vulnerability-taxonomies.md
│ │ ├── language-patterns.md
│ │ ├── frontend-patterns.md
│ │ ├── infrastructure-patterns.md
│ │ ├── secrets-patterns.md
│ │ ├── case-studies.md
│ │ ├── tooling.md
│ │ └── threat-modeling.md
│ └── security-audit/
│ └── SKILL.md
├── agents/
│ └── security-auditor.md
└── scripts/
└── scan.sh
BridgeSecurity uses the standard SKILL.md / agent package format supported by 30+ AI coding tools.
| Tool | Skills | Subagent | Notes |
|---|---|---|---|
| Claude Code | ✅ | ✅ | Full plugin support |
| Cursor | ✅ | — | Drop into .cursor/skills/ |
| Windsurf | ✅ | — | Skill format |
| OpenAI Codex | ✅ | — | Skill format |
| Gemini CLI | ✅ | — | Skill format |
| Cline / Roo Code | ✅ | — | Skill format |
| GitHub Copilot | ✅ | — | Via .github/copilot-instructions.md reference |
| Continue.dev | ✅ | — | Skill format |
| Goose | ✅ | — | Skill format |
- Not a SAST tool. It's a thinking skill. Pair it with Semgrep / CodeQL / Snyk / Trivy — the skill knows how to invoke them and synthesize output.
- Not a guarantee. Security is layered. This skill makes your agent better; it doesn't make your code invulnerable.
- Not a replacement for human review on high-stakes flows (payments, auth, crypto, IAM).
- Not a runtime defense. It catches issues at code-time. WAFs, sandboxes, and observability live elsewhere.
It is one layer in your stack. Layer it with: SAST in CI, dependency scanning, secret scanning, container scanning, IaC scanning, DAST, runtime observability, and human security review for high-stakes changes.
- BridgeWard — Prompt-injection defense. Trust nothing. Ship safely.
- BridgeUI — Senior frontend design instincts.
- BridgeRemotion — Remotion video-engineering expertise.
- BridgeMotion — MIT-licensed React video framework.
This skill synthesizes guidance from:
- OWASP Top 10 (2021)
- OWASP API Security Top 10 (2023)
- OWASP Mobile Top 10 (2024)
- OWASP LLM Top 10 (2025)
- CWE Top 25 (2024)
- CISA Known Exploited Vulnerabilities
- Verizon DBIR
- NIST NVD
- CIS Benchmarks
- NSA/CISA Kubernetes Hardening Guide v1.2
- GitHub Actions Security Hardening
- OWASP Cheat Sheet Series
PRs welcome — especially for new vulnerability patterns, fresh case studies, and per-language additions. See CONTRIBUTING.md.
When adding a new pattern: include a real-world citation (CVE, writeup, or CVSS score). When adding a new case study: name the vendor, date, vector, and remediation.
MIT. See LICENSE. True open source. No license traps. Ship freely.
BridgeMind is an agentic organization — AI agents are teammates, not tools. We build open-source plugins for the builder community to ship faster through vibe coding — and ship securely.
Built by BridgeMind. Find vulnerabilities. Ship secure.