A VSCode extension that watches file edits made by Claude Code and automatically scans for security vulnerabilities.
- Real-time Scanning: Monitors file edits and saves to catch issues as they happen.
- Pattern Matching: Uses local pattern matching to detect common vulnerabilities:
- Missing Rate Limiting
- Exposed API Keys / Secrets
- SQL Injection
- Non-blocking Popups: Shows findings with pre-written fix prompts that you can copy and paste back into Claude.
- Lightweight: All analysis runs locally; no external services or LLM calls.
(Coming soon to the VSCode Marketplace)
Once installed, the extension will automatically start monitoring your files. You can also manually trigger a scan from the Command Palette: Claude Security: Scan Current File.
Settings can be found under claudeSecurityChecker in VSCode settings:
enabled: Toggle the security checker.watchMode: Choose betweengit-diff(default) andall-edits.
- Clone this repository.
- Run
npm install. - Press
F5in VSCode to open a new window with the extension loaded.
This project is private and intended for personal/team use.