Fidensa
Plugin Verified

voltcc-subagents

A comprehensive Claude Code plugin providing 100+ specialized sub-agents organized across 10 categories for development, infrastructure, quality assurance, data analysis, and business operations.

58

/ 100 · Grade F-D

F-D = below 60 (deductions)

I need to access a comprehensive suite of specialized coding and development sub-agents that can handle diverse tasks across development, infrastructure, quality control, and business analysis without switching between multiple tools.

developmentinfrastructurequality assurancesecuritydata analysisai toolsbusiness intelligencedeveloper tools
Publisher: VoltAgentVersion: latestCertified: Mar 28, 2026Expires: Mar 28, 2027Source ↗

voltcc-subagents earned Verified status with a trust score of 58/100 (Grade F-D). Adversarial testing produced 7 findings (7 high). Supply chain is clean — 1 components with no known vulnerabilities. Security scan flagged 0 findings. Tier is Verified rather than Certified due to unmitigated findings above severity thresholds.

Trust Score Breakdown

Eight weighted signals composing the aggregate trust score

security scan
100% × 15w
15.0
supply chain
100% × 10w
10.0
adversarial
0% × 25w
0.0
provenance
40% × 20w
8.0
consumer confirm
80% × 10w
8.0
behavioral pass
80% × 10w
8.0
contract accuracy
100% × 6w
6.0
uptime
100% × 4w
4.0

Scheme v2.0 · Weights provisional · Consumer confirmations and uptime use pipeline-derived baselines.

Findings

Security scan results, adversarial testing, and pipeline review

Security Scan — Cisco Skill Scanner

cisco-skill-scannerFAIL
critical: 0high: 0medium: 0low: 0

Adversarial Testing — 6 categories, 7 findings

prompt injection chainsprivilege escalationdata exfiltration side channelscapability squattingcontext poisoningdependency confusion
highWarnprompt injection chainsconfirmed

The install-agents.sh script accepts user input for category and agent selection, then uses this input in file paths and curl commands without proper validation. User input is directly interpolated into shell commands and file operations.

highWarnprompt injection chainsconfirmed

The script uses user-selected category names and agent filenames directly in file system operations and curl commands. Malicious input like '../../../etc/passwd' or '; rm -rf /' could potentially escape intended directories or inject additional commands.

highWarnprivilege escalationconfirmed

The install-agents.sh script uses curl with flags that bypass safety checks and confirmation dialogs. The script uses 'curl -sS' (silent mode with some error output) and 'curl -sf' (silent mode with fail-fast) which suppress normal user feedback. Additionally, the script automatically proceeds with file operations without explicit user confirmation in several places, and uses 'set -e' which can mask error conditions.

highWarnprivilege escalationconfirmed

The install-agents.sh script writes to global system locations including ~/.claude/agents/ (user home directory) and creates/modifies cache files in ~/.claude/cache/. The script also creates directories and files outside the project scope without user confirmation. The subagent-catalog config.sh creates cache directories and files in the user's home directory (~/.claude/cache/).

highWarncontext poisoningconfirmed

The install-agents.sh script contains persistent configuration that affects Claude's behavior across all future sessions. The script installs agents globally to ~/.claude/agents/ or locally to .claude/agents/, and these agents contain behavioral instructions that will persist beyond the current task execution.

highWarncontext poisoningconfirmed

The installation script creates persistent agent files in user directories (~/.claude/agents/ and .claude/agents/) that will be automatically loaded by Claude in future sessions. This creates persistent behavioral modifications without explicit per-session consent.

highReviewcontext poisoningsuspected

The plugin system claims authority over Claude's agent loading mechanism and behavioral modification through file system manipulation. While the stated purpose is agent management, the implementation creates system-level persistence that could affect unrelated tasks.

Methodology v1.0 · 6 categories · ~55 attack patterns

Supply Chain

SBOM analysis and vulnerability assessment

Components

1

Direct deps

0

Transitive deps

1

Total vulns

0

Format: CycloneDX 1.5 · Generated: Mar 28, 2026

Behavioral Fingerprint

Runtime performance baseline for drift detection

Samples

8

Error rate

0.0%

Peak memory

— MB

Avg CPU

—%

Response time distribution

p50: 7594msp95: 26771msp99: 26771ms

Output size distribution

p50: 1.4 KBp95: 5.5 KBmean: 2.2 KB

Fingerprint v1.0 · Baseline: Mar 28, 2026 · Status: baseline

Component Inventory

141 components composing this plugin

agents

139

scripts

2

agents (139)

api-designercategories/01-core-development/api-designer.md
backend-developercategories/01-core-development/backend-developer.md
electron-procategories/01-core-development/electron-pro.md
frontend-developercategories/01-core-development/frontend-developer.md
fullstack-developercategories/01-core-development/fullstack-developer.md
graphql-architectcategories/01-core-development/graphql-architect.md
microservices-architectcategories/01-core-development/microservices-architect.md
mobile-developercategories/01-core-development/mobile-developer.md
ui-designercategories/01-core-development/ui-designer.md
websocket-engineercategories/01-core-development/websocket-engineer.md
angular-architectcategories/02-language-specialists/angular-architect.md
cpp-procategories/02-language-specialists/cpp-pro.md
csharp-developercategories/02-language-specialists/csharp-developer.md
django-developercategories/02-language-specialists/django-developer.md
dotnet-core-expertcategories/02-language-specialists/dotnet-core-expert.md
dotnet-framework-4.8-expertcategories/02-language-specialists/dotnet-framework-4.8-expert.md
elixir-expertcategories/02-language-specialists/elixir-expert.md
expo-react-native-expertcategories/02-language-specialists/expo-react-native-expert.md
fastapi-developercategories/02-language-specialists/fastapi-developer.md
flutter-expertcategories/02-language-specialists/flutter-expert.md
golang-procategories/02-language-specialists/golang-pro.md
java-architectcategories/02-language-specialists/java-architect.md
javascript-procategories/02-language-specialists/javascript-pro.md
kotlin-specialistcategories/02-language-specialists/kotlin-specialist.md
laravel-specialistcategories/02-language-specialists/laravel-specialist.md
nextjs-developercategories/02-language-specialists/nextjs-developer.md
php-procategories/02-language-specialists/php-pro.md
powershell-5.1-expertcategories/02-language-specialists/powershell-5.1-expert.md
powershell-7-expertcategories/02-language-specialists/powershell-7-expert.md
python-procategories/02-language-specialists/python-pro.md
rails-expertcategories/02-language-specialists/rails-expert.md
react-specialistcategories/02-language-specialists/react-specialist.md
rust-engineercategories/02-language-specialists/rust-engineer.md
spring-boot-engineercategories/02-language-specialists/spring-boot-engineer.md
sql-procategories/02-language-specialists/sql-pro.md
swift-expertcategories/02-language-specialists/swift-expert.md
symfony-specialistcategories/02-language-specialists/symfony-specialist.md
typescript-procategories/02-language-specialists/typescript-pro.md
vue-expertcategories/02-language-specialists/vue-expert.md
azure-infra-engineercategories/03-infrastructure/azure-infra-engineer.md
cloud-architectcategories/03-infrastructure/cloud-architect.md
database-administratorcategories/03-infrastructure/database-administrator.md
deployment-engineercategories/03-infrastructure/deployment-engineer.md
devops-engineercategories/03-infrastructure/devops-engineer.md
devops-incident-respondercategories/03-infrastructure/devops-incident-responder.md
docker-expertcategories/03-infrastructure/docker-expert.md
incident-respondercategories/03-infrastructure/incident-responder.md
kubernetes-specialistcategories/03-infrastructure/kubernetes-specialist.md
network-engineercategories/03-infrastructure/network-engineer.md
platform-engineercategories/03-infrastructure/platform-engineer.md
security-engineercategories/03-infrastructure/security-engineer.md
sre-engineercategories/03-infrastructure/sre-engineer.md
terraform-engineercategories/03-infrastructure/terraform-engineer.md
terragrunt-expertcategories/03-infrastructure/terragrunt-expert.md
windows-infra-admincategories/03-infrastructure/windows-infra-admin.md
accessibility-testercategories/04-quality-security/accessibility-tester.md
ad-security-reviewercategories/04-quality-security/ad-security-reviewer.md
architect-reviewercategories/04-quality-security/architect-reviewer.md
chaos-engineercategories/04-quality-security/chaos-engineer.md
code-reviewercategories/04-quality-security/code-reviewer.md
compliance-auditorcategories/04-quality-security/compliance-auditor.md
debuggercategories/04-quality-security/debugger.md
error-detectivecategories/04-quality-security/error-detective.md
penetration-testercategories/04-quality-security/penetration-tester.md
performance-engineercategories/04-quality-security/performance-engineer.md
powershell-security-hardeningcategories/04-quality-security/powershell-security-hardening.md
qa-expertcategories/04-quality-security/qa-expert.md
security-auditorcategories/04-quality-security/security-auditor.md
test-automatorcategories/04-quality-security/test-automator.md
ai-engineercategories/05-data-ai/ai-engineer.md
data-analystcategories/05-data-ai/data-analyst.md
data-engineercategories/05-data-ai/data-engineer.md
data-scientistcategories/05-data-ai/data-scientist.md
database-optimizercategories/05-data-ai/database-optimizer.md
llm-architectcategories/05-data-ai/llm-architect.md
machine-learning-engineercategories/05-data-ai/machine-learning-engineer.md
ml-engineercategories/05-data-ai/ml-engineer.md
mlops-engineercategories/05-data-ai/mlops-engineer.md
nlp-engineercategories/05-data-ai/nlp-engineer.md
postgres-procategories/05-data-ai/postgres-pro.md
prompt-engineercategories/05-data-ai/prompt-engineer.md
reinforcement-learning-engineercategories/05-data-ai/reinforcement-learning-engineer.md
build-engineercategories/06-developer-experience/build-engineer.md
cli-developercategories/06-developer-experience/cli-developer.md
dependency-managercategories/06-developer-experience/dependency-manager.md
documentation-engineercategories/06-developer-experience/documentation-engineer.md
dx-optimizercategories/06-developer-experience/dx-optimizer.md
git-workflow-managercategories/06-developer-experience/git-workflow-manager.md
legacy-modernizercategories/06-developer-experience/legacy-modernizer.md
mcp-developercategories/06-developer-experience/mcp-developer.md
powershell-module-architectcategories/06-developer-experience/powershell-module-architect.md
powershell-ui-architectcategories/06-developer-experience/powershell-ui-architect.md
refactoring-specialistcategories/06-developer-experience/refactoring-specialist.md
slack-expertcategories/06-developer-experience/slack-expert.md
tooling-engineercategories/06-developer-experience/tooling-engineer.md
api-documentercategories/07-specialized-domains/api-documenter.md
blockchain-developercategories/07-specialized-domains/blockchain-developer.md
embedded-systemscategories/07-specialized-domains/embedded-systems.md
fintech-engineercategories/07-specialized-domains/fintech-engineer.md
game-developercategories/07-specialized-domains/game-developer.md
iot-engineercategories/07-specialized-domains/iot-engineer.md
m365-admincategories/07-specialized-domains/m365-admin.md
mobile-app-developercategories/07-specialized-domains/mobile-app-developer.md
payment-integrationcategories/07-specialized-domains/payment-integration.md
quant-analystcategories/07-specialized-domains/quant-analyst.md
risk-managercategories/07-specialized-domains/risk-manager.md
seo-specialistcategories/07-specialized-domains/seo-specialist.md
business-analystcategories/08-business-product/business-analyst.md
content-marketercategories/08-business-product/content-marketer.md
customer-success-managercategories/08-business-product/customer-success-manager.md
legal-advisorcategories/08-business-product/legal-advisor.md
product-managercategories/08-business-product/product-manager.md
project-managercategories/08-business-product/project-manager.md
sales-engineercategories/08-business-product/sales-engineer.md
scrum-mastercategories/08-business-product/scrum-master.md
technical-writercategories/08-business-product/technical-writer.md
ux-researchercategories/08-business-product/ux-researcher.md
wordpress-mastercategories/08-business-product/wordpress-master.md
agent-installercategories/09-meta-orchestration/agent-installer.md
agent-organizercategories/09-meta-orchestration/agent-organizer.md
context-managercategories/09-meta-orchestration/context-manager.md
error-coordinatorcategories/09-meta-orchestration/error-coordinator.md
it-ops-orchestratorcategories/09-meta-orchestration/it-ops-orchestrator.md
knowledge-synthesizercategories/09-meta-orchestration/knowledge-synthesizer.md
multi-agent-coordinatorcategories/09-meta-orchestration/multi-agent-coordinator.md
performance-monitorcategories/09-meta-orchestration/performance-monitor.md
task-distributorcategories/09-meta-orchestration/task-distributor.md
workflow-orchestratorcategories/09-meta-orchestration/workflow-orchestrator.md
competitive-analystcategories/10-research-analysis/competitive-analyst.md
data-researchercategories/10-research-analysis/data-researcher.md
market-researchercategories/10-research-analysis/market-researcher.md
research-analystcategories/10-research-analysis/research-analyst.md
scientific-literature-researchercategories/10-research-analysis/scientific-literature-researcher.md
search-specialistcategories/10-research-analysis/search-specialist.md
trend-analystcategories/10-research-analysis/trend-analyst.md
fetchtools/subagent-catalog/fetch.md
invalidatetools/subagent-catalog/invalidate.md
listtools/subagent-catalog/list.md
searchtools/subagent-catalog/search.md

scripts (2)

install-agentsinstall-agents.sh
configtools/subagent-catalog/config.sh

Interface

Aggregated instruction summary

Instructions: 0Files: 0Format: composite

Scope & Permissions

What this capability can and cannot access — derived from pipeline analysis

creates files

no

deletes files

no

modifies files

yes

accesses env variables

no

invokes external tools

yes

makes network requests

no

Badge & Integration

Embed certification status in your README, docs, or CI pipeline

Fidensa Verified badge for voltcc-subagents
badge SVG →attestation API →integration guide →

Certification Notes

Provenance observations from the pipeline

publisher

Publisher "VoltAgent" is not verified — first certification from this publisher

provenance

No SECURITY.md or SECURITY.txt file found — no published vulnerability reporting process

provenance

Single contributor — no peer review evidence in commit history

provenance

Repository is 2 days old — recently created

provenance

Package description appears to be boilerplate or template text

Signed Artifact

Certification provenance and verification metadata

Content hashsha256:8f36f78489cabfc922b972462a8fa3e1dcfd90bc66cbb588a456c972fd77ab90
Key IDkms-9db4ed3b9f53
CertifiedMar 28, 2026
ExpiresMar 28, 2027
Pipeline version1.0
Statusvalid
download .cert.json →download annotated file →

Pipeline Artifacts

Raw data files from this certification run — downloadable for independent verification

contract.json

Full unsigned contract

stage1-ingest.json

Ingest stage output

stage2a-sbom.json

SBOM generation results

stage2a-vulns.json

Vulnerability scan results

stage2b-security.json

Security scan results

stage3a-functional.json

Functional test results

stage3b-adversarial.json

Adversarial test results

stage3c-fingerprint.json

Behavioral fingerprint

stage4-certify.json

Certification decision + trust score

stage3a-measurements.json

Raw functional test measurements

stage3b-measurements.json

Raw adversarial test measurements

run-log.json

Pipeline execution log

Not all files may be present for every certification.