strix - AI-Driven Application Security Testing

Keyword: strix · ai pentest · vulnerability scan cli · strix ci

Only use Strix against systems you own or are explicitly authorized to test.

Strix is an AI-driven application security CLI. It runs scans inside a Docker-backed sandbox, uses an LLM provider for reasoning, and can assess local directories, GitHub repositories, live URLs, domains, and multi-target combinations.

When to use this skill

• Install Strix and verify Docker plus sandbox readiness
• Configure STRIX_LLM, LLM_API_KEY, optional LLM_API_BASE, and related runtime settings
• Run local white-box scans against a repository or directory
• Run black-box or grey-box scans against staging or production-like URLs you are authorized to test
• Pass credentials, scope, or rules of engagement with --instruction or --instruction-file
• Choose the right scan depth: quick, standard, or deep
• Run Strix headlessly in CI/CD and interpret exit codes
• Understand Strix's internal security "skills" and how they differ from this repo's skills