Clone the repo. Run /audit in Claude Code. Get real security findings in minutes. Five specialized agents for different project types.
98 findings across 3 projects with 108K+ GitHub stars. This is the same methodology.
Three commands. No config files. No accounts. No credit card.
Navigate to the project you want to audit.
Select your agent type and the AI handles the rest.
Each agent is tuned for a specific project type, with tailored OWASP checks and architecture analysis.
Full-stack apps (Next.js, Rails, Django, etc). Auth flows, session management, CSRF, XSS, IDOR, data exposure.
API endpoints, authentication, authorization, rate limiting, input validation, data serialization.
GitHub Actions, GitLab CI, Jenkins. Secret leaks, injection, privilege escalation, supply chain.
Terraform, Docker, Kubernetes, cloud configs. Misconfigurations, exposed ports, IAM, network policies.
React Native, Flutter, Swift, Kotlin. Insecure storage, certificate pinning, API security, data leaks.
These are actual findings from our open-source audits of projects with 108K+ combined GitHub stars.
maybe-finance (35K stars): The otp_secret column is stored as plaintext with no encryption. An attacker with database access can extract OTP secrets and generate valid TOTP codes, bypassing MFA for all users.
Fix: Add encrypts :otp_secret, deterministic: false to the User model. Rotate all existing secrets after deployment.
Documenso (8K stars): The entire encryption key validation block is commented out. The application can start without encryption keys. Webhook endpoints can be spoofed without the secondary key.
Fix: Uncomment and enforce the validation. Add a startup check that fails hard if keys are missing or default.
The open-source tool is genuinely useful on its own. Want the rest? Upgrade to SaaS or book consulting.
| Capability | Open Source (free) | SaaS (coming soon) | Consulting |
|---|---|---|---|
| OWASP Top 10 checks | ✓ | ✓ | ✓ |
| 5 specialized agents | ✓ | ✓ | ✓ |
| Full ASVS L2 (286 controls) | ✗ | ✓ | ✓ |
| Deep architectural reasoning | Basic | Enhanced | ✓ Deep |
| Reproduction steps | ✗ | ✓ | ✓ |
| Expert review | ✗ | ✗ | ✓ |
| Compliance mapping | ✗ | ✗ | ✓ |
| Coverage | ~60-70% | ~80-90% | 100% |
| Price | Free | $299/mo | From $3,500 |
Clone the repo, run /audit, and see what the AI finds. No account, no config, no credit card.