Documentation

Security scanner for the AI dev stack

Assay reasons about an artifact with an LLM — not regex — to catch prompt injection, credential exfiltration, and MCP tool poisoning in Claude Code plugins, MCP servers, hooks, skills & connectors. It runs on your Claude Code subscription, so there's no separate API key.

License: Apache-2.0 Go 1.25+ MCP server

What Assay does

Before you install a plugin or wire up an MCP server, Assay threat-models what it could do, then reads the code for evidence — every finding backed by a verbatim file:line quote. It gives a safe / caution / unsafe verdict you can trust, because a post-validator re-reads each citation and drops anything the model can't back with real code.

Installation

Build from source today, or the prebuilt curl / Homebrew / WinGet / Docker channels.

Quickstart

Inventory your stack, run a scan from the web UI or CLI, and gate installs.

How it works

The 5-stage methodology, the two scan modes, and the threat classes it targets.

FAQ

How it differs from Snyk / Cisco, whether it needs an API key, tool poisoning, and more.

60-second start

# build the single binary (React UI embedded)
git clone https://github.com/chawdamrunal/assay.git && cd assay
make build && make install

# see what's installed in ~/.claude, then scan from the web UI
assay inventory
assay serve            # http://localhost:7373 → "New Scan"

Full details in Installation and Quickstart.

Runs on your Claude Code subscription. The default scan path drives the reasoning through your existing Claude Code login via claude -p — no separate Anthropic API key, and no rate-limit walls. An API key is only needed for the --scan-mode legacy / CI fallback.