Skip to content

chawdamrunal/assay

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Assay — security scanner for the AI dev stack

License: Apache-2.0 Go 1.25+ Status: pre-1.0 MCP server GitHub stars

Reasons about an artifact with an LLM — not regex — to catch prompt injection, credential exfiltration, and MCP tool poisoning in Claude Code plugins, MCP servers, hooks, skills & connectors.
Runs on your Claude Code subscription — no separate API key required.

📚 Documentation  ·  Install  ·  Quickstart  ·  How it works  ·  FAQ

▶ Demo video

Tool.Demo.mp4

What it does

Before you install a plugin or wire up an MCP server, Assay threat-models what it could do, then reads the code for evidence — every finding backed by a verbatim file:line quote.

  • Reasons, doesn't pattern-match — an LLM builds a threat model before it reads source, so the review is hypothesis-driven, not regex.
  • Catches AI-native threats — prompt injection, MCP tool poisoning, credential exfiltration, hook abuse, capability-vs-claim mismatch.
  • No confabulation — a post-validator re-reads every citation and drops anything the model can't back with real code.
  • Runs on your subscription — default mode drives Claude Code via claude -p; no separate API key, no rate-limit walls.
  • One binary, three roles — the CLI, the assay serve web UI, and the assay mcp server Claude Code drives.

Verdict: safe / caution / unsafe, written as audit.json + audit.md.

Quickstart

git clone https://github.com/chawdamrunal/assay.git && cd assay
make build && make install          # single binary, React UI embedded

assay inventory                     # what's installed in ~/.claude
assay serve                         # http://localhost:7373 → "New Scan"

Full guide → Installation · Quickstart.

Documentation

The full docs live at chawdamrunal.github.io/assay:

  • Installation — build from source, curl / Homebrew / WinGet / Docker, auth
  • Quickstart — scan from the web UI or CLI, the pre-install gate, private GitHub repos
  • How it works — the 5-stage methodology, both scan modes, threat coverage
  • FAQ — vs. Snyk / Cisco, API-key needs, tool poisoning, source privacy

Deeper references in-repo: ARCHITECTURE.md · threat model · CHANGELOG.md.

Status

Pre-1.0, under active development. The MCP-server architecture is the default scan path; the legacy in-process orchestrator remains as an API-key / CI fallback. Report a security issue in Assay itself via SECURITY.md.

Contributing

See CONTRIBUTING.md. TDD-disciplined; every finding must cite a verbatim quote — enforced at runtime and in review.

License

Apache-2.0. See LICENSE.

About

Security scanner for the AI dev stack - audits Claude Code plugins, MCP servers, skills & connectors before you trust them.

Topics

Resources

License

Code of conduct

Contributing

Security policy

Stars

2 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors