| Audit OpenClaw host security posture and hardening gaps |
356.8k |
— |
| Provision secure disposable development sandboxes for AI-generated code with Daytona |
72.4k |
— |
| Decompile Android APKs into readable source with jadx for review and analysis |
46.1k |
— |
| mitmproxy Interactive HTTPS Proxy for Debugging and Security Testing |
42.9k |
— |
| Run autonomous white-box pentests against web apps and APIs with Shannon |
39.8k |
4k/wk |
| Reproduce SQL injection paths and map database takeover options with sqlmap |
37.1k |
— |
| HashiCorp Vault Secret Rotation Agent |
35.4k |
— |
| HashiCorp Vault Secret Scanner |
35.4k |
— |
| HashiCorp Vault Secrets Rotation Agent |
35.4k |
— |
| Vault Secrets Rotation Orchestrator |
35.4k |
— |
| Vault Secrets Rotator |
35.4k |
— |
| Vault Transit Secrets Envelope Verifier |
35.3k |
— |
| Container Image Vulnerability Scanner |
34.8k |
— |
| Trivy Container & IaC Vulnerability Scanner |
34.5k |
— |
| Trivy Container Image Vulnerability Scanner |
34.5k |
— |
| Trivy Container Scanner |
34.5k |
— |
| Trivy Container Security Scanner |
34.5k |
— |
| Trivy Container Vulnerability Scanner |
34.5k |
— |
| Trivy Vulnerability Scanner Pipeline |
34.5k |
— |
| Trivy Security Scanner for Containers and IaC |
34.5k |
— |
| Nuclei Vulnerability Template Runner |
28k |
— |
| Better Auth Authentication Framework for TypeScript Applications |
27.8k |
— |
| Nuclei Template-Based Vulnerability Scanner |
27.7k |
— |
| Discord Moderation Bot with AI Classification |
26.7k |
563.5k/wk |
| Git Secret Scanner |
26.4k |
— |
| Git Secret Scanner with Gitleaks |
26.1k |
— |
| Git Secrets Pre-Commit Scanner |
26k |
— |
| Gitleaks Git Repository Secret Scanner |
25.7k |
— |
| Infisical Open-Source Secret Management Platform |
25.6k |
— |
| TruffleHog Credential Leak Scanner |
25.3k |
— |
| NetBird WireGuard Mesh VPN with Zero Trust Access Controls |
24k |
— |
| age Modern File Encryption Tool |
21.8k |
— |
| SOPS Secret File Encryption and Rotation |
21.5k |
— |
| SOPS Encrypted Secrets Editor and Manager |
21.3k |
— |
| Sanitize untrusted HTML fragments before rendering previews, comments, or CMS content with DOMPurify |
16.9k |
— |
| Audit Linux host hardening drift before exposing SSH or rolling to production |
15.5k |
— |
| ZAP Automated Security Scan Orchestrator |
15k |
— |
| Security Audit Skill |
15k |
— |
| SuperTokens Open Source Authentication Platform and Auth0 Alternative |
15k |
— |
| OWASP ZAP Active Scanner Agent |
15k |
— |
| OWASP ZAP API Fuzzer |
15k |
— |
| OWASP ZAP API Security Auditor |
15k |
— |
| OWASP ZAP API Security Scanner |
15k |
— |
| OWASP ZAP API Security Tester |
15k |
— |
| OWASP ZAP Automated Pen Testing Agent |
15k |
— |
| OWASP ZAP Automated Scan Orchestrator |
15k |
— |
| OWASP ZAP Scan Orchestrator |
15k |
— |
| OWASP ZAP Scanner Agent |
15k |
— |
| OWASP ZAP Security Audit Skill |
15k |
— |
| OWASP ZAP Security Scanner Agent |
15k |
— |
| OWASP ZAP Scanner |
15k |
— |
| SAST Pipeline Scanner |
14.9k |
— |
| SAST Rule Compiler for Semgrep |
14.8k |
— |
| Semgrep Supply Chain Rule Pack Runner |
14.6k |
— |
| Fuzz web paths, parameters, and virtual hosts with ffuf to surface hidden attack surface |
14k |
— |
| Audit cloud accounts for security misconfigurations with Prowler |
13.6k |
— |
| Score RAG answer quality and retrieval quality before rollout with Ragas |
13.4k |
— |
| Subfinder Fast Passive Subdomain Enumeration Tool |
13.3k |
— |
| Casdoor Open Source Identity and Access Management Platform |
13.3k |
— |
| Review Dockerfiles for risky patterns and bad defaults with hadolint |
12.1k |
— |
| Grype Container and SBOM Vulnerability Scanner |
12k |
— |
| Open Policy Agent (OPA) |
11.6k |
— |
| OPA Rego Policy Bundle Tester |
11.5k |
— |
| Scan Kubernetes clusters and manifests for security posture drift with Kubescape |
11.3k |
— |
| Skopeo Container Image Registry Operations CLI |
10.7k |
— |
| Route risky coding-agent work through human approval checkpoints with HumanLayer |
10.7k |
694/wk |
| Give MCP agents disposable code execution sandboxes with OpenSandbox MCP |
10.2k |
— |
| Magika AI File Type Detection and Content Classification |
10.2k |
— |
| httpx Fast Multi-Purpose HTTP Probing Toolkit by ProjectDiscovery |
9.8k |
— |
| Seal Kubernetes Secrets into Git-safe manifests with kubeseal |
9k |
— |
| Probe public TLS endpoints for protocol, cipher, and certificate weaknesses before rollout with testssl.sh |
9k |
— |
| Container Runtime Security Monitor |
8.9k |
— |
| Hanko Open Source Passkey Authentication and User Management |
8.9k |
— |
| Falco Runtime Security Monitor |
8.9k |
— |
| SBOM Generator and CVE Matcher |
8.9k |
— |
| Falco Runtime Security |
8.8k |
— |
| Checkov Infrastructure Policy Scanner |
8.6k |
— |
| Syft SBOM Generator for Containers and Filesystems |
8.6k |
— |
| OSV-Scanner Dependency Vulnerability Detector |
8.6k |
— |
| Checkov IaC Scanner |
8.6k |
— |
| Benchmark Kubernetes clusters against CIS controls with kube-bench |
8k |
— |
| Scan Python code for risky security patterns with Bandit before review or release |
7.9k |
— |
| Check Kubernetes hosts against CIS guidance with kube-bench before audit or hardening work |
7.8k |
— |
| Feroxbuster Fast Recursive Content Discovery Tool in Rust |
7.6k |
— |
| Scan LLM systems for jailbreaks, prompt injections, and unsafe behaviors with garak |
7.5k |
— |
| Probe Kubernetes clusters with kube-hunter for exposed services and misconfigurations |
7.3k |
— |
| Naabu Fast Port Scanner by ProjectDiscovery |
5.9k |
— |
| Cosign Artifact Signature Verifier |
5.8k |
— |
| Sigstore Cosign Container Verifier |
5.8k |
— |
| Sigstore Cosign Verification Pipeline |
5.8k |
— |
| Sigstore Cosign Verifier |
5.8k |
— |
| Sigstore Cosign Container Signature Checker |
5.8k |
— |
| Generate and screen lookalike domains with dnstwist for brand abuse triage |
5.7k |
— |
| Dependency Vulnerability Scanner |
5.5k |
— |
| NPM Package Supply Chain Auditor |
5.5k |
— |
| Snyk Container Image Analyzer |
5.5k |
— |
| Snyk Container Vulnerability Agent |
5.5k |
— |
| Snyk Dependency Audit Skill |
5.5k |
— |
| Snyk Dependency Vulnerability Auditor |
5.5k |
— |
| Snyk License Compliance Checker |
5.5k |
— |
| Snyk Open Source Dependency Auditor |
5.5k |
— |
| Snyk Vulnerability Scanner Agent |
5.5k |
— |
| Score open source repositories for supply-chain risk signals before adoption or release decisions with Scorecard |
5.4k |
— |
| dotenvx Secure Environment Variable Manager and Encryptor |
5.3k |
— |
| Probe ML and LLM systems for regressions and vulnerabilities with Giskard |
5.3k |
— |
| Unkey Open Source API Key Management and Rate Limiting Platform |
5.2k |
— |
| Terrascan Policy Scanner |
5.2k |
— |
| Horcrux Shamir Secret Sharing File Encryption and Splitting Tool |
5k |
— |
| Probe Kubernetes clusters for exposed attack paths with kube-hunter |
5k |
— |
| Run security audits and variant analysis workflows in Claude Code with Trail of Bits Skills |
4.7k |
— |
| Scan C and C++ code with Flawfinder for risky function patterns before review |
4.5k |
— |
| Baseline and Review Repository Secret Findings with detect-secrets |
4.5k |
— |
| Capture Linux runtime security events and suspicious behavior for live triage with Tracee |
4.5k |
— |
| Stripe Webhook Signature Verifier |
4.4k |
9.3M/wk |
| Cerbos Open Source Authorization Policy Decision Point |
4.3k |
— |
| Gate pull requests with targeted diff-aware AI security review using Claude Code Security Review |
4.3k |
— |
| Audit GitHub Actions for privilege and supply-chain risks with zizmor |
4.2k |
— |
| Audit SSH servers and clients for weak algorithms and risky config drift with ssh-audit |
4.2k |
— |
| Audit GitHub Actions workflows for insecure permissions and unpinned actions |
4.1k |
— |
| Scan LLM-generated code before use with CodeShield |
4.1k |
— |
| SSL Certificate Auditor |
3.8k |
— |
| AWS CloudTrail Log Normalizer |
3.6k |
— |
| AWS IAM Privilege Escalation Audit |
3.6k |
— |
| Tracecat AI-Native Security Automation and SOAR Platform |
3.5k |
— |
| Lint Kubernetes manifests and Helm charts for security and readiness issues before cluster deployment with KubeLinter |
3.4k |
— |
| Cariddi Domain Crawler and Endpoint Secret Scanner |
3.3k |
— |
| Generate adversarial API test cases from an OpenAPI or GraphQL schema |
3.2k |
— |
| Conftest Policy Tester |
3.2k |
— |
| Conftest Structured Configuration Policy Testing with OPA Rego |
3.2k |
— |
| Turn Windows event logs into Sigma-backed threat-hunting timelines with Hayabusa |
3.1k |
— |
| Filter prompts and model outputs for injection, secrets, toxicity, and policy risks with LLM Guard |
2.8k |
— |
| Deploy an agent-readable OpenClaw defense matrix and hardening audit with OpenClaw Security Practice Guide |
2.8k |
— |
| Inject SOPS-managed secrets into NixOS and Home Manager configs with sops-nix |
2.8k |
— |
| Bearer CLI SAST Code Security and Privacy Scanner |
2.6k |
— |
| KICS IaC Linter |
2.6k |
— |
| Snyk Agent Scan |
2.4k |
— |
| Inspect binary hardening flags and exploit mitigations with checksec |
2.3k |
— |
| Gate Rust dependency trees on license, advisory, and source-policy violations before merge with cargo-deny |
2.3k |
3.3M/wk |
| Audit AWS IAM policies for risky permissions with Cloudsplaining |
2.2k |
— |
| Provision OAuth-capable Microsoft agent identities with Entra Agent ID |
2.1k |
— |
| Run agent CLIs in a capability-based local sandbox with snapshots and controlled egress using nono |
2.1k |
— |
| Lint .env files for duplicated keys and unsafe formatting with dotenv-linter |
2.1k |
— |
| Snyk Agent Scan MCP and Skill Security Scanner |
2k |
— |
| Audit Python dependency sets for known vulnerabilities before release or environment promotion with Safety |
2k |
— |
| Block secret leaks before commit or push with ggshield |
1.9k |
— |
| Run repeatable model and agent eval suites and inspect scoring traces with Inspect AI |
1.9k |
— |
| Broker API credentials to AI agents without exposing raw keys using OneCLI |
1.9k |
— |
| Scan agent skill folders for risky patterns and missing safeguards before sharing or deployment with Cisco Skill Scanner |
1.8k |
— |
| Clerk JavaScript Backend SDK for Server-Side Auth Workflows |
1.7k |
— |
| Assemble minimal OCI images from declarative package configs with apko |
1.6k |
— |
| Red-team agent workflows for jailbreaks, prompt injection, and policy failures with DeepTeam |
1.6k |
— |
| Decode, inspect, sign, and verify JWTs while debugging auth flows with jwt-cli |
1.5k |
3.4k/wk |
| Sweep GitHub for leaked secrets and exposed credentials with git-hound |
1.4k |
— |
| Generate OSS-Fuzz harnesses with oss-fuzz-gen |
1.4k |
— |
| Collect Unix-like incident-response artifacts into one portable evidence bundle with UAC |
1.3k |
— |
| Audit Python environments and requirements files for known vulnerabilities with pip-audit |
1.3k |
— |
| Sign agent-made Git commits with gitsign |
1.1k |
— |
| Verify agent policy coverage and risky-action guardrails before production rollout with Agent Governance Toolkit |
1.1k |
20.9k/wk |
| Screen packages and agent skill repos for malware and supply-chain risk before adoption with SafeDep Vet |
1k |
90/wk |
| Audit Go dependency licenses with go-licenses |
992 |
— |
| OpenClaw Security Suite (ClawSec) |
975 |
— |
| CycloneDX SBOM Generator |
956 |
— |
| Scan agent workflows for tools, MCP exposure, and adversarial risk with Agentic Radar |
953 |
— |
| Scan agentic codebases for exposed tools MCP usage and mapped security findings with Agentic Radar |
953 |
— |
| Pin CI workflow actions and images with Ratchet |
928 |
— |
| Scan MCP servers for security findings before connecting them to agents with MCP Scanner |
889 |
— |
| Encrypt and decrypt age secrets with hardware-backed YubiKey identities |
881 |
— |
| Detect repository licenses before dependency approval or open-source due diligence |
876 |
— |
| Betterleaks Next-Generation Secrets Scanner |
712 |
— |
| Verify Packages Are Reproducibly Rebuildable Before Trusting Artifacts With Oss Rebuild |
687 |
— |
| Generate SLSA build provenance in GitHub Actions |
566 |
— |
| Run agents in disposable microVM sandboxes with network allowlists and secret injection using Matchlock |
552 |
— |
| SBOM Generator with CycloneDX |
489 |
— |
| Scan images filesystems and SBOMs for end-of-life software before unsupported components ship with Xeol |
435 |
— |
| Benchmark prompt-injection attacks defenses and recovery pipelines before trusting an LLM app with Open Prompt Injection |
429 |
— |
| Lint X.509 certificates against Web PKI rules with zlint before issuance or rollout |
429 |
— |
| Redact PII from text before sharing or indexing with scrubadub |
421 |
— |
| Apply rule-based guardrails to agent traces and tool flows with Invariant |
409 |
1.5k/wk |
| Block unsafe agent actions and scan newly added skills with AgentGuard |
390 |
2.9k/wk |
| CSP Policy Analyzer |
390 |
— |
| Scan Claude Code configs for secrets permission drift and unsafe MCP hookups with AgentShield |
388 |
— |
| Lint Rego Policies Before Promotion with Regal |
373 |
— |
| Block agent egress, MCP prompt injection, and secret exfiltration before agents touch the open internet with Pipelock |
333 |
— |
| SLSA Verifier Build Provenance Checker |
318 |
— |
| Scan agent repos for repo-poisoning, unsafe AI config files, and MCP attack surfaces with MEDUSA |
256 |
— |
| Scan repositories for AI supply-chain and agent-security risks with Medusa Security |
256 |
— |
| Put approval gates and audit-ready policy checks between agents and external actions with DashClaw |
241 |
1.6k/wk |
| Enforce policy-gated and auditable agent execution with LACP |
211 |
— |
| Lint and autofix agent config files before broken prompts, hooks, or MCP settings derail runs with agnix |
179 |
6k/wk |
| Gitxray GitHub Repository Security X-Ray |
174 |
— |
| Sentry for AI |
165 |
— |
| Run coding agents in a locked-down local sandbox with repo-only filesystem access and controlled egress using agent-sandbox |
163 |
— |
| Wrap local coding agents in deny-by-default least-privilege sandboxes with Greywall |
158 |
— |
| Statically scan agent repos for prompt injection and unsafe MCP configs with Agent Audit |
149 |
— |
| WorkOS AuthKit Next.js Authentication Toolkit |
146 |
227.2k/wk |
| Start governed Claude Code sessions with short-lived service credentials using Kontext CLI |
143 |
— |
| Investigate CrowdStrike Falcon alerts and telemetry through falcon-mcp |
136 |
— |
| Scan repositories for Shai-Hulud 2.0 supply-chain indicators with the detector action |
124 |
— |
| Heisenberg Supply Chain Health Checker |
123 |
— |
| Review risky coding-agent sessions with local action logs using Gryph |
105 |
— |
| Restrict outbound domains for GitHub Agentic Workflows before repository agents can browse freely with gh-aw-firewall |
55 |
— |
| Preflight agent specs for prompt-injection risk across prompt, tool, and architecture layers with Prompt Hardener |
50 |
— |
| HashiCorp Vault MCP Server |
46 |
— |
| Inspect agent model traffic with LLMTrace |
46 |
— |
| Infisical CLI Secrets Injection and Access Management |
41 |
— |
| Test API authorization flows with Hadrian |
38 |
— |
| Gate MCP tool calls behind deterministic policy enforcement with Intercept |
29 |
336/wk |
| Triage pull request security risks with staged threat modeling and investigation using VulnVibes |
17 |
— |
| Gate risky agent actions behind approval checkpoints with Latch |
8 |
— |
| Probe AI agents for dangerous tool chains and execution side effects with ZIRAN |
6 |
— |
| Block destructive Terraform, database, Kubernetes, cloud, and Git commands before Claude Code can execute them with Agent Guardrails |
2 |
— |
| Audit and normalize SPDX license headers before releasing or open-sourcing a repository |
— |
— |
| CloudTrail Anomaly Detection Agent |
— |
— |
| DocuSign Contract Auto-Sender with Conditional Logic |
— |
— |
| GPG Encryption and Key Management Agent |
— |
— |
| NPM Audit Deep Scanner |
— |
— |
| npm Dependency Audit Resolver |
— |
— |
| npm Dependency Audit Scanner |
— |
— |
| OAuth2 Flow Debugger |
— |
— |
| OAuth2 Token Introspection Agent |
— |
— |
| SBOM Vulnerability Scanner |
— |
— |
| SSL Certificate Chain Validator |
— |
— |
| SSL/TLS Certificate Validator and Monitor |
— |
— |
| TLS Certificate Chain Analyzer |
— |
— |
| TLS Certificate Chain Validator |
— |
— |