AI agent security scanning for Claude Code. Scan any project for credential harvesting, prompt injection, tool poisoning, and 14 more threat categories.
# In Claude Code:
/install-plugin firmislabs/firmis-securityOr add to a marketplace:
/plugin marketplace add firmislabs/firmis-security
/plugin install firmis-security@firmis-security| Command | Description |
|---|---|
/security-scan |
Scan project for AI agent security threats |
/security-fix |
Auto-fix detected threats (dry-run first) |
/security-report |
Generate full security assessment + HTML report |
- Scans any AI agent project — auto-detects MCP servers, Claude skills, Codex plugins, and more
- 227 detection rules across 17 threat categories
- Auto-fix with backup/restore (Tier 1 auto-apply, Tier 2 with confirmation)
- AI triage classifies findings as true/false positives (requires free account)
- Compliance maps to SOC 2, EU AI Act, GDPR, NIST AI RMF, OWASP
The plugin wraps firmis-cli — the commands run npx firmis-cli under the hood. No global install needed.
> /security-scan
# Scans current project, shows grade (A-F), lists threats by severity
> /security-scan --platform mcp
# Scan MCP server configurations only
> /security-fix --dry-run
# Shows what would be fixed without applying changes
> /security-report
# Full assessment with HTML report saved to project directory
- Firmis Labs
- npm: firmis-cli
- GitHub: firmis-scanner (open source)