Five products. One principle: only flag what's confirmable.
Lictor is an AI-security suite that meets your app at every layer it can be
watched honestly: at runtime while the model is answering,
in the browser against a live deployment, over time
on a dashboard, across the internet as a continuous scanner, and
in your editor as a local audit. Same rule everywhere: observe,
confirm, then report. Nothing attacks a live system; nothing leaves your machine
unless you choose to publish it.
The skill suite is open source, Apache 2.0, no telemetry:
github.com/Raffa-jarrl/Lictor-AI.
The rest runs on Lictor’s hosted platform.
Pick by where the risk lives. Guardian gathers your findings over time; Patrol is the
internet-scale scanner behind the in-the-wild disclosures; the CLI is the
pre-release audit you run before you ship.
The 48-check pre-release audit, plus explain, fix-it and rotate. open source · 100% local
Hosted dashboard · Lictor Guardian
The findings, gathered over time
Each check tells you about a moment. Guardian is the place those moments
add up. It's a hosted dashboard and incident timeline that aggregates findings over
time, so you can see whether a problem is new, recurring, or finally resolved, and
tell that story to the people who ask. It is the dashboard behind the
hosted business plans.
Incident timeline
Findings laid out in order: when each first appeared, when it changed, when it cleared.
Aggregated over time
One view across runs and sources, so a recurring issue reads as a pattern, not a surprise.
Part of the hosted plans
Guardian comes with Patrol monitoring on the business plans, from $49/mo.
Continuous scanner · Lictor Patrol
The engine behind the in-the-wild disclosures
Patrol is the internet-scale scanner pillar. It starts with passive recon
(what's already public, gathered without touching the target) and adds a
precision-gated active tier that confirms a narrow set of high-signal
exposures. Every finding, passive or active, passes through a central verify
gate before it is ever reported. Until a human confirms it, a finding is
SUSPECTED, never asserted. Disclosure is ethical and observe-only:
Patrol looks, it does not break in.
The precision-gated active tier
These are the exposures the active tier confirms: each one observable from the outside, none requiring an attack.
CRITICAL
Exposed configs
Config files a deployment serves to the open internet.
CRITICAL
Open buckets
World-readable object storage with contents anyone can list.
HIGH
CORS
Cross-origin policies loose enough to leak authenticated responses.
HIGH
Subdomain takeovers
Dangling DNS pointed at a service that can be claimed.
CRITICAL
Leaked keys
Live credentials exposed in public surfaces, confirmed before report.
VERIFY GATE
SUSPECTED until verified
Nothing is reported as fact until a human clears the central verify gate.
Four slash commands, all 100% local: no token, no signup, no
telemetry. They read your code and explain what they find in plain English. The
headline command is the 48-check audit documented in full on the
coverage page.
/lictor-security-check
The 48-check pre-release audit. Detects the stack, runs every applicable check, writes a plain-English SECURITY-AUDIT.md.
/lictor-explain
Takes any finding or jargon-heavy warning and rewrites it as something a non-technical founder can act on.
/lictor-fix-it
Walks the findings one at a time, shows the proposed change, and applies it only with your explicit OK.
/lictor-rotate
Step-by-step, provider-specific rotation of a leaked key: the exact URL, the exact button, and how to confirm it worked.
Install and usage
# install once, inside Claude Code
/plugin marketplace add Raffa-jarrl/Lictor-AI
/plugin install lictor-security-suite@lictor-ai
# run the full 48-check audit on the current project
/lictor-security-check
# confused by a finding? get it in plain English
/lictor-explain
# apply the fixes, one at a time, with your approval
/lictor-fix-it
# a key leaked? rotate it, provider by provider
/lictor-rotate
Every product only reports what it can confirm by reading code or observing what's
already public, never by attacking a live system. Patrol holds findings at SUSPECTED until a human verifies them;
the CLI runs entirely on your machine. A scanner that cries wolf is worse than none,
so the same evidence bar runs through all of it.
Here are the false positives we filter.
The audit is open-source. Apache 2.0. No telemetry.
Read the skill suite before you trust it, install it with two commands in Claude Code,
and run the audit on your own machine. When your app starts handling real users, the
hosted plans take over the watching.