Comprehensive Web3 security framework plugin based on the SEAL (Security Alliance) Frameworks. Provides real-time security guidance, platform-specific hardening checklists, and hooks that block dangerous commands and secret exposure.
claude plugin install seal-security@github:zknpr/seal-security-plugin| Skill | Trigger | Description |
|---|---|---|
security-guidance |
"security review", "audit", "harden", "opsec", or when touching infra/wallets/CI/CD | Comprehensive security advisor with deep reference files for every SEAL domain |
security-checklist |
"checklist", "harden [platform]", "lock down" | 20+ platform-specific hardening checklists |
| Hook | Trigger | Behavior |
|---|---|---|
security-guard |
Every Bash command |
15 rules catching pipe-to-shell, chmod 777, force push, secret exposure, docker privileged, SSL disable, etc. |
secret-scanner |
Every Write/Edit operation |
11 patterns detecting private keys, mnemonics, AWS creds, SSH keys, JWTs, webhook URLs, DB connection strings |
- BLOCKED (prevents execution): Private keys, mnemonics, AWS keys, SSH keys, PGP keys, pipe-to-shell, chmod 777, force push to main, rm -rf system dirs
- WARNING (shows message, allows execution): API key assignments, JWTs, webhooks, npm install without --ignore-scripts, env dumps, SSL verification disable
.envfiles are warned but never blocked (they're expected to contain secrets)- Each warning shown only once per session per file/command (no nagging)
Based on the full SEAL Security Frameworks:
| Domain | Coverage |
|---|---|
| Operational Security | Account hardening for 15 platforms (Discord, GitHub, Telegram, Twitter/X, Signal, Slack, Vercel, Zoom, etc.) |
| Infrastructure | DNS/DNSSEC, registrar security, CAA records, email security (SPF/DKIM/DMARC), endpoint hardening |
| Wallet Security | Hardware wallet selection, seed phrase management, multisig best practices, signing verification, EIP-7702 risks |
| DevSecOps | CI/CD pipeline hardening, repository security, development environment isolation, code signing, sandboxing |
| Security Testing | Unit/integration/fuzz/static analysis/formal verification for smart contracts |
| Monitoring | On-chain monitoring guidelines, tools (BlockScout, Hypernative, Tenderly), alert thresholds, channel reliability |
| Incident Response | Severity levels (P1-P5), roles, communication templates, 7 playbooks (malware, DPRK, wallet drainers, ELUSIVE COMET, SEAL 911 War Room) |
| Supply Chain | Dependency awareness, lockfile integrity, version pinning, Web3-specific threats, vendor risk, incident response |
| AI Security | Prompt injection defenses, Web3-specific AI risks, ElizaOS agent memory attacks |
Discord, GitHub, Telegram, Twitter/X, Signal, Slack, Vercel, GoDaddy, Notion, Mercury, Sentry, Render, Linear, Trello, Zoom, DNS/Domain Security, Hardware Wallet Setup, Multisig Setup, CI/CD Pipeline, Dependency Management, On-Chain Monitoring, Incident Response Readiness
| Incident | Loss | Category |
|---|---|---|
| Bybit (DPRK, Feb 2025) | $1.5B | State-sponsored |
| Wormhole | $325M | Contract upgrade |
| Beanstalk | $182M | Flash loan governance |
| Parity | $150M | Proxy pattern bug |
| Cream Finance | $130M | Oracle manipulation |
| Mango Markets | $112M | Oracle manipulation |
| Vyper reentrancy 2023 | $69M | Compiler vulnerability |
| Ledger Connect Kit 2023 | $600K+ | Supply chain |
- FIDO2/WebAuthn everywhere — TOTP is second choice, SMS is NEVER acceptable
- 2+ independent verification channels for all critical operations
- Default-deny egress — explicit allowlist only
- Never sign blindly — verify origin, contract, function, parameters, gas
- Hardware wallet is source of truth — simulations can be spoofed
- Frozen installs in CI —
npm ci, never*orlatest - Assume compromise when in doubt — move funds first, investigate second
- Every alert must map to a documented response
- Post-mortem within 1 week — learning, not blame
- "When in doubt, choose the higher severity"
All guidance is derived from the SEAL Security Frameworks maintained by the Security Alliance, a not-for-profit organization dedicated to Web3 security.
MIT