Onome-AJ/security-sweep-plugin

4 stars · Last commit 2026-04-05

Free Claude Code plugin that scans your project for leaked API keys, security holes, and common mistakes before you ship. No security expertise needed.

PluginDebugging Design & UI DevOps & Infra Productivity AI & Prompting Data & ML Security

README preview

# Security Sweep — Claude Code Plugin

A comprehensive security scanner you can run against any codebase from Claude Code. Finds hardcoded secrets, injection flaws, auth issues, misconfigurations, AI-specific vulnerabilities, and more.

Covers **OWASP Top 10 (2025)**, **OWASP Mobile Top 10 (2024)**, and **OWASP LLM Top 10 (2025)**.

---

## Before You Install This (or Any) Plugin — Read This First

This section exists because we believe security starts before you write a single line of code. It starts with the tools you choose to trust.

### The Reality of AI Tool Plugins

Claude Code plugins, MCP servers, custom skills, GPT Actions, IDE extensions — the entire ecosystem of AI developer tooling shares a fundamental problem: **most of it runs with your privileges, on your machine, with access to your code.**

When you install a plugin, you are giving it:

- Access to read and write files in your project
- The ability to run shell commands on your behalf

View full repository on GitHub →