Security checks in Claude Code:
the three real routes.

You build in Claude Code. Before you ship, you want someone to check your work for the mistakes that get apps breached. Here is what a security check inside Claude Code can actually do today: the built-in command, the professional audit skills, and our free 48-check suite. Described honestly, with sources.

Install the free plugin → Or scan your live site (free)

Three ways to run a security check in Claude Code

All three are real, and they aim at different people. Here is what each one does, taken from its own documentation rather than from our opinion of it.

🔍

1. The built-in command

Anthropic ships a /security-review command with Claude Code. Run it in your project directory and Claude searches your codebase for potential vulnerabilities and explains what it found. Anthropic's announcement lists SQL injection (database commands sneaked in through input fields), cross-site scripting (attacker scripts running in your users' browsers), authentication flaws, insecure data handling, and dependency vulnerabilities. There is also a companion GitHub Action that reviews every pull request and comments inline. If you use Claude Code, run it. It is already there, one command away.

🧰

2. The Trail of Bits skills

Trail of Bits is a respected security research firm. Their open skills repository describes itself as a plugin marketplace for AI-assisted security analysis, testing, and development workflows. It holds roughly 40 plugins: code auditing, static analysis tooling such as CodeQL and Semgrep, differential review, verification, mobile security, even smart contract audits. It is written for security researchers, auditors, and developers who already speak the language. If that is you, it is excellent company to keep.

🛡️

3. The Lictor security suite

Our suite is built for a different person: the founder or developer shipping a real app who is not a security professional and does not want to become one this week. Four skills, 48 documented checks, a report in plain English, guided fixes, and guided key rotation. Free and open source under Apache 2.0. The rest of this page explains what it does and how to verify every claim we make about it.

One thing we will not do on this page is rank these three. We have not measured them against each other, and a ranking without a measurement is just marketing with a straight face. More on that in the accuracy section below.

What the Lictor suite actually is

One plugin, four skills. Together they cover the whole arc: find the problems, understand them, fix them, and handle the one emergency that cannot wait.

📋

/lictor-security-check, the audit

Reads your code. Never changes it. It works through 48 documented checks covering what actually gets apps breached: leaked API keys, exposed .env and config files, broken access control (one user able to read another user's data), injection, SSRF (your server tricked into making requests for an attacker), open databases, missing rate limits, and prompt injection in AI features (hostile instructions hidden inside content your AI reads). It ends with a markdown report written in plain English.

🔧

/lictor-fix-it, the fixer

Walks the findings one at a time. For each, it shows you the exact change, asks your permission, applies it, and runs your tests if you have them. Some fixes need you to act outside the editor (rotating a leaked key, for example), and it says so plainly instead of pretending it fixed everything.

💬

/lictor-explain, the explainer

Paste in any scary finding, from our audit or from any other tool, and get it back in plain English: what it is, what could actually happen, and what to do about it. No acronyms without a translation attached.

🔑

/lictor-rotate, the rotator

The emergency skill. If a key leaked, it walks you through rotation for your specific provider: the exact console page, the exact button, and how to confirm the old key is dead. It covers Stripe, OpenAI, Anthropic, Google, GitHub, AWS, Slack, Supabase, Firebase, and Postmark. The same runbook lives on our leaked API key page if you need it right now.

Every check is public. The catalog documents what each one looks for and, just as important, what it refuses to flag, because a report full of false alarms trains you to ignore reports. You can read the whole thing before installing anything.

Install it in two commands

Open Claude Code and type:

/plugin marketplace add Raffa-jarrl/Lictor-AI
/plugin install lictor-security-suite@lictor-ai

Then open any project and run:

/lictor-security-check

That is the whole setup. No signup, no separate account, nothing to configure. The audit reads your code and writes a report you can actually understand. If a finding still confuses you, /lictor-explain will translate it.

The accuracy question, answered with a number

Anyone can claim their scanner is accurate. So here is our number, with its limits attached.

In a blind run on a 30-case stratified sample of OWASP Benchmark 1.2 (a public test suite of deliberately vulnerable and deliberately safe code), the audit scored an F1 of 93.8%. That is a 30-case sample, not the full benchmark, and we say so every time we quote it. The full methodology, the raw results, every false alarm with its root cause, and the script to reproduce the run yourself are all in the published benchmark.

And the sentence that matters most on a page like this: we publish our accuracy and our methodology; we have not run head-to-head numbers on the others, so we won't invent them. If we ever measure a comparison, we will publish it the same way, reproducible and with the caveats up front.

Both sides of the deploy: code and live site

A plugin can only see your code. But some problems only exist on the live site: the .env file your server happily hands to strangers, the debug endpoint left open, the header that never got set. Your code can be clean and your deployment can still leak. So the workflow has three steps.

1

Before you ship

Run /lictor-security-check in Claude Code. It audits the code on your machine, against the 48-check catalog, and gives you a plain-English report to work through.

2

After you deploy

Run the free scan on your live site. It looks from the outside, passively, and needs no signup. This is the check your plugin physically cannot do, because the plugin never sees what your server actually serves to the internet.

3

From then on

Sites drift. A config change, a new deploy, a teammate's shortcut. Continuous monitoring re-checks your live site around the clock and emails you an alert when something new is exposed, from $49/mo. Plans are on the business page, signup at app.lictor-ai.com/billing.

All of it, the checks, the scanner, and the monitoring, is built by a security engineer with 20 years in the field who does real responsible-disclosure work. The free parts are genuinely free and open source. The paid part exists because watching your site around the clock takes always-on software and infrastructure, and that costs money to run.

Building with an AI app builder rather than by hand? We keep a security checklist for Lovable and a leaked-key guide for Bolt, because those tools have their own habits.

Install the free plugin → Run the free scan

Questions people ask at this point

Does Claude Code have a built-in security review?

Yes. Anthropic ships a /security-review command with Claude Code. Run it in your project directory and Claude searches your codebase for potential vulnerabilities and explains what it finds: SQL injection, cross-site scripting, authentication flaws, insecure data handling, and dependency vulnerabilities, per Anthropic's own list. There is also a GitHub Action that reviews pull requests automatically. Plugins like ours add to that baseline rather than replace it.

What is the best security skill for Claude Code?

Honestly, it depends on what you need. The built-in command is a quick pass you already have. The Trail of Bits skills are built for security researchers and professional auditors. Ours is built for founders and developers who are not security specialists: 48 documented checks, a plain-English report, guided fixes, and guided key rotation, free and open source. We publish our accuracy (an F1 of 93.8% in a blind run on a 30-case stratified sample of OWASP Benchmark 1.2, a sample and not the full benchmark) and our methodology. We have not seen published head-to-head numbers on these options, and we have not produced any ourselves, so treat any ranking you read as opinion. Read what each covers and pick the one that matches your situation.

How do I install a security plugin in Claude Code?

Two commands, typed inside Claude Code. For our suite: /plugin marketplace add Raffa-jarrl/Lictor-AI, then /plugin install lictor-security-suite@lictor-ai. After that, run /lictor-security-check in any project. Other marketplaces install the same way with their own repo name.

Will the audit change my code or send it anywhere new?

The audit is read-only: it reads your code and writes a report file, nothing else. Changes only happen through the separate /lictor-fix-it skill, which shows you each edit and asks permission first. Everything runs inside your normal Claude Code session, with the same model access you already granted Claude Code. There is no extra account and no extra service in the loop.