CWE Top 25 · OWASP Top 10 · ASVS Level 3

Your AI just became a
security engineer.

One command. 29 battle-tested security checks built into every AI coding assistant you already use — without leaving your IDE.

$npx @netxeo/security-skill

Star on GitHubFree · Open Source · MIT

0Security Modules

0CWE Covered

0×OWASP Lists

0ASVS Level

What happens after `/security-audit`

Your AI reads 29 security modules and audits them against your actual stack.

terminal — ~/security-audit

You › /security-audit

🔍 Detecting stack... Next.js · Supabase · Vercel · Node 20

📋 Running 25 security checks across 29 modules...

╔══════════════════════════════════════════╗
║  🔐  SECURITY AUDIT — myproject          ║
║      Stack: Next.js · Supabase · Vercel  ║
╠══════════════════════════════════════════╣
║  SCORE  :  61 / 100  🟠                  ║
╠══════════════════════════════════════════╣
║  🔴  Secrets & Files        12/20  ← FIX ║
║  🟢  Auth & Sessions        18/20        ║
║  🔴  Database (RLS)          8/20  ← FIX ║
║  🟡  HTTP Headers           13/20        ║
║  🟢  Source Code            18/20        ║
╚══════════════════════════════════════════╝

🔴 CRITICAL — Supabase service role key exposed in frontend

Any visitor gets full DB access · Fix: /security-fix supabase-key

🟡 HIGH — RLS disabled on 3 tables (users, orders, messages)

Authenticated users can read all rows · Fix: /security-fix rls

From install to first scan:
under 2 minutes

No config. No cloud. No account. No sign-up.

One command. Zero config.

Installs 29 security modules and auto-configures every AI assistant on your machine. Done in under 10 seconds.

npx @netxeo/security-skill

Your AI becomes the expert.

Auto-detects your stack — Next.js, Firebase, Docker — and runs targeted checks. No guessing, no false positives.

/security-scan

Review & fix. Your call.

See the exact diff before anything changes. Every fix is explained. Non-breaking. Approved by you.

/security-fix

Security that doesn't slow you down

No SaaS. No account. No friction. Just AI instructions that make your tools smarter.

Scans in 30 seconds

No build step. No cloud. Pure AI pattern recognition on your actual codebase.

You approve every fix

The AI proposes a diff. You decide. Nothing changes without your explicit approval.

Security score /100

Tracked in memory-security.md. You'll watch your score climb with every fix.

Any stack, anywhere

Next.js, Express, Django, Laravel, Spring Boot. Auto-detected from your project.

Context-rich findings

Each vulnerability includes the attack vector, real-world impact, and a tailored fix.

Persistent memory

Accepted risks, rotation schedules — your AI remembers across every session.

One install. Every AI. Zero friction.

The installer auto-detects which tools you use and configures each one.

ClaudeCLAUDE.md

GitHub Copilotcopilot-instructions.md

Cursor.cursorrules

Windsurf.windsurfrules

Cline.clinerules

OpenAI CodexAGENTS.md

Continue.dev.continue/config.yaml

Aider.aider.conf.yml

GeminiGEMINI.md

Ship secure code
from day one.

Free. Open source. No account. No credit card.
Most devs find their first critical vulnerability in under 2 minutes.