SubImage Skills

Claude Code marketplace for SubImage, the cloud-native security platform. Two plugins ship from this catalog: setup recipes for IaC repos, and operator workflows over the SubImage MCP server.

Install

claude plugin marketplace add subimagesec/skills
claude plugin install subimage-setup@subimage
claude plugin install subimage-mcp@subimage

Plugins

subimage-setup

Onboarding recipes for SubImage data sources from your IaC or CLI environment. No SubImage tenant connection required to generate the IaC code.

connect-aws Deploy SubImageScanRole via CloudFormation StackSet, Terraform, or aws-cli.
connect-gcp Create the org-level service account and grant the IAM read roles via Terraform or gcloud.
connect-azure Create a service principal with Reader on subscriptions or a Management Group via Terraform or az.
connect-kubernetes-outpost Deploy the SubImage Outpost (Helm or Docker) so SubImage can reach private APIs.
connect-github Install the SubImage GitHub App, or wire a PAT for GitHub Enterprise Server.
connect-declarative-schema Bring custom context (service catalogs, ownership, CMDB) into the graph: JSONL data, YAML schema, and S3 or GCS plumbing.

subimage-mcp

Operator workflows over the SubImage MCP server. See the MCP setup docs.

triage-new-findings Frameworks-first findings digest with grouped themes and recommended next steps.
investigate-cve Full impact and fixability for a specific CVE, with an opt-in pivot to attack-path exploration.
review-attack-path Walk an attack path step by step, hunt for n+1 extensions, propose the fastest fix.
improve-subimage-coverage Scan the current repo for providers, cross-reference with subimageListModules, surface top actionable findings.
build-cypher-query Construct a verified Cypher query against the SubImage Neo4j graph by exploring the schema and validating with bounded probes.
create-custom-rule Draft, validate against the live tenant graph, and persist a tenant-local custom Cypher rule.

Marketplace catalog

The raw catalog is at /.claude-plugin/marketplace.json. Claude Code reads it from the GitHub source, not from this site.