If you’ve ever opened a new Claude Code session and spent the first ten minutes re-explaining your architecture, your cloud vendor, or your security constraints you already understand the problem we set out to solve.

We just shipped three Claude Code Powerups to v1.0.0: OWASP LLM Auditor, Azure Architect, and Clean Architecture. They’re coordinated for marketplace release right now. Before they land, we want to share the honest story of what we built, how we built it, and what we got wrong before we got it right.

What These Powerups Actually Do

OWASP LLM Auditor audits your Claude Code resources, skills, subagents, slash commands against the OWASP LLM Top 10. Prompt injection, insecure output handling, excessive agency these aren’t hypothetical risks in agentic systems, and most teams aren’t checking for them systematically. This powerup does the check for you, surfaces findings with severity, and tells you what to fix.

Azure Architect acts as a senior Azure architect inside Claude Code. Not a thin wrapper around az CLI commands a skill with genuine cloud design opinions. It handles infrastructure decisions, helps you reason through service selection, scaffolds Bicep or ARM templates, and pushes back when you’re about to make an expensive mistake.

Clean Architecture implements Clean Architecture patterns in .NET projects. Scaffolding, feature generation, migrations, audits of existing codebases to measure pattern compliance. All three hit 100% compliance on our internal quality bar before we cut v1.0.0.

The Meta-Story: Building AI Tools to Augment AI Coding

We built all three using the same Superpowers skill framework that runs our internal agent workflows. That wasn’t a strategic decision at the start it was opportunistic. The framework was already there, already handling orchestration and context management, so we used it.

What we didn’t expect was how much the framework itself shaped the skills. When you’re building a skill inside a structured framework, you’re forced to make explicit decisions that you’d normally leave implicit in a prompt. What does this skill know? What can it do? Where does it stop? Those constraints are annoying during development and genuinely valuable at runtime.

Rigid vs. Flexible: The Design Tension We Kept Getting Wrong

Here’s what we learned the hard way: the first version of every skill was too rigid.

OWASP LLM Auditor v0.x would flag issues but give you no way to configure severity thresholds or scope the audit to specific resource types. Azure Architect would make infrastructure recommendations without surfacing its assumptions. Clean Architecture scaffolding would generate a project structure that was correct by the book but didn’t account for team-specific conventions.

The fix wasn’t to make the skills more permissive it was to make the context explicit. Each skill now asks for or infers the constraints that change the answer. Packaging domain expertise as a skill beats prompting from scratch every time but only if the skill knows what it doesn’t know.

Why Skills Beat Prompts for Repetitive Domain Work

There’s a version of this where we just published a prompt library. The problem is that prompts don’t compose, don’t maintain state across a session, and don’t give you a consistent interface to build on top of. A skill does all three.

When a developer installs the Azure Architect powerup, they get an architect who remembers the project context, can be invoked consistently across sessions, and produces output that other skills can consume. When they install OWASP LLM Auditor, they get a security review process that runs the same way every time not a prompt they have to remember to paste.

Try Them When They Land

All three powerups are at v1.0.0 and hitting the Claude Code marketplace within the next day or two. When they’re live, you’ll find them under the MBSoft publisher in the marketplace.

Watch blog.mbsoftsystems.com for the release announcement, or follow us for the drop.