Search everything...

Stats

Actions

Available In

apiiro

Name: apiiro
Author: apiiro

By apiiro

Apiiro security: skills, commands, and hooks. All hooks are on by default — disable with `apiiro hooks config disable`.

npx claudepluginhub apiiro/marketplace --plugin apiiro

Popularity

Stars

Med: 0·Avg: 285

Installs

Top 10%

Med: 0·Avg: 1

What's Inside

Skills9

apiiro-demonstrate-secure-prompt

/apiiro-demonstrate-secure-prompt

Generates 10 example secure-prompt invocations tailored to the user's current repository, runs them, and produces a before/after CSV showing the original prompt vs the security-enriched version. Analyzes the repo's tech stack, frameworks, API patterns, data models, and integrations, then produces realistic developer prompts that would trigger security classification — demonstrating how `apiiro guardian secure-prompt` adds value for that specific codebase. Use when the user wants to see what secure-prompt looks like in practice, wants to demo the feature, or needs onboarding examples for their team. Trigger on phrases like "show me secure-prompt examples", "generate example prompts for my repo", "demo secure-prompt", or "what prompts would trigger security guidance".

apiiro-diff-scan

/apiiro-diff-scan

Apiiro CLI command for comparing two git references for security risks — the primary CI/CD integration point. Use this skill whenever the user mentions diff scanning, comparing branches or commits for security issues, CI/CD security gates, blocking PRs on risk, or wants to wire Apiiro into a build pipeline. Even if the user doesn't say "apiiro", trigger when they say things like "scan this PR", "compare main to my branch for security", "block merges on critical risks", or want to set up security gating in CI. For local secrets/OSS scanning, use apiiro-fast-scan instead.

apiiro-fast-scan

/apiiro-fast-scan

Apiiro CLI command for quick local security scanning: fast-scan for secrets and OSS vulnerabilities, plus pre-commit hooks. Use this skill whenever the user mentions scanning code locally, secrets detection, OSS vulnerabilities, pre-commit hooks, or wants to check files for security issues before committing. Even if the user doesn't say "apiiro", trigger when they say things like "scan for secrets", "check my code before I push", "are there any leaked credentials", "check dependencies for vulnerabilities", or want to set up local security scanning. For comparing git references in CI/CD, use apiiro-diff-scan instead.

apiiro-fix

/apiiro-fix

Apiiro CLI commands for remediating and fixing security risks: get remediation prompts and use Guardian AI to fix findings. Use this skill whenever the user wants to fix, remediate, patch, or resolve a security risk or vulnerability in their repository. Also trigger when they ask "how do I fix this risk", "remediate this finding", "resolve this vulnerability", or want actionable guidance on resolving a security issue. For listing or inspecting risks, use the apiiro-risks skill instead.

apiiro-guardian

/apiiro-guardian

Apiiro CLI commands for querying the Guardian AI agent: ask security questions, get analysis and insights about a repository, and manage repository detection. Use this skill whenever the user wants AI-powered security analysis, security posture review, or wants to ask questions about their codebase's security. Also trigger when they need deep analysis of authentication flows, attack surfaces, or want an AI to explain security concepts. Even without mentioning "apiiro" or "guardian", trigger when the user asks things like "is this code secure?", "what's the attack surface here?", or "explain this vulnerability". For dedicated STRIDE threat modeling of a design or feature spec, use the apiiro-threat-model skill instead. For fixing a known risk, use apiiro-fix.

Hooks1

Event Hooks

Bash

4 hooks across 3 events

Stats

Version1.3.0

ReleasedApr 26, 2026

LanguageShell

Stars0

Copy clicks1

MaintenanceGood

Last CommitApr 26, 2026

AddedApr 26, 2026

Actions

View on GitHub View README Plugin Marketplace JSON

Own this plugin?

Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).

Available In

apiiro

Safety Signals

Caution

Executes bash commands

Hook triggers when Bash tool is used

README

Apiiro CLI

Command-line interface for the Apiiro platform — security scanning, risk analysis, and AI-powered queries.

Installation

Homebrew (macOS / Linux)

brew tap apiiro/tap && brew install apiiro

Direct Download

Pre-compiled binaries for all platforms are available on the releases page:

Platform	Binary
macOS Apple Silicon (M1/M2/M3/M4)	`apiiro-macos-arm64`
macOS Intel	`apiiro-macos-x64`
Linux x64	`apiiro-linux-x64`
Linux ARM64	`apiiro-linux-arm64`
Windows x64	`apiiro-win.exe`

# macOS / Linux: download, make executable, and move to PATH
chmod +x apiiro-*
sudo mv apiiro-* /usr/local/bin/apiiro

RPM (Linux)

sudo yum install -y https://github.com/apiiro/marketplace/releases/latest/download/apiiro-<version>.x86_64.rpm

pre-commit

Add to .pre-commit-config.yaml:

repos:
  - repo: https://github.com/apiiro/marketplace
    rev: <VERSION>  # get latest from https://github.com/apiiro/marketplace/releases
    hooks:
      - id: apiiro-fast-scan     # secrets + OSS
      # - id: apiiro-secrets-scan  # secrets only
      # - id: apiiro-oss-scan      # OSS only

Claude Code Plugin

Bundles all skills plus security hooks. In Claude Code:

/plugin marketplace add apiiro/marketplace
/plugin install apiiro@apiiro

Then ask Claude to "set up Apiiro" — the bundled apiiro-setup skill installs the CLI and walks you through authentication.

Agent Skills (any assistant)

Install skills for AI coding assistants (Claude Code, Cursor, etc.) using Vercel Skills:

npx skills add apiiro/marketplace

Available skills: apiiro-risks, apiiro-fix, apiiro-guardian, apiiro-threat-model, apiiro-fast-scan, apiiro-diff-scan, apiiro-secure-prompt.

Authentication

# Login via OAuth (opens browser)
apiiro login

# Check status
apiiro auth status

# Logout
apiiro logout

Alternatively, set the API_KEY environment variable.

Commands

Fast Scan

Quick local scanning for secrets and OSS vulnerabilities. Auto-detects changed files in the current git repo. Agent skill: apiiro-fast-scan.

apiiro fast-scan secrets            # Scan for secrets
apiiro fast-scan secrets --staged   # Scan staged files only (pre-commit)
apiiro fast-scan secrets --full     # Scan entire file, not just git-changed lines
apiiro fast-scan oss                # Scan for OSS vulnerabilities
apiiro fast-scan all                # Run both concurrently
apiiro fast-scan config             # Get scan configuration

Diff Scan

Compare two git references for security risks. Primary CI/CD integration point. Agent skill: apiiro-diff-scan.

# Trigger and wait for results
apiiro diff-scan -b main -c feature-branch -r https://github.com/org/repo --wait

# Use commit SHAs
apiiro diff-scan -b abc123 -c def456 -r https://github.com/org/repo \
  --baseline-type Commit --candidate-type Commit --wait

# Check status of an existing scan
apiiro diff-scan -s <scan-id>

# Interactive mode
apiiro diff-scan -i

Risks

List and inspect risks for a repository. Agent skills: apiiro-risks (list/inspect), apiiro-fix (remediate).

apiiro risks                                     # List all risks (auto-detects repo)
apiiro risks --repo my-repo-name                 # Specify repo explicitly
apiiro risks --risk-level Critical               # Filter by risk level
apiiro risks --risk-category "API Security"      # Filter by category
apiiro risks get <risk-id>                       # Get risk details
apiiro risks remediate <risk-id>                 # Get remediation instructions

Threat Model

Perform STRIDE-based threat analysis on feature specs, requirements, or architectural changes. Agent skill: apiiro-threat-model.

apiiro threat-model "Add REST API for file uploads to S3"
apiiro threat-model "Implement OAuth2 with PKCE" --title "Auth redesign"
apiiro threat-model "Add webhook support" -o json
apiiro threat-model "Migrate sessions to JWT" -f threat-report.md

Guardian (AI Agent)

Query Apiiro's AI agent for security analysis and insights. Agent skill: apiiro-guardian.

apiiro guardian query "what risks exist in this repo"
apiiro guardian query "deep analysis of auth flow" --model normal
apiiro guardian query "what is STRIDE?" --global
apiiro guardian query "detailed analysis" --timeout 120

Guardian Repository

apiiro guardian repository detect    # Detect and verify repo in Apiiro
apiiro guardian repository clear     # Clear cached repo info

Hooks

Git pre-commit hook for automatic security scanning.

apiiro hooks pre-commit install     # Install pre-commit hook
apiiro hooks pre-commit status      # Check hook status
apiiro hooks pre-commit uninstall   # Remove hook

View full README on GitHub

apiiro

Popularity

What's Inside

Confidence

README

Apiiro CLI

Installation

Homebrew (macOS / Linux)

Direct Download

RPM (Linux)

pre-commit

Claude Code Plugin

Agent Skills (any assistant)

Authentication

Commands

Fast Scan

Diff Scan

Risks

Threat Model

Guardian (AI Agent)

Guardian Repository

Hooks

Similar Plugins

ecc

everything-claude-code

cc-polymath

Apiiro CLI

Installation

Homebrew (macOS / Linux)

Direct Download

RPM (Linux)

pre-commit

Claude Code Plugin

Agent Skills (any assistant)

Authentication

Commands

Fast Scan

Diff Scan

Risks

Threat Model

Guardian (AI Agent)

Guardian Repository

Hooks

Popularity

Health & Quality

Similar Plugins

ecc

everything-claude-code

cc-polymath