Shield: Open-Source Security Plugin for Claude Code with Unified Scanning
Shield Security Plugin for Claude Code
Shield is an open-source security plugin for Claude Code that orchestrates multiple security scanning tools through a single command interface. It provides automated security analysis with consolidated reporting and remediation suggestions.
Core Functionality
The plugin is accessed via the /shield:shield command inside Claude Code. It automatically detects your technology stack and runs whichever security tools you have installed, including:
- Semgrep SAST (Static Application Security Testing)
- gitleaks for secrets scanning
- npm/pip/composer audit for dependency vulnerabilities
- Shannon pentester
All findings are consolidated into a unified report with a 0-100 risk score and proposed code fixes with diffs.
Real-World Test Results
The developer tested Shield on their own Next.js monorepo and found:
- 36 dependency vulnerabilities (1 CRITICAL, 26 HIGH)
- 103 secrets in git history (AWS keys, Stripe tokens, OpenAI API keys)
- 77 SAST findings (XSS, hardcoded credentials, missing SRI)
- A .env file with production credentials tracked in git that wasn't previously known
After fixing 3 direct dependencies and removing the exposed .env file, the project went from 36 vulnerabilities to 0.
Key Features
- 6 operation modes: full, quick, fix, verify, score, outdated
- 34 custom Semgrep rules for JS/TS, Python, and PHP
- Dependency freshness check with SECURITY/MAJOR/MINOR/PATCH classification
- OWASP Top 10 / CWE / SOC 2 / PCI-DSS / HIPAA compliance mapping
- SARIF output for GitHub Security tab integration
- Security score badge for README files
- Graceful degradation — runs whatever tools you have installed
- 189 unit tests, MIT licensed
Installation
To install Shield:
git clone https://github.com/alissonlinneker/shield-claude-skill.git
cd shield-claude-skill && ./install.sh
# Inside Claude Code:
/plugin marketplace add /path/to/shield-claude-skill
/plugin install shield@shield-securityThe project is available on GitHub at https://github.com/alissonlinneker/shield-claude-skill. Feedback and contributions are welcome, with the roadmap organized as GitHub issues.
📖 Read the full source: r/ClaudeAI
👀 See Also
Stanford Researchers Release OpenJarvis: A Local-First Framework for On-Device AI Agents
Stanford researchers have released OpenJarvis, a local-first framework for building on-device personal AI agents with tools, memory, and learning capabilities. The project includes GitHub repository and website links for developers to explore.
Omnara: Run Claude Code and Codex from Anywhere
Omnara is a web and mobile IDE that lets developers run and interact with Claude Code and Codex sessions from anywhere, with features like cloud syncing and a voice agent.
Hollow AgentOS reduces Claude Code token usage by 68.5% with JSON-native OS for AI agents
Hollow AgentOS is a JSON-native operating system for AI agents that cuts Claude Code's token usage by 68.5% by eliminating wasteful shell command overhead. It plugs into Claude Code via MCP, runs local inference through Ollama, and is MIT licensed.
Claude skill for Devvit improves code generation accuracy from 73% to 100%
A developer created a structured SKILL.md prompt layer for Claude that provides context for Reddit's Devvit platform, improving evaluation results from 7/10 to 10/10 on common Devvit tasks by preventing specific runtime bugs.