By HighTechHec
Aikido Security scanning for Claude Code — SAST, secrets, and IaC vulnerability detection powered by the Aikido MCP server.
Runs an Aikido security scan on generated, added, or modified code files to detect SAST vulnerabilities and exposed secrets. Use when the user wants to scan code for security issues, after writing or modifying code, or when they mention Aikido, security scan, or SAST. Always run an Aikido scan after generating code to verify the generated code is free of security issues.
Configures the Aikido plugin by setting up the API key and verifying the MCP server. Accepts an optional API key argument to configure automatically. Use when the user wants to set up or verify the Aikido plugin, after installing it, or when aikido_full_scan fails or is unavailable.
Brings Aikido Security scanning directly into Claude Code. Detects SAST vulnerabilities, exposed secrets, and IaC misconfigurations in code you write or modify, and guides Claude to fix them before they ship.
| Skill | Command | Description |
|---|---|---|
| Scan | /aikido:scan | Scans modified or new files for security issues, applies fixes, and re-scans until clean |
| Setup | /aikido:setup [api-key] | Verifies the plugin is configured and walks through API key setup if not. Pass your API key as an argument to configure it automatically. |
Install the plugin from the Claude Code marketplace (coming soon). Or install via the Aikido plugin marketplace by running the following commands:
/plugin marketplace add AikidoSec/aikido-claude-plugin/plugin install aikido/reload-plugins to activate.Next run the setup skill with your API key:
/aikido:setup your-key-here
This saves the key to your Claude Code user settings and registers the MCP server automatically. Restart Claude Code afterwards for the changes to take effect.
Alternatively, set the key as an environment variable and restart Claude Code:
export AIKIDO_API_KEY="your-key-here"
Run /aikido:setup (without a key) at any time to verify your configuration is working.
Requires secrets
Needs API keys or credentials to function
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
npx claudepluginhub hightechhec/aikido-claude-pluginReliable automation, in-depth debugging, and performance analysis in Chrome using Chrome DevTools and Puppeteer
Multi-LLM Council for adversarial debate, cross-validation, and structured decision-making
Harness-native ECC operator layer - 61 agents, 246 skills, 76 legacy command shims, reusable hooks, rules, selective install profiles, and production-ready workflows for Claude Code, Codex, OpenCode, Cursor, and related agent harnesses
Turn on Godmode for Claude Code. 126 skills. 7 subagents. Zero configuration.
SAST analysis, dependency vulnerability scanning, OWASP Top 10 compliance, container security scanning, and automated security hardening
Comprehensive skill pack with 66 specialized skills for full-stack developers: 12 language experts (Python, TypeScript, Go, Rust, C++, Swift, Kotlin, C#, PHP, Java, SQL, JavaScript), 10 backend frameworks, 6 frontend/mobile, plus infrastructure, DevOps, security, and testing. Features progressive disclosure architecture for 50% faster loading.
Complete collection of battle-tested Claude Code configs from an Anthropic hackathon winner - agents, skills, hooks, and rules evolved over 10+ months of intensive daily use