agentic-security

Skill by ara.so — Security Skills collection

agentic-security is a comprehensive security scanner built for AI-driven development workflows. It provides plain-English vulnerability findings with real-world cost estimates, auto-fix capabilities, and compliance framework attestations across 8 languages.

What It Does

• 12-pillar security scan: SAST, SCA, secrets, IaC, LLM safety, MCP agent-tool audit, auth/authZ, pipeline integrity, containers, deploy config, supply chain, and trend tracking
• Plain-English findings: No CVE jargon—shows stakes, estimated cost, and concrete fixes
• Auto-fix with preview: One-command remediation with backup and revert capabilities
• Compliance reports: NIST AI 600-1, OWASP ASVS, OWASP LLM Top 10, EU AI Act
• CISA KEV + EPSS prioritization: Focus on actively exploited vulnerabilities
• Function-level reachability: Know which dependency vulnerabilities actually affect your code
• Real-time bodyguard: Intercepts insecure AI-generated code before it hits disk

Installation

As Claude Code Plugin