Slash Command

/scan

Run comprehensive static security analysis on AI agent code using OWASP LLM Top 10 framework. Analyze prompts, outputs, tools, data handling, memory, supply chain, and behavioral patterns. Use when user asks for security scan, vulnerability check, OWASP analysis, code review for security, or wants to check their AI agent for security issues.

Install

npx claudepluginhub cylestio/agent-inspector

Prompt Preview

# Static Security Scan

Run a comprehensive security scan on AI agent code using the OWASP LLM Top 10 framework.

## Prerequisites

**You MUST run `/agent-inspector:setup` BEFORE proceeding.**

This is NOT optional. The setup command will:
1. Check if agent-inspector is already running
2. Auto-detect your LLM provider (OpenAI/Anthropic)
3. Start the server in background if needed
4. Verify MCP connection is working

**DO NOT skip this step.** If you proceed without running the Preflight Check, MCP tools will fail.

## Your Advantage Over Traditional SAST

You are smarter than any static ana...

Command Content

Other plugins with /scan

/scan

Scans current codebase for security vulnerabilities via SAST, dependency CVEs (npm/pip/composer), and config issues. Outputs structured report with severity ratings, findings, and remediation steps.

vulnerability-scanner

1.9k

/scan

Scans configured MCP servers for security vulnerabilities and policy violations using clawdstrike_scan tool. Groups findings by severity with remediation steps and summary.

clawdstrike

273

/scan

Runs automated security scans for dependencies, secrets, and licenses; triages results by severity and generates prioritized reports with fix recommendations.

ReadGrepGlob+2

universal-dev-standards

/scan

security/

Scans codebase for security vulnerabilities, hardcoded secrets, insecure patterns, and web security headers. Generates Markdown report with issues, code snippets, and remediation examples.

aura-frog

/scan

Scans provided text for safety issues using 7 Sentinel AI scanners (prompt injection, PII, harm, toxicity, etc.), reports risk levels (NONE to CRITICAL), blocks unsafe content, and redacts PII.

sentinel-ai

/scan

Run Semgrep, CodeQL, Joern static security scans on code branches or changed files, emitting shared findings to .claude/findings.json

BashGlobRead+2

vuln-scout

Stats

Parent Repo Stars6

Parent Repo Forks1

Last CommitJan 7, 2026

Actions

View Source View Plugin View on GitHub View README

Static Security Scan

Run a comprehensive security scan on AI agent code using the OWASP LLM Top 10 framework.

Prerequisites

You MUST run /agent-inspector:setup BEFORE proceeding.

This is NOT optional. The setup command will:

Check if agent-inspector is already running
Auto-detect your LLM provider (OpenAI/Anthropic)
Start the server in background if needed
Verify MCP connection is working

DO NOT skip this step. If you proceed without running the Preflight Check, MCP tools will fail.

Your Advantage Over Traditional SAST

You are smarter than any static analysis tool. You can:

Understand code semantically, not just pattern match
Reason about AI agent-specific vulnerabilities
Avoid false positives through contextual understanding
Find issues no SAST would ever catch

Scan Workflow

1. Derive agent_workflow_id

Auto-derive from (priority order):

Git remote: github.com/acme/my-agent.git -> my-agent
Package name: pyproject.toml or package.json
Folder name: /projects/my-bot -> my-bot

2. Register IDE Connection

Send a heartbeat at session start:

ide_heartbeat(
  agent_workflow_id=agent_workflow_id,
  ide_type="claude-code",
  workspace_path="/full/path/to/workspace",
  model="claude-opus-4-5-20251101"  # Your model from system prompt
)

Activity is automatically tracked on every MCP tool call.

3. Create Analysis Session

create_analysis_session(agent_workflow_id, session_type="STATIC")

4. Get Security Patterns

get_security_patterns()

NEVER hardcode patterns - always fetch from MCP. But also use your own understanding!

5. Analyze Code for ALL 7 Categories

For each code file, analyze thoroughly looking for:

1. PROMPT Security (LLM01)

User input concatenated into prompts without sanitization
System prompts that can be overridden or leaked
Jailbreak vectors, prompt injection points
Missing input validation before LLM calls
Prompt templates with unsafe interpolation

2. OUTPUT Security (LLM02)

Agent output used directly in SQL queries, shell commands, or code
XSS vulnerabilities when rendering agent responses in web UI
Agent output passed to dangerous functions (eval, exec)
No output validation before downstream use
Unescaped agent responses in logs or displays

3. TOOL Security (LLM07, LLM08)

Dangerous tools (shell, file, network) without constraints
Missing permission checks on tool execution
Tools that can be chained dangerously
No input validation on tool parameters
Insecure plugin/tool interfaces

4. DATA Security (LLM06)

Hardcoded API keys, secrets, credentials
PII in prompts or system instructions
Sensitive data logged or exposed in responses
Credentials in error messages
Unencrypted sensitive data storage

5. MEMORY & CONTEXT Security

Conversation history stored insecurely
RAG/vector store poisoning vulnerabilities
Context injection through retrieved documents
No validation of retrieved content before use
Unbounded context accumulation
Shared memory between users/sessions

6. SUPPLY CHAIN Security (LLM05)

Unpinned model versions
External prompt sources without validation
Unsafe dependencies with known CVEs
No integrity checks on loaded resources
Unvalidated model downloads

7. BEHAVIORAL Security (LLM08/09)

No token/cost limits
Unbounded loops or recursion
No rate limiting on tool calls
Missing human-in-the-loop for sensitive operations
Agent can be manipulated to exceed boundaries
No approval gates for high-risk actions

6. Store Findings

For each issue found:

store_finding(
  session_id=session_id,
  file_path="src/agent.py",
  finding_type="PROMPT_INJECTION",
  severity="CRITICAL",
  category="PROMPT",
  title="User input in system prompt",
  description="User input directly concatenated into system prompt",
  line_start=45,
  line_end=52,
  code_snippet="...",
  owasp_mapping=["LLM01"],
  cwe="CWE-94"
)

7. Complete Session

complete_analysis_session(session_id)

8. Report Summary

Format example

AI Security Scan Complete!

Scanned: X files

Security Checks (7):
X PROMPT Security: 2 Critical issues
X OUTPUT Security: 1 High issue
! TOOL Security: 2 Medium issues
/ DATA Security: Passed
/ MEMORY Security: Passed
/ SUPPLY CHAIN: Passed
/ BEHAVIORAL: Passed

Gate Status: BLOCKED (2 categories failed)

View details: http://localhost:7100/agent-workflow/{id}/static-analysis

Fix most critical: /agent-inspector:fix REC-001

Quality Over Quantity

DO find every real security issue
DO use your understanding of context to assess severity
DON'T flag things that aren't actually exploitable
DON'T generate noise like traditional SAST
ALWAYS categorize into one of the 7 security checks

After Scanning

If dynamic data exists (state is COMPLETE), automatically run correlation:

get_agent_workflow_correlation(agent_workflow_id)

Report which findings are VALIDATED (confirmed at runtime) vs UNEXERCISED (never triggered).