Anti-vibe coding and security agent
Project description
AntiShlop Security Agent
AI-powered security agent for code files.
Installation
pip install antishlop-cli
Setup
Set your OpenAI API key:
# Option 1: Environment variable
export OPENAI_API_KEY=your_api_key_here
# Option 2: .env file
echo "OPENAI_API_KEY=your_api_key_here" > .env
# Option 3: Interactive setup (will prompt automatically)
antishlop path/to/file.py
Usage
# Analyze a single file
antishlop file.py
# Analyze a directory
antishlop /path/to/project
# Save detailed report to JSON
antishlop file.py -o report.json
# Quiet mode (minimal output)
antishlop file.py -q
What It Does
- Detects 200+ security vulnerability patterns across 23 analyzer categories
- Uses GPT-4.1 with specialized security analysis tools
- Shows real-time token usage during analysis
- Supports file-by-file or directory analysis
- Automatic deeper analysis when issues are found
- Vector database context from your entire codebase
- Documentation recommendations with potential fixes (not guaranteed)
Supported Languages
Python • JavaScript • TypeScript • Java • Go • Ruby • PHP • C/C++ • C# • Rust • Swift • Kotlin • Scala
Features
Core Security Analyzers (15)
- OWASP Top 10 - Injection flaws, broken access control, misconfigurations
- Secrets Detection - API keys, passwords, tokens, certificates
- Dependency Scanning - Known CVEs, supply chain attacks
- Authentication - Auth bypass, privilege escalation, JWT flaws
- Input Validation - SQL injection, XSS, command injection
- Cryptography - Weak algorithms, key management issues
- Data Security - PII exposure, encryption gaps
- Configuration - Security headers, CORS, CSP issues
- Business Logic - Race conditions, workflow bypasses
- Error Handling - Stack traces, debug info leaks
- Code Quality - Dead code with secrets, commented credentials
- Infrastructure - Docker, K8s, cloud misconfigurations
- API Security - Rate limiting, endpoint enumeration
- Filesystem - Path traversal, permission issues
- Concurrency - Race conditions, deadlocks
Advanced Security Analyzers (8) - NEW in v1.1.0
- Speculative Execution - Spectre, Meltdown, cache timing attacks
- Quantum-Safe Crypto - Post-quantum readiness, PQC migration
- AI/ML Security - Prompt injection, model attacks, LLM vulnerabilities
- Supply Chain - Dependency confusion, build pipeline security
- Cloud Misconfig - IAM permissions, S3 buckets, secrets in cloud
- TOCTTOU - Advanced race conditions, atomicity violations
- IoT/Firmware - Unsigned firmware, embedded credentials
- Business Logic Abuse - Financial exploits, transaction abuse
UI & Reporting
- Interactive Setup: Automatically prompts for API key if not found
- Beautiful UI: Animated progress, colored output, professional styling
- Graceful Exit: Ctrl+C exits cleanly without error messages
- Context Aware: Uses vector database to understand code relationships
- JSON Export: Machine-readable reports for CI/CD integration
- Documentation Links: Provides potential fixes and resources (not guaranteed)
Requirements
- Python 3.8+
- OpenAI API key
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
antishlop_cli-1.1.1.tar.gz
(34.8 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file antishlop_cli-1.1.1.tar.gz.
File metadata
- Download URL: antishlop_cli-1.1.1.tar.gz
- Upload date:
- Size: 34.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.11
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
aaeee1c0dbf99600a6f7fa60371d4537683de56c5a592c0faebc1fd27a732917
|
|
| MD5 |
ce8a69dc2406a34bf42baf52e8f55e15
|
|
| BLAKE2b-256 |
5e626bbf553582e2d7d4a6dfcfaa5057e5e7026ef7947a0450f99ce601eb816d
|
File details
Details for the file antishlop_cli-1.1.1-py3-none-any.whl.
File metadata
- Download URL: antishlop_cli-1.1.1-py3-none-any.whl
- Upload date:
- Size: 36.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.11
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
824fc186d22973c0489d1467bddfd645d1f123935e1ce3896fdd1a7c86701f35
|
|
| MD5 |
dc97c31c100927dc5e77556d04c1864c
|
|
| BLAKE2b-256 |
114aa7c2312817d5b10ef532a0b40cba28b8c5022fab84110885eece26859530
|