snitch

   _____ _   ____________________  __
  / ___// | / /  _/_  __/ ____/ / / /
  \__ \/  |/ // /  / / / /   / /_/ /
 ___/ / /|  // /  / / / /___/ __  /
/____/_/ |_/___/ /_/  \____/_/ /_/

Evidence-based security auditing for AI coding assistants. Zero false positives.

Compatible with Claude Code · Gemini CLI · Codex CLI · OpenCode · Antigravity · Cursor

---

Why Snitch

Traditional scanners flood you with hundreds of findings — half of them are YOUR_API_KEY_HERE in a comment. Snitch is different: every finding must be backed by real code evidence. No file read? No finding. Can't quote the exact line? No finding. Didn't check for a fix nearby? No finding.

Findings are tagged with CWE, OWASP Top 10:2025, and CVSS 4.0 references for direct GRC ingestion.

---

Installation

Claude Code

/plugin marketplace add JF10R/Snitch
/plugin install snitch@JF10R-Snitch

Gemini CLI

gemini extensions install https://github.com/JF10R/Snitch.git

Codex CLI

git clone https://github.com/JF10R/Snitch.git
cp -r Snitch/agents/skills/snitch ~/.codex/skills/snitch

Per-project: use .agents/skills/snitch instead.

OpenCode

git clone https://github.com/JF10R/Snitch.git
cp -r Snitch/skills/snitch ~/.config/opencode/skills/snitch

Per-project: .opencode/skills/snitch

Antigravity

git clone https://github.com/JF10R/Snitch.git
cp -r Snitch/skills/snitch ~/.gemini/antigravity/skills/snitch

Per-project: .agent/skills/snitch

Cursor

git clone https://github.com/JF10R/Snitch.git
cp -r Snitch/skills/snitch .cursor/skills/snitch

Updating / Uninstalling

Platform	Update	Uninstall
Claude Code	/plugin marketplace update JF10R-Snitch	/plugin uninstall snitch@JF10R-Snitch
Gemini CLI	gemini extensions update snitch	gemini extensions uninstall snitch
Codex CLI	Re-clone and copy	rm -rf ~/.codex/skills/snitch
OpenCode	Re-clone and copy	rm -rf ~/.config/opencode/skills/snitch
Antigravity	Re-clone and copy	rm -rf ~/.gemini/antigravity/skills/snitch
Cursor	Re-clone and copy	rm -rf .cursor/skills/snitch

---

Usage

/snitch

Select categories from the interactive menu, or run directly:

/snitch --categories=1,2,3,13
/snitch --diff

Quick Scan detects your stack automatically (package.json, imports, config files) and only audits relevant categories.

--diff scans only staged/unstaged changes — ideal as a pre-commit check.

After the scan

• Fix one by one — walk through each finding individually
• Fix all — auto-patch everything at once
• Run another scan — check additional categories
• Done — exit

---

Categories

40 audit categories organized by domain:

Application Security

#	Category	Description
01	SQL Injection	Parameterized queries, ORM misuse
02	XSS	Output encoding, DOM injection
03	Hardcoded Secrets	API keys, passwords, tokens in source
04	Authentication	Login flows, password handling, MFA
05	SSRF	Server-side request forgery
07	Rate Limiting	Brute-force protection, throttling
08	CORS	Cross-origin misconfiguration
09	Cryptography	Weak algorithms, key management
10	Dangerous Patterns	eval(), dynamic code execution
28	Authorization	Broken access control, IDOR
29	File Uploads	Validation, path traversal
30	Input Validation	ReDoS, injection vectors
32	Security Headers	CSP, HSTS, X-Frame-Options
39	Token Lifetimes	Session expiry, logout effectiveness

Services & Integrations

#	Category	Description
06	Supabase	Row-level security, exposed service keys
13	Stripe	API keys, webhook verification
14	Auth Providers	Clerk, Auth0, NextAuth configuration
15	AI APIs	Claude, OpenAI, Gemini key exposure
16	Email	SMTP credentials, spam abuse vectors
17	Database	Connection strings, query security
18	Redis	Authentication, exposed instances
19	SMS	Twilio tokens, message injection

Infrastructure

#	Category	Description
11	Cloud Providers	AWS, GCP, Azure, Vercel, Cloudflare
12	Data Leaks	Logs, error messages, debug output
31	CI/CD	Pipeline secrets, deployment security
40	Tunnels & DNS	ngrok, cloudflared, DNS configuration

Compliance