Alpha Preview: Fidensa is currently in early testing. Scores are for demonstration purposes and are not considered final or reliable.

Plugin◉ Verified

voltcc-subagents

A comprehensive Claude Code plugin providing 100+ specialized sub-agents organized across 10 categories for development, infrastructure, quality assurance, data analysis, and business operations.

/ 100 · Grade D

D = 60–69

“I need to access a comprehensive suite of specialized coding and development sub-agents that can handle diverse tasks across development, infrastructure, quality control, and business analysis without switching between multiple tools.”

developmentinfrastructurequality assurancesecuritydata analysisai toolsbusiness intelligencedeveloper tools

Publisher: VoltAgentVersion: latestCertified: Apr 1, 2026Expires: Apr 1, 2027Source ↗

voltcc-subagents earned Verified status with a trust score of 67/100 (Grade D). Adversarial testing produced 7 findings (7 high). Supply chain is clean — 1 components with no known vulnerabilities. Tier is Verified rather than Certified due to unmitigated findings above severity thresholds.

Trust Score Breakdown

Eight weighted signals composing the aggregate trust score

security scan

100% × 15w

15.0

supply chain

100% × 10w

10.0

adversarial

23% × 25w

5.8

provenance

100% × 20w

20.0

consumer confirm

60% × 10w

6.0

behavioral pass

60% × 10w

6.0

contract accuracy

67% × 6w

4.0

uptime

100% × 4w

4.0

Scheme v2.0 · Weights provisional · Consumer confirmations and uptime use pipeline-derived baselines.

Findings

Security scan results, adversarial testing, and pipeline review

Security Scan — Cisco Skill Scanner

cisco-skill-scannerSKIPPED

critical: 0high: 0medium: 0low: 0

Adversarial Testing — 6 categories, 7 findings

prompt injection chainsprivilege escalationdata exfiltration side channelscapability squattingcontext poisoningdependency confusion

highWarnprompt injection chainsconfirmed

The install-agents.sh script accepts user input for category and agent selection, then uses this input in file paths and curl commands without proper validation. User input is directly interpolated into shell commands and file operations.

highWarnprompt injection chainsconfirmed

The script uses user-selected category names and agent filenames directly in file system operations and curl commands. Malicious input like '../../../etc/passwd' or '; rm -rf /' could potentially escape intended directories or inject additional commands.

highWarnprivilege escalationconfirmed

The install-agents.sh script uses curl with flags that bypass safety checks and confirmation dialogs. The script uses 'curl -sS' (silent mode with some error output) and 'curl -sf' (silent mode with fail-fast) which suppress normal user feedback. Additionally, the script automatically proceeds with file operations without explicit user confirmation in several places, and uses 'set -e' which can mask error conditions.

highWarnprivilege escalationconfirmed

Both install-agents.sh and the subagent-catalog configuration scripts write to global system locations outside the project scope. The installer creates and modifies directories in ~/.claude/agents/ (global installation) and ~/.claude/cache/ (cache directory). These operations affect system-wide configuration and persist beyond the current project.

highWarncontext poisoningconfirmed

The install-agents.sh script contains persistent configuration that affects Claude's behavior across all future sessions. The script installs agents globally to ~/.claude/agents/ or locally to .claude/agents/, and these agents contain behavioral instructions that will persist beyond the current task execution.

highWarncontext poisoningconfirmed

The installation script creates persistent agent files in user directories (~/.claude/agents/ and .claude/agents/) that will be automatically loaded by Claude in future sessions. This creates persistent behavioral modifications without explicit per-session consent.

highReviewcontext poisoningsuspected

The plugin system claims authority over Claude's agent loading mechanism and behavioral modification through file system manipulation. While the stated purpose is agent management, the implementation creates system-level persistence that could affect unrelated tasks.

Methodology v1.0 · 6 categories · ~55 attack patterns

Supply Chain

SBOM analysis and vulnerability assessment

Components

Direct deps

Transitive deps

Total vulns

Format: CycloneDX 1.5 · Generated: Apr 1, 2026

Behavioral Fingerprint

Runtime performance baseline for drift detection

Samples

Error rate

0.0%

Peak memory

— MB

Avg CPU

—%

Response time distribution

p50: 26530msp95: 37792msp99: 37792ms

Output size distribution

p50: 5.5 KBp95: 8.0 KBmean: 4.5 KB

Fingerprint v1.0 · Baseline: Apr 1, 2026 · Status: baseline

Component Inventory

141 components composing this plugin

agents

139

scripts

agents (139)

api-designercategories/01-core-development/api-designer.md

backend-developercategories/01-core-development/backend-developer.md

electron-procategories/01-core-development/electron-pro.md

frontend-developercategories/01-core-development/frontend-developer.md

fullstack-developercategories/01-core-development/fullstack-developer.md

graphql-architectcategories/01-core-development/graphql-architect.md

microservices-architectcategories/01-core-development/microservices-architect.md

mobile-developercategories/01-core-development/mobile-developer.md

ui-designercategories/01-core-development/ui-designer.md

websocket-engineercategories/01-core-development/websocket-engineer.md

angular-architectcategories/02-language-specialists/angular-architect.md

cpp-procategories/02-language-specialists/cpp-pro.md

csharp-developercategories/02-language-specialists/csharp-developer.md

django-developercategories/02-language-specialists/django-developer.md

dotnet-core-expertcategories/02-language-specialists/dotnet-core-expert.md

dotnet-framework-4.8-expertcategories/02-language-specialists/dotnet-framework-4.8-expert.md

elixir-expertcategories/02-language-specialists/elixir-expert.md

expo-react-native-expertcategories/02-language-specialists/expo-react-native-expert.md

fastapi-developercategories/02-language-specialists/fastapi-developer.md

flutter-expertcategories/02-language-specialists/flutter-expert.md

golang-procategories/02-language-specialists/golang-pro.md

java-architectcategories/02-language-specialists/java-architect.md

javascript-procategories/02-language-specialists/javascript-pro.md

kotlin-specialistcategories/02-language-specialists/kotlin-specialist.md

laravel-specialistcategories/02-language-specialists/laravel-specialist.md

nextjs-developercategories/02-language-specialists/nextjs-developer.md

php-procategories/02-language-specialists/php-pro.md

powershell-5.1-expertcategories/02-language-specialists/powershell-5.1-expert.md

powershell-7-expertcategories/02-language-specialists/powershell-7-expert.md

python-procategories/02-language-specialists/python-pro.md

rails-expertcategories/02-language-specialists/rails-expert.md

react-specialistcategories/02-language-specialists/react-specialist.md

rust-engineercategories/02-language-specialists/rust-engineer.md

spring-boot-engineercategories/02-language-specialists/spring-boot-engineer.md

sql-procategories/02-language-specialists/sql-pro.md

swift-expertcategories/02-language-specialists/swift-expert.md

symfony-specialistcategories/02-language-specialists/symfony-specialist.md

typescript-procategories/02-language-specialists/typescript-pro.md

vue-expertcategories/02-language-specialists/vue-expert.md

azure-infra-engineercategories/03-infrastructure/azure-infra-engineer.md

cloud-architectcategories/03-infrastructure/cloud-architect.md

database-administratorcategories/03-infrastructure/database-administrator.md

deployment-engineercategories/03-infrastructure/deployment-engineer.md

devops-engineercategories/03-infrastructure/devops-engineer.md

devops-incident-respondercategories/03-infrastructure/devops-incident-responder.md

docker-expertcategories/03-infrastructure/docker-expert.md

incident-respondercategories/03-infrastructure/incident-responder.md

kubernetes-specialistcategories/03-infrastructure/kubernetes-specialist.md

network-engineercategories/03-infrastructure/network-engineer.md

platform-engineercategories/03-infrastructure/platform-engineer.md

security-engineercategories/03-infrastructure/security-engineer.md

sre-engineercategories/03-infrastructure/sre-engineer.md

terraform-engineercategories/03-infrastructure/terraform-engineer.md

terragrunt-expertcategories/03-infrastructure/terragrunt-expert.md

windows-infra-admincategories/03-infrastructure/windows-infra-admin.md

accessibility-testercategories/04-quality-security/accessibility-tester.md

ad-security-reviewercategories/04-quality-security/ad-security-reviewer.md

architect-reviewercategories/04-quality-security/architect-reviewer.md

chaos-engineercategories/04-quality-security/chaos-engineer.md

code-reviewercategories/04-quality-security/code-reviewer.md

compliance-auditorcategories/04-quality-security/compliance-auditor.md

debuggercategories/04-quality-security/debugger.md

error-detectivecategories/04-quality-security/error-detective.md

penetration-testercategories/04-quality-security/penetration-tester.md

performance-engineercategories/04-quality-security/performance-engineer.md

powershell-security-hardeningcategories/04-quality-security/powershell-security-hardening.md

qa-expertcategories/04-quality-security/qa-expert.md

security-auditorcategories/04-quality-security/security-auditor.md

test-automatorcategories/04-quality-security/test-automator.md

ai-engineercategories/05-data-ai/ai-engineer.md

data-analystcategories/05-data-ai/data-analyst.md

data-engineercategories/05-data-ai/data-engineer.md

data-scientistcategories/05-data-ai/data-scientist.md

database-optimizercategories/05-data-ai/database-optimizer.md

llm-architectcategories/05-data-ai/llm-architect.md

machine-learning-engineercategories/05-data-ai/machine-learning-engineer.md

ml-engineercategories/05-data-ai/ml-engineer.md

mlops-engineercategories/05-data-ai/mlops-engineer.md

nlp-engineercategories/05-data-ai/nlp-engineer.md

postgres-procategories/05-data-ai/postgres-pro.md

prompt-engineercategories/05-data-ai/prompt-engineer.md

reinforcement-learning-engineercategories/05-data-ai/reinforcement-learning-engineer.md

build-engineercategories/06-developer-experience/build-engineer.md

cli-developercategories/06-developer-experience/cli-developer.md

dependency-managercategories/06-developer-experience/dependency-manager.md

documentation-engineercategories/06-developer-experience/documentation-engineer.md

dx-optimizercategories/06-developer-experience/dx-optimizer.md

git-workflow-managercategories/06-developer-experience/git-workflow-manager.md

legacy-modernizercategories/06-developer-experience/legacy-modernizer.md

mcp-developercategories/06-developer-experience/mcp-developer.md

powershell-module-architectcategories/06-developer-experience/powershell-module-architect.md

powershell-ui-architectcategories/06-developer-experience/powershell-ui-architect.md

refactoring-specialistcategories/06-developer-experience/refactoring-specialist.md

slack-expertcategories/06-developer-experience/slack-expert.md

tooling-engineercategories/06-developer-experience/tooling-engineer.md

api-documentercategories/07-specialized-domains/api-documenter.md

blockchain-developercategories/07-specialized-domains/blockchain-developer.md

embedded-systemscategories/07-specialized-domains/embedded-systems.md

fintech-engineercategories/07-specialized-domains/fintech-engineer.md

game-developercategories/07-specialized-domains/game-developer.md

iot-engineercategories/07-specialized-domains/iot-engineer.md

m365-admincategories/07-specialized-domains/m365-admin.md

mobile-app-developercategories/07-specialized-domains/mobile-app-developer.md

payment-integrationcategories/07-specialized-domains/payment-integration.md

quant-analystcategories/07-specialized-domains/quant-analyst.md

risk-managercategories/07-specialized-domains/risk-manager.md

seo-specialistcategories/07-specialized-domains/seo-specialist.md

business-analystcategories/08-business-product/business-analyst.md

content-marketercategories/08-business-product/content-marketer.md

customer-success-managercategories/08-business-product/customer-success-manager.md

legal-advisorcategories/08-business-product/legal-advisor.md

product-managercategories/08-business-product/product-manager.md

project-managercategories/08-business-product/project-manager.md

sales-engineercategories/08-business-product/sales-engineer.md

scrum-mastercategories/08-business-product/scrum-master.md

technical-writercategories/08-business-product/technical-writer.md

ux-researchercategories/08-business-product/ux-researcher.md

wordpress-mastercategories/08-business-product/wordpress-master.md

agent-installercategories/09-meta-orchestration/agent-installer.md

agent-organizercategories/09-meta-orchestration/agent-organizer.md

context-managercategories/09-meta-orchestration/context-manager.md

error-coordinatorcategories/09-meta-orchestration/error-coordinator.md

it-ops-orchestratorcategories/09-meta-orchestration/it-ops-orchestrator.md

knowledge-synthesizercategories/09-meta-orchestration/knowledge-synthesizer.md

multi-agent-coordinatorcategories/09-meta-orchestration/multi-agent-coordinator.md

performance-monitorcategories/09-meta-orchestration/performance-monitor.md

task-distributorcategories/09-meta-orchestration/task-distributor.md

workflow-orchestratorcategories/09-meta-orchestration/workflow-orchestrator.md

competitive-analystcategories/10-research-analysis/competitive-analyst.md

data-researchercategories/10-research-analysis/data-researcher.md

market-researchercategories/10-research-analysis/market-researcher.md

research-analystcategories/10-research-analysis/research-analyst.md

scientific-literature-researchercategories/10-research-analysis/scientific-literature-researcher.md

search-specialistcategories/10-research-analysis/search-specialist.md

trend-analystcategories/10-research-analysis/trend-analyst.md

fetchtools/subagent-catalog/fetch.md

invalidatetools/subagent-catalog/invalidate.md

listtools/subagent-catalog/list.md

searchtools/subagent-catalog/search.md

scripts (2)

install-agentsinstall-agents.sh

configtools/subagent-catalog/config.sh

Interface

Aggregated instruction summary

Instructions: 0Files: 0Format: composite

Scope & Permissions

What this capability can and cannot access — derived from pipeline analysis

✓creates files

✓deletes files

⚠modifies files

yes

✓accesses env variables

⚠invokes external tools

yes

✓makes network requests

Badge & Integration

Embed certification status in your README, docs, or CI pipeline

badge SVG →attestation API →integration guide →

Certification Notes

Provenance observations from the pipeline

publisher

Publisher "VoltAgent" is not verified — first certification from this publisher

provenance

No SECURITY.md or SECURITY.txt file found — no published vulnerability reporting process

provenance

Single contributor — no peer review evidence in commit history

provenance

Package description appears to be boilerplate or template text

Signed Artifact

Certification provenance and verification metadata

Content hash

sha256:b7b7617f175cb82580c8c26294c613bc474eb20f2373ba92f95d61217ef39fd4

Key ID

kms-9db4ed3b9f53

Certified

Apr 1, 2026

Expires

Apr 1, 2027

Pipeline version

1.0

Status

valid

Annotated Filedownload →

The original instruction file with a certification footer appended. Replace the source file in your project so AI agents see the trust score, verification link, and SOP.

.cert.jsondownload →

ES256-signed JWS artifact for programmatic verification. Use with the Fidensa MCP server or GitHub Action to validate integrity.