This plugin requires configuration values that are prompted when the plugin is enabled. Sensitive values are stored in your system keychain.
Modifies files
Hook triggers on file write and edit operations
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
SNYK_TOKENYour Snyk API token. Found at https://app.snyk.io/account. Required if not already authenticated via `snyk auth`.
${user_config.SNYK_TOKEN}SAI_MIN_BLOCK_SEVERITYMinimum vulnerability severity that blocks Claude from stopping.
${user_config.SAI_MIN_BLOCK_SEVERITY}A Claude Code plugin that integrates Snyk security scanning into the agentic development loop. It catches vulnerabilities as Claude writes code — not after.
Secure at Inception (hooks) — background Snyk scans run on every file edit. When Claude finishes a response, the plugin checks whether any newly written lines introduced vulnerabilities. If so, Claude is blocked from stopping and given a table of issues to fix. The cycle repeats until the code is clean (capped at 3 rounds to prevent infinite loops). Dependency manifest changes trigger SCA scans too.
/snyk-fix command — on-demand security remediation. Scans for SAST and/or SCA vulnerabilities, selects the highest-priority issue, fixes it, validates with a re-scan, and optionally opens a PR.
Secure Dependency Health Check (skill) — automatically evaluates open-source packages when Claude is about to add a dependency. Compares candidates on vulnerability history, maintenance health, and popularity using the Snyk package intelligence API.
npm install -g snyk && snyk authInstall via the Claude Code plugin system:
claude plugin install https://github.com/snyk/claude-plugin-snyk
Or add it locally by pointing Claude Code at this directory.
| Variable | Default | Description |
|---|---|---|
SAI_MIN_BLOCK_SEVERITY | medium | Minimum SCA severity that blocks Claude from stopping (critical, high, medium, low) |
CLAUDE_HOOK_DEBUG | 0 | Set to 1 for verbose hook logging |
| Component | Type | Description |
|---|---|---|
| Secure at Inception | Hooks | Background SAST + SCA scanning on every edit |
/snyk-fix | Command | Full remediation workflow with optional PR |
| Secure Dependency Health Check | Skill | Package evaluation before adding dependencies |
| Snyk MCP server | MCP | Gives Claude access to Snyk scan and advisory tools |
Apache 2.0
This repository is closed to public contributions.
npx claudepluginhub snyk/claude-plugin-snyk --plugin claude-plugin-snykComprehensive skill pack with 66 specialized skills for full-stack developers: 12 language experts (Python, TypeScript, Go, Rust, C++, Swift, Kotlin, C#, PHP, Java, SQL, JavaScript), 10 backend frameworks, 6 frontend/mobile, plus infrastructure, DevOps, security, and testing. Features progressive disclosure architecture for 50% faster loading.
JeffallanHarness-native ECC operator layer - 67 agents, 271 skills, 92 legacy command shims, reusable hooks, rules, selective install profiles, and production-ready workflows for Claude Code, Codex, OpenCode, Cursor, and related agent harnesses
affaan-mAccess thousands of AI prompts and skills directly in your AI coding assistant. Search prompts, discover skills, save your own, and improve prompts with AI.
fUpstash Context7 MCP server for up-to-date documentation lookup. Pull version-specific documentation and code examples directly from source repositories into your LLM context.
upstashDevelop, test, build, and deploy Godot 4.x games with Claude Code. Includes GdUnit4 testing, web/desktop exports, CI/CD pipelines, and deployment to Vercel/GitHub Pages/itch.io.
Randroids-DojoComprehensive feature development workflow with specialized agents for codebase exploration, architecture design, and quality review
anthropics