npx claudepluginhub vulnetix/pix-ai-coding-assistantVulnerability intelligence for Claude Code — scans dependencies on commit, searches packages for risk data, analyzes exploits, and proposes fixes via the Vulnetix VDB API.
VulnetixVulnerability intelligence for Claude Code — automated dependency scanning, exploit analysis, and remediation powered by the Vulnetix VDB API.
Add the marketplace:
/plugin marketplace add Vulnetix/claude-code-plugin
Install the plugin:
/plugin install vulnetix@vulnetix-plugins
Verify with /plugins and /hooks.
| Skill | Purpose |
|---|---|
/vulnetix:package-search <name> | Search packages and assess risk before adding dependencies |
/vulnetix:exploits <vuln-id> | Analyze exploit intelligence (PoCs, EPSS, CISA KEV, threat model) |
/vulnetix:fix <vuln-id> | Get fix intelligence and apply concrete remediation |
/vulnetix:vuln <vuln-id or package> | Look up vulnerability details or list all vulns for a package |
/vulnetix:exploits-search [query] | Search for exploits with ecosystem/severity/EPSS filters |
/vulnetix:remediation <vuln-id> | Context-aware remediation plan with verification steps |
Plus four slash commands for direct VDB CLI access: vdb-vuln, vdb-vulns, vdb-exploits-search, vdb-remediation.
| Hook | Trigger | Purpose |
|---|---|---|
| Pre-commit scan | git commit | Scan staged manifests for vulnerabilities |
| Manifest edit gate | Edit/Write on manifests | Check packages for vulns before adding |
| Post-install scan | npm install, pip install, etc. | Auto-scan after dependency changes |
| Session dashboard | Session start | Show vulnerability status summary |
| Stop reminder | Session end | Remind about unresolved P1/P2 vulnerabilities |
| Vuln context inject | User message | Auto-detect CVE/GHSA IDs and inject prior context |
| Agent | Purpose |
|---|---|
| bulk-triage | Triage multiple vulnerabilities in parallel with CWSS priority scoring |
Install the Vulnetix CLI and authenticate:
brew install vulnetix/tap/vulnetix
vulnetix auth login
See CLI Documentation for all installation methods.
Marketplace:
/plugin update vulnetix
Local clone:
cd ~/claude-code-plugin && git pull
/plugin remove vulnetix
/plugin add ~/claude-code-plugin/vulnetix
Hook not triggering? Run /plugins to check the plugin is enabled, then /hooks to verify registration.
"API unavailable or not authenticated"? Run vulnetix vdb status to check connectivity, then vulnetix auth login if needed.
Skill commands not working? Use the colon syntax: /vulnetix:fix <vuln-id> (not /vulnetix fix).
Scans too slow? The pre-commit hook has a 120s timeout. Stage fewer manifest files or disable temporarily with /plugin disable vulnetix.
Apache-2.0 — see LICENSE for details.
Report issues at github.com/Vulnetix/claude-code-plugin.
Claude Code marketplace entries for the plugin-safe Antigravity Awesome Skills library and its compatible editorial bundles.
Directory of popular Claude Code extensions including development tools, productivity plugins, and MCP integrations
Curated collection of 154 specialized Claude Code subagents organized into 10 focused categories