Security orchestration for code editor CLIs.
Autonomous pentests. Static analysis. Secrets scanning. Dependency audits. One command.
One command. Full security posture. Actionable fixes.
What Shield Does
Shield detects your tech stack, runs every applicable security scanner in parallel, consolidates findings into a single report, calculates a risk score, proposes code fixes, and optionally files GitHub issues -- all without leaving your editor.
+-------------------+
| Shannon Pentest | Proof-by-exploitation, real PoCs
+-------------------+
| Semgrep SAST | 82 custom rules + community rulesets
Your Code --> detect-stack.sh --| gitleaks Secrets | Full git history scan
| Dependency Audit | npm / pip / composer audit
| Freshness Check | Outdated dependency detection
+-------------------+
|
consolidate.sh
|
calculate-score.sh
|
+----------------+----------------+
| | |
Risk Scorecard Fix Proposals GitHub Issues
(0-100) (ready diffs) (per finding)
Quick Start
# 1. Clone and install security tools
git clone https://github.com/alissonlinneker/shield-claude-skill.git
cd shield-claude-skill && ./install.sh
# 2. Register the marketplace in Claude Code (run inside Claude Code)
/plugin marketplace add /path/to/shield-claude-skill
# 3. Install the plugin
/plugin install shield@shield-security
# 4. Open any project and run
/shield:shield
Or for quick testing without marketplace registration:
claude --plugin-dir /path/to/shield-claude-skill
# Then inside Claude Code:
/shield:shield
Features
| Category | Capability | Details |
|---|
| Pentest | Autonomous penetration testing | Full attack-surface analysis via Shannon -- proof-by-exploitation with real PoC payloads |
| SAST | Static application security testing | Semgrep with 82 custom rules (12 JS/TS, 11 Python, 11 PHP, 10 Go, 10 Ruby, 8 Rust, 10 Java, 10 C#) plus community rulesets |
| Secrets | Secrets scanning | gitleaks detection across entire git history -- keys, tokens, passwords |
| SCA | Dependency vulnerability audit | Supports 12 package managers: npm, yarn, pnpm, bun, pip, composer, go, bundler, cargo, maven, gradle, dotnet -- auto-detected by lock file |
| Freshness | Dependency outdated check | Detects packages behind on MAJOR, MINOR, and PATCH versions |
| Scoring | Security scorecard | Weighted 0-100 risk score with severity breakdown |
| Remediation | Fix proposals | Generates before/after diffs you can apply directly |
| Baselines | Scan comparison | Tracks improvements and regressions between scans |
| Issues | GitHub issue creation | Files issues with severity labels, CWE references, and compliance mappings |
| SARIF | Standard output format | SARIF export for GitHub Security tab integration |
| Compliance | Compliance mapping | Maps findings to SOC 2, PCI-DSS, and HIPAA controls |
| Zero-config | Stack detection | Automatically identifies languages, frameworks, package managers, Docker presence |
| Resilience | Graceful degradation | Runs whichever tools are installed, skips the rest, notes gaps in report |
Real Output Examples
Example 1 -- Quick Scan on a Node.js Project
Stack detected: JavaScript, TypeScript, Next.js, React (pnpm)
Security Score: 0/100 — CRITICAL RISK
[ ] 0/100
