Coverage · the complete map

It started at 7 checks. It runs 48 now.

One slash command walks your project and runs 48 checks, every externally-observable, ethically-confirmable security risk we know how to find in code, AI-built or hand-written, web or mobile. The set is mapped to the full OWASP Top 10 for Web, API, Mobile and GenAI/LLM, plus the CWE Top 25. Every check is a readable markdown file with a built-in "what NOT to flag" guard, so the report you get is real, not noise.

Source of truth: skills/lictor-security-check/checks/ · baseline CHECKS.md v2.2 · Apache 2.0 · runs 100% locally

Scan your app → See all 48 → Full docs →

How it works

Read the code. Confirm it. Explain it in plain English.

Lictor is read-only and local. It detects the stack (Next.js, Vite, Astro, SvelteKit, Flutter, React Native, native iOS/Android, Python, Go, Ruby, PHP…), then runs every applicable check by reading your code and observing what's already public, never by attacking a live system. Each finding is confirmed against a "what NOT to flag" guard before it reaches you, then rewritten as a story a non-technical founder can act on: "anyone who opens your-app.com/api/users gets your whole customer list." The output is a SECURITY-AUDIT.md file in your project root.

What you get back

A rendered SECURITY-AUDIT.md

# Security Audit: your-app.com
Verdict: 🔴 Don't ship yet · 2 critical, 1 high, 3 medium

🔴 CRITICAL: Your OpenAI key is in the browser bundle
  Anyone who opens DevTools on your site can read your OpenAI key
  (found in /assets/index-4f2a.js, masked sk-proj-…aB12) and run
  unlimited requests on your account. You pay the bill.
  → Fix tonight: rotate the key, move it behind a server route.
  Maps to: OWASP LLM02 · CWE-312 · check #2 ai-keys

🔴 CRITICAL: /api/users returns the customer list with no login
  Maps to: OWASP API1 (BOLA) · CWE-284 · check #7 api-auth

🟠 HIGH: CORS reflects any origin with credentials
  Maps to: OWASP A05 · CWE-942 · check #19 cors

▸ 3 medium findings (collapsed) · full report in ./SECURITY-AUDIT.md

Every finding carries the plain-English story, the 5-minute fix, and the OWASP/CWE mapping for the buyers who ask.

Group 1 · Secrets & exposure · 6 checks

Things that should never be public

CRITICAL

Secrets in code

Hardcoded API keys, passwords, DB connection strings in source or build output.

CRITICAL

Leaked AI keys · our specialty

OpenAI / Anthropic / Gemini keys shipped to the browser or committed to the repo.

CRITICAL

Exposed config files

.env, .git, configs your live site accidentally serves.

CRITICAL

Public cloud storage

World-readable S3 / GCS / Azure / Firebase / Supabase buckets.

HIGH

Secrets & PII in logs

Tokens and personal data leaking through logs and error responses.

HIGH

Weak / broken crypto

MD5/SHA1 for passwords, ECB mode, hardcoded IVs, Math.random() tokens.

Group 2 · Access control · 7 checks

Who can do what, and what they can see

CRITICAL

Unprotected user-data routes

/api/* returning user data with no login check.

CRITICAL

Broken auth & sessions

Weak or missing auth on mutations, broken JWT, default credentials.

CRITICAL

Users seeing others' data (IDOR)

Change the number in the URL, read records that aren't yours.

HIGH

Mass assignment

Extra JSON fields that set role/isAdmin you never meant to expose.

HIGH

The "painted lock" admin page

Admin pages that send the data first, then redirect you away.

CRITICAL

Open database

Supabase / Firebase with no security rules, where the front-door key opens everything.

MEDIUM

Missing audit logging

No record of logins, permission changes, payments, so you can't detect or investigate a breach.

Group 3 · Injection & input · 5 checks

When your app trusts what the user types

CRITICAL

Injection

SQL / XSS / command / template injection from unsanitized input.

HIGH

SSRF

Your server (or AI agent) fetching attacker-controlled URLs / cloud metadata.

HIGH

Insecure file upload

Unrestricted uploads, traversal in filenames, paths to remote code execution.

CRITICAL

Path traversal

../ in a file path that lets anyone read arbitrary files.

CRITICAL

Unsafe deserialization

pickle / unserialize / readObject on untrusted input.

Group 4 · Web hardening · 6 checks

The headers and gates the framework left off

CRITICAL

Over-permissive CORS

Settings that let any website read your logged-in users' API responses.

MEDIUM

Missing security headers

CSP / HSTS / nosniff, and cookies without Secure/HttpOnly/SameSite.

HIGH

Unverified webhooks & CSRF

Unsigned Stripe/GitHub webhooks and missing CSRF protection.

HIGH

No rate limiting

Brute-force, and AI-endpoint cost-bombing that drains your wallet.

MEDIUM

Open redirect

User-controlled redirects used for phishing and token theft.

CRITICAL

Exposed admin / debug surfaces

Debug mode, stack traces, open dashboards, GraphQL introspection in production.

Group 5 · API-specific · 4 checks

The OWASP API Top 10, where the money usually is

MEDIUM

Shadow / old API inventory

Undocumented, deprecated, debug or /v1 endpoints still live.

HIGH

Unrestricted resource use

Uncapped page size, request body, batch size, GraphQL depth.

MEDIUM

Unprotected business flows

No bot gate on signup / checkout / referral: free-tier farming, scalping, fraud.

MEDIUM

Unsafe 3rd-party consumption

Trusting an external API's response blindly, with no validation or timeout.

Group 6 · Supply chain & integrity · 2 checks

What you pulled in, and how it ships

HIGH

Vulnerable dependencies

Outdated, vulnerable, typosquatted or confusable packages; dependency confusion.

HIGH

CI/CD & update integrity

Unpinned GitHub Actions, curl | bash installs, unsigned auto-update.

Group 7 · AI / LLM · 10 checks · our niche

The whole OWASP Top 10 for LLM apps

If you built it with AI, or it talks to a model, this is the part most scanners don't have.

CRITICAL

Prompt injection & tool abuse

Users overriding your rules to make the model do things you didn't allow.

CRITICAL

Indirect prompt injection

RAG docs, fetched pages, emails, DB rows carrying hidden instructions into the prompt.

HIGH

Secrets / rules in the system prompt

Keys or load-bearing authz rules baked into the prompt as if it were private.

HIGH

Unsanitized model-output sink

Model output flowing into HTML / eval / SQL: injection in reverse.

HIGH

Over-scoped LLM context

Feeding the model more data than the end user is allowed to see.

CRITICAL

Excessive agent tool permissions

An AI agent wired to shell, raw SQL or money-moving APIs with no guardrail.

CRITICAL

Vector-store tenant isolation

A RAG query with no per-tenant filter, so one customer retrieves another's docs.

HIGH

RAG ingestion trust

A knowledge base anyone can poison with documents the model later trusts.

CRITICAL

Untrusted model artifacts

torch.load / trust_remote_code on third-party weights.

MEDIUM

Ungrounded output trust

Slopsquatting, and using a raw LLM answer as the sole decider for auth or pricing.

Group 8 · Mobile · 8 checks

iOS, Android, Flutter, React Native

CRITICAL

Mobile core leaks

Hardcoded keys in the bundle, cleartext traffic, insecure storage, exported components.

HIGH

Client-side-only auth

Biometric or role checks decided on the device, where anyone can flip them.

CRITICAL

Insecure data at rest

Unencrypted SQLite/Realm, world-readable files, secrets in device logs.

HIGH

Missing cert pinning

Trust-all overrides that let anyone MITM the app on a hostile network.

MEDIUM

Binary protections

No obfuscation, no root/jailbreak detection, no tamper checks.

HIGH

Input / output validation

Deep links, custom URL schemes, WebView bridges and exported IPC.

MEDIUM

Privacy controls

Over-broad permissions, undisclosed tracking, clipboard and screenshot leaks.

HIGH

Mobile supply chain

Unpinned SDK versions, abandoned ad/analytics libraries.

References · what the 48 map to

Standards, not a homemade list

Coverage isn't a number we picked. The 48 checks are mapped to the recognized external risk catalogs, so an enterprise buyer or compliance team can trace every finding to a standard.

OWASP Top 10 (Web, 2021)

Access control, crypto, injection, misconfiguration, vulnerable components, logging.

OWASP API Top 10 (2023)

BOLA, broken auth, property-level authz, resource consumption, business-flow abuse.

OWASP Mobile Top 10 (2024)

Credential use, supply chain, auth, input/output, comms, privacy, binary, storage.

OWASP Top 10 for LLM apps (2025)

Prompt injection, output handling, data leakage, supply chain, excessive agency, RAG.

CWE Top 25 (MITRE)

The most dangerous software weaknesses; every check cites its CWE.

SOC 2 / GDPR / EU AI Act

Findings also map to compliance controls, surfaced only if you ask.

Honest boundaries

What the 48 deliberately leave out

Lictor only flags what can be confirmed by reading your code or observing what's already public. Anything that can only be proven by attacking a live system (blind RCE, time-based SQLi exploitation) is out by design. Those belong to an authorized pentest, and Lictor never tells you to attack anything. And every one of the 48 carries a "what NOT to flag" guard, because a scanner that cries wolf is worse than none. Here are the false positives we filter.

48 checks. One slash command. Free.

Open-source, Apache 2.0, runs entirely on your machine: no token, no signup, no telemetry. Read every check as a markdown file before you trust it.

Scan your app → Install the CLI →