Built by Clear Capabilities.
─────────────────────────────────────────────────────────────────
❌ Not safe to deploy · api-billing
─────────────────────────────────────────────────────────────────
3 critical · 8 high · 22 medium · 41 advisory
🔥 2 actively exploited in the wild (CISA KEV)
✓ 1 CONFIRMED (PoC built by /triage --validate)
[critical] SQL Injection api/users.ts:42
Could leak PII for ~5,000 users.
Estimated cost if exploited: $125k–$1.3M
Fix: use parameterized query — db.query('SELECT * FROM users WHERE id = ?', [id])
[critical] Hardcoded Stripe live key src/lib/billing.ts:7
Could enable fraudulent charges against your account.
Estimated cost if exploited: $50k–$500k (chargebacks + Stripe fees)
Fix: rotate via /agentic-security:fix --rotate-secret --auto, then move to env var
[critical] Missing webhook signature api/stripe-webhook.ts:12
Anyone can POST a fake "payment.succeeded" and unlock paid features.
Estimated cost if exploited: cost of a free subscription × every attacker
Fix: stripe.webhooks.constructEvent(rawBody, signature, endpointSecret)
How many do you want to fix?
1. Critical only (3 fixes)
2. Critical + High (11 fixes)
3. Critical + High + Medium (33 fixes)
─────────────────────────────────────────────────────────────────
No CVE jargon. The stakes, the cost, the fix.
In Claude Code (recommended) — two steps:
/plugin marketplace add https://github.com/Clear-Capabilities/agentic-security
/plugin install agentic-security@clearcapabilities
The first command registers the marketplace as a source; the second actually installs the plugin. Then restart Claude Code (or /reload-plugins). To update later: /plugin marketplace update clearcapabilities followed by /plugin install agentic-security@clearcapabilities.
In your terminal (no Claude Code required):
npx @clear-capabilities/agentic-security-scanner secure .Also works with Codex, Cursor, and Gemini CLI — harness setup.
/agentic-security:secure — Router. Picks the single best next action from project state. Also: --tour, --help, --daily.
/agentic-security:find-and-fix-everything — One-shot scan + fix every severity in one command. The vibecoder "just make it safe" path.
/agentic-security:scan — Run the scanner. Modes: full / diff / watch / baseline / archaeology / scanner-meta.
/agentic-security:triage — Decide on findings. Modes: id / show / explain / validate / tournament / red-team / exploit / query.
/agentic-security:fix — Remediation. Modes: id / all / pr / sca / compliance / rotate-secret / vault / harden / trim / generate.
/agentic-security:posture — Posture + reporting. Modes: status / report-card / harness / trend / threat / playbook / mgmt.
/agentic-security:compliance — Compliance + auditor flows. Modes: report / walkthrough / attestation / audit / pr.
/agentic-security:supply — Supply chain. Modes: check / sbom / cve-alerts / license.
/agentic-security:setup — Workflow installers + guards. Modes: hooks / ci / bodyguard / destructive-guard.
/agentic-security:labs — Experimental + AI-driven. Modes: claude-audit / model-rescan / synthesize-rule / cross-repo / risk-dollars / time-to-fix / llm.
Every legacy capability is reachable as a mode of one of these dispatchers — run /secure --help for the full surface.
/compliance --report <framework> generates an auditor-ready attestation that scans your project against:
| Framework | <framework> |
Coverage map |
|---|---|---|
| NIST AI 600-1 (2024) — Generative AI Profile | nist |
coverage |
| OWASP ASVS 4.0.3 — Application Security Verification Standard | asvs |
coverage |
| OWASP LLM Top 10 (2025) | llm |
coverage |
| EU AI Act | eu-ai-act |
scripts/eu-ai-act/ |
/compliance --walkthrough <framework> adds step-by-step auditor narratives with per-control evidence mapping for nist-csf-2, nist-ai-600-1, owasp-asvs-5, owasp-llm-top-10, eu-ai-act, gdpr, hipaa-security-rule, and ccpa — or bring your own controls at .agentic-security/compliance/<id>/controls.json.
- Plain-English findings with dollar-cost estimates. Best/likely/worst-case exposure, grounded in IBM Cost of a Data Breach 2024 and 25+ public settlement records. Not CVE numbers.
- Intercepts insecure AI-generated code before it hits disk. The
/setup --bodyguardhook blocks SQLi via concat, hardcoded API keys,evalon user input, and more — in real time, as your AI writes. - 12-pillar scan in one command. SAST, SCA, secrets, IaC, LLM safety, MCP agent-tool audit, auth/authZ, pipeline integrity, containers, deploy config, supply chain, and trend tracking.
- Function-level reachability across every dependency. OSV ecosystem_specific parsing, GHSA fix-commit analysis, vendored code fingerprinting, Java IR call-graph matching, and LLM-assisted function extraction — not just a hardcoded hints list.
- SCA reachability tiers. Every dependency classified as
function-reachable,import-reachable,build-only,manifest-only, ortransitive-only— so you fix what matters. - CISA KEV + EPSS prioritization. Separates "this could theoretically be bad" from "people are running scripts that exploit this today."
- SARIF codeFlows for taint traces. Multi-step source-to-sink paths rendered natively in GitHub Code Scanning, DefectDojo, and VS Code SARIF Viewer.
- One-command fix with preview. Every patch previewed before write, backed up, revertible. The fixer reads your stack so patches match your code style.
- Auto-baseline for legacy codebases.
--set-baselinesnapshots existing findings;--since-baselineshows only what's new. Day-one usable on any project.
Deep engine details — architecture.
Eight first-class languages, with cross-language detectors for the OWASP-relevant injection and crypto-misuse classes.
| Language | Vuln-class coverage |
|---|---|
| JavaScript / TypeScript | full (flow engine + structural) |
| Python | full (flow engine + structural) |
| Java | full |
| Kotlin | full |
| Go | full |
| Ruby | full |
| PHP | full |
| C# | full |
Detected across these languages: SQL injection, command injection, path traversal, LDAP injection, XPath injection, reflected XSS, SSRF, XXE, code injection (eval / SpEL / Groovy / Roslyn / template), insecure deserialization, hardcoded secrets, weak password hashing, weak ciphers (DES/RC4/Blowfish/ECB), static/zero IV, insecure randomness, CSRF, open redirect, HTTP response splitting, and ReDoS — plus the JS/Python-specific classes (prototype pollution, mass assignment) and the LLM/agent-tool surface.
The detectors are precision-first: parameterized queries, escaped output, allow-list guards, CSPRNG-derived IVs, framework CSRF middleware, and token-auth schemes are recognized and not flagged.
- Not a SaaS dashboard. It's a CLI + Claude Code plugin.
- Not a replacement for a pentester. Static analysis catches patterns; humans catch business-logic flaws. The
security-logic-reviewersubagent and/triage --validateclose part of the gap, not all of it. - Not magic. It can miss novel vulnerabilities, especially anything that requires understanding intent.
- Not free for resale. PolyForm Internal Use license. Use it to make your own code safe and secure. Don't repackage it as a competing scanner.
Full legal terms in LICENSE.
Built with care by Clear Capabilities. Found a bug, have a feature idea, want to talk? Please create a GitHub issue.