Quickstart

Scan your first artifact

Point Assay at a plugin, an MCP server, a local directory, or a GitHub repo. The web UI drives scans through your Claude Code subscription; the CLI can also run a deterministic, no-key pre-pass.

Common commands

# Inventory what's installed in ~/.claude
assay inventory

# Web UI (default mode: scans run via your Claude Code subscription)
assay serve
# open http://localhost:7373 → click "New Scan" → pick a target

# Scan every installed plugin in parallel (fleet mode)
assay scan-all --parallel 2

# In Claude Code itself
/assay-scan ~/.claude/plugins/my-plugin

# Standalone CLI (legacy mode — direct Anthropic API call, needs a key)
assay scan ~/.claude/plugins/my-plugin

# Fast deterministic pre-pass only (no LLM call, <2s)
assay scan --quick --json ~/.claude/plugins/cache/<m>/<plugin>/<version>

Gate installs with the pre-install hook

Intercept /plugin install in Claude Code so nothing lands unscanned:

assay hook install

Every install then runs assay scan --quick and returns a decision before it commits — deny on critical/high, ask on medium, allow (with a deep scan in the background) on low. It's the 30-second risk briefing at the exact moment you're about to trust something.

Scan a GitHub repo

Ask in the chat ("is github.com/acme/plugin safe?") or paste a URL into the New Scan box — Assay clones to a quarantined cache and scans the checkout. Public repos need nothing. For a private repo it resolves a token in priority order, each time a clone needs auth:

  1. A token saved in Settings → GitHub access (stored in the OS keychain)
  2. GITHUB_TOKEN / GH_TOKEN environment variable
  3. gh auth token — the GitHub CLI, when you're logged in
The clone tries anonymously first and only attaches a token on an auth failure — scoped to github.com and injected via git's env-config, so it never lands in the process list, the clone URL, or .git/config. A fine-grained, read-only Contents token is recommended. Both https://github.com/owner/repo and the clone-style …/repo.git URL work.

What it answers that git clone can't

← InstallationHow it works →