Static analysis
Security scanner for Agent Skills — uncover hidden threats before deployment.
Full static analysis of HyperHives macOS Rust infostealer — 571 decrypted config values, C2 infrastructure, DPRK/Contagious Interview attribution, YARA/Sigma rules, STIX 2.1 bundle, ATT&CK Navigator layer
Collection of agent skills that turn your AI coder into a SAST scanner
RTOSploit is a security testing framework purpose-built for embedded RTOS firmware. It combines static analysis, CVE correlation, vulnerability assessment, exploit and payload generation, peripheral firmware auto-rehosting, grey-box fuzzing, and automated reporting - all running entirely in software via QEMU emulation.
AI-powered architecture analysis and code intelligence. Detects circular deps, layer violations, dead modules, and more. Web UI + CLI.
Free, open-source SQL Server execution plan analyzer — cross-platform GUI + CLI with 30 analysis rules, missing index detection, SSMS extension. Built-in MCP server for AI-assisted plan review.
Pre-submission compliance scanner for the Apple App Store
A parser, formatter, validator, and language server for SQLite SQL. Built on SQLite's own grammar and tokenizer
Semantic version control CLI. Entity-level diff, blame, graph, and impact analysis for code. 26 languages via tree-sitter.
Reverse engineer obfuscated JavaScript visually. Chain transforms, inspect AST changes, write reusable deobfuscation plugins.
Security guard for AI agents — blocks malicious skills, prevents data leaks, protects secrets. 24 detection rules, runtime action evaluation, trust registry.
High-performance secrets scanner. CLI, Go library, Burp Suite extension, and Chrome extension. 487 detection rules with live credential validation.
Agentic CLI Tool for GitHub Repository Health Analysis
Temodar Agent is an AI-powered WordPress plugin and theme security analysis platform built for security researchers, product security teams, auditors, and defenders. It combines AI agent workflows, multi-provider LLM orchestration, Semgrep-powered static analysis, and risk-based WordPress reconnaissance in one local-first Docker application.
Paste any GitHub URL → interactive architecture map. See how files connect, find what breaks if you change something. No install, no accounts — runs entirely in your browser.
Gixy-Next: NGINX Configuration Security Scanner & Performance Checker
AI-first security scanner with 76 analyzers, 9,600+ detection rules, and repo poisoning detection for AI/ML, LLM agents, and MCP servers. Scan any GitHub repo with: medusa scan --git user/repo
Raptor turns Claude Code into a general-purpose AI offensive/defensive security agent. By using Claude.md and creating rules, sub-agents, and skills, and orchestrating security tool usage, we configure the agent for adversarial thinking, and perform research or attack/defense operations.