AI Security Arsenal automates security testing, penetration testing, and assessment workflows. It integrates with Claude Code, Claude Desktop, OpenCode, and other AI coding tools. Security researchers benefit from automated security assessments and workflows.
git clone https://github.com/hardw00t/ai-security-arsenal.gitAI Security Arsenal is a collection of modular skills designed to automate security testing, penetration testing, and security assessment workflows for Claude Code, Cursor, and other AI coding agents. It covers mobile security (Android and iOS), web application testing (DAST and API security), cloud infrastructure assessment, network penetration testing, static code analysis, supply chain security, and threat modeling. Each skill follows a consistent router-based architecture with lazy-loaded workflows, methodologies, payloads, and schemas that allow agents to load only what they need for each task. Security researchers and penetration testers use it to accelerate manual testing phases, automate repetitive assessment tasks, and generate structured findings that integrate with SARIF converters, Jira, and DefectDojo. The arsenal was last validated in April 2026 against frontier coding agents like Claude Opus 4.x.
Each skill is structured as a router file (SKILL.md) that indexes workflows, methodologies, payloads, and schemas. Load the appropriate skill for your task (e.g., android-pentest, dast-automation, api-security), then use the decision tree to select the relevant workflow. Findings validate against per-skill JSON schemas for integration with external tools.
Automated Android and iOS mobile app penetration testing with runtime manipulation
Dynamic application security testing (DAST) across multiple domains in parallel
REST and GraphQL API security assessment against OWASP API Top 10
Infrastructure as Code and container security scanning for cloud environments
No install command available. Check the GitHub repository for manual installation instructions.
git clone https://github.com/hardw00t/ai-security-arsenalCopy the install command above and run it in your terminal.
Launch Claude Code, Cursor, or your preferred AI coding agent.
Use the prompt template or examples below to test the skill.
Adapt the skill to your specific use case and workflow.
Analyze the security vulnerabilities in [COMPANY]'s [INDUSTRY] application using AI Security Arsenal. Focus on [DATA] such as user authentication, data encryption, and API endpoints. Provide a detailed report with remediation steps.
# Security Assessment Report for TechCorp's E-Commerce Platform ## Vulnerabilities Identified - **SQL Injection**: Detected in the user login module. Input validation is insufficient. - **Cross-Site Scripting (XSS)**: Found in the product review section. User inputs are not properly sanitized. - **Insecure Direct Object References (IDOR)**: Identified in the user profile management system. Users can access other users' data. ## Remediation Steps 1. **SQL Injection**: Implement parameterized queries and use prepared statements. 2. **XSS**: Sanitize all user inputs and use Content Security Policy (CSP) headers. 3. **IDOR**: Implement proper access controls and use indirect object references. ## Additional Recommendations - Regularly update and patch all software dependencies. - Conduct periodic security audits and penetration testing. - Educate developers on secure coding practices.
AI assistant built for thoughtful, nuanced conversation
Get more done every day with Microsoft Teams – powered by AI
Automate security compliance and monitor real-time security posture seamlessly.
Automate your spreadsheet tasks with AI power
Agentic AI Workflow platform
Connected workspace for docs, wikis, and projects
Take a free 3-minute scan and get personalized AI skill recommendations.
Take free scan