A Claude Code skill that installs a curated bundle of third-party security review and threat-modeling skills into a project on demand. No hooks by default. Fully reversible. XDG-compliant.
Security review with Claude Code works best when the model has the right skills loaded for the task. security-kit does three things:
- Installs curated skill bundles into
.claude/skills/of the current project, with variants for different needs (minimal, sec-review, threat-modeling, cybersecurity, full). - Ships battle-tested prompts for the common workflows (broad review, PR-diff triage, threat modeling, shell-string audit).
- Orchestrates runs.
/security-kit scanruns the installed skills in the correct sequence./security-kit smart-scanfingerprints the project first and curates a prompt tailored to its shape.
Opt-in frameworks and platforms are kept separate from the default flow:
- Raptor (
/security-kit install-raptor) — offensive-security harness with SessionStart hook and/raptor-*commands - PentAGI (
/security-kit install-pentagi) — autonomous pentesting platform (Go + React + Docker, 20+ built-in tools) - HexStrike AI (
/security-kit install-hexstrike) — MCP server exposing 150+ security tools to AI agents
In any project directory:
/security-kit install # install the full variant (no hooks)
/security-kit scan # run the installed skills against this project
/security-kit uninstall # clean up when done
For a project where you want Claude to pick the right skills itself:
/security-kit smart-scan # analyzes project shape, writes a tailored scan prompt
| Command | Purpose |
|---|---|
/security-kit list |
List every skill the kit offers + what's currently installed in this project |
/security-kit install [variant] |
Install skills. Variants: minimal, sec-review, threat-modeling, cybersecurity, full (default). No hooks. |
/security-kit install-hooks <name...> |
Opt-in hook installer from a whitelist: gh-cli, modern-python |
/security-kit install-raptor |
Opt-in raptor framework. Installs SessionStart hook, /raptor-* commands, CLAUDE.md override. |
/security-kit install-pentagi |
Opt-in PentAGI autonomous pentesting platform. Docker Compose deploy + wrapper skill. |
/security-kit install-hexstrike |
Opt-in HexStrike AI MCP server. 150+ security tools via MCP protocol. |
/security-kit uninstall [variant] |
Remove installed skills. Default removes all sec-kit-managed skills. |
/security-kit uninstall-hooks <name...> |
Remove specified hooks |
/security-kit uninstall-raptor |
Remove raptor framework from the project |
/security-kit uninstall-pentagi |
Remove PentAGI wrapper and deployment files |
/security-kit uninstall-hexstrike |
Remove HexStrike wrapper and venv |
/security-kit scan |
Run all installed skills in the correct sequence against this project |
/security-kit smart-scan |
Fingerprint the project, then curate a scan prompt tailored to the project's shape |
| Variant | Skills | Use when |
|---|---|---|
minimal |
5 skills (the T6 chain): audit-context-building, variant-analysis, supply-chain-risk-auditor, insecure-defaults, fp-check | Quick adversarial review of a small/medium codebase |
sec-review |
13 skills: minimal + differential-review, semgrep-rule-creator, constant-time-analysis, zeroize-audit, codeql, semgrep, sarif-parsing, owasp-security | Standard security review workflow |
threat-modeling |
9 skills: tm-init, tm-threats, tm-drift, tm-full, tm-report, tm-verify, tm-compliance, tm-status, tm-tests | STRIDE/PASTA threat modeling, PR-drift detection |
cybersecurity |
54 curated skills from Anthropic-Cybersecurity-Skills: cloud security, threat hunting, malware analysis, IR, pentesting, web app security, network security, forensics, SOC ops, IAM, container security, DevSecOps, vuln management, phishing defense | AI-guided security operations and penetration testing |
full (default) |
All 22: sec-review ∪ threat-modeling | General-purpose installation |
Deliberately excluded from all variants:
entry-point-analyzer— smart-contract-only (Solidity/Vyper/Solana/Move/TON/CosmWasm), not general-purposefirebase-apk-scanner— active internet scanner- fr33d3m0n's threat-modeling skill — ships a PostToolUse Write hook (use raptor's opt-in path if you want something similar)
- Trail of Bits plugins with hooks (
gh-cli,modern-python,skill-improver,firebase-apk-scanner,second-opinion) — opt-in viainstall-hooks
| Framework | What it is | Install command |
|---|---|---|
| Raptor | Offensive-security harness with SessionStart hook, /raptor-* commands, CLAUDE.md override |
/security-kit install-raptor |
| PentAGI | Autonomous pentesting platform (Go backend + React UI + Docker, 20+ built-in tools, multi-agent AI) | /security-kit install-pentagi |
| HexStrike AI | MCP server exposing 150+ security tools (nmap, nuclei, sqlmap, etc.) to AI agents via FastMCP | /security-kit install-hexstrike |
Skill sources are cloned to $XDG_DATA_HOME/security-kit/sources/ (defaults to ~/.local/share/security-kit/sources/ on Linux/macOS). Symlinks from .claude/skills/ point into that directory, so a single git pull updates every project using those skills.
Resolution order for source paths:
--sources-dirCLI flag (per-invocation).security-kit.yamlin the project root →sources_dir:~/.config/security-kit/config.yaml→sources_dir:$SECURITY_KIT_HOMEenvironment variable$XDG_DATA_HOME/security-kit/sources/(default)~/.local/share/security-kit/sources/(XDG fallback)
Prewritten, battle-tested prompts live in prompts/ of this repo and are installed alongside the skills at .security-kit/prompts/ in your project:
full-review.md— the T6 multi-skill chain (audit-context → hunt → variants → supply-chain → insecure-defaults → fp-check)pr-diff-triage.md— differential-review → tm-drift chain for "does this PR need a threat model update"threat-model.md— full STRIDE workflow via tm-*shell-string-audit.md— the F4-gap closer, hunts template-literal shell command builders that every adversarial skill misses
- The kit itself is pure markdown +
bashcommands. No Python, no compiled code. - Skills installed from third-party sources (Trail of Bits, OWASP, josemlopez, fr33d3m0n) are symlinked unmodified; you can
catany.claude/skills/*/SKILL.mdto see exactly what Claude will read. - Hooks are opt-in. Nothing runs automatically after
installwithout your explicitinstall-hooksorinstall-raptor. - Raptor's opt-in path prints what it will install (SessionStart hook, CLAUDE.md override, slash commands) and waits for confirmation.
/security-kit uninstall removes every symlink the kit created. uninstall-hooks and uninstall-raptor each clean their own additions. The project-local .security-kit/ directory is removed. Skill sources in ~/.local/share/security-kit/ stay put (they're shared across projects); /security-kit purge removes those too if you want a full wipe.
Licensed under either of
- Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.