Paste a URL. Get a security grade.
Free public scanner for AI-built apps. Built for projects deployed from any AI-generated app, but it works on anything public. Takes about 30 seconds.
Here's what a scorecard looks like.
Below is the live scan of lictor-ai.com itself. We scan ourselves first, publicly. Our findings are public. That's the contract.
How it works.
You paste a URL.
Any public web app. No login, no GitHub install, no signup.
A Cloudflare Worker scans it.
Our 7-check Rust engine, compiled to WebAssembly, runs against your URL in about 30 seconds. The same engine that runs in /lictor-security-check and the Shield browser extension.
You get a letter grade.
A through F. Plus the 5 worst findings in plain English, with a 5-minute fix for each. Shareable. Re-runnable as you fix.
What we do with your scan.
- We never store your URL or scorecard publicly without your consent. Your scan is yours.
- We store one anonymous fingerprint per scan, a hash of (check + severity + platform) with no URL, no app name, no PII. This builds the public dataset on how AI assistants get security wrong.
- Patrol (our continuous scanner) respects a 30-day private-disclosure window for individual founders and 90 days for companies.
- One-click opt-out at
lictor-ai.com/scan/<hash>/remove. Meerkat processes it within 24 hours. - Zero telemetry, ever. The CLI version is also free and runs entirely offline.
Or run it locally. 3 commands, 30 seconds
Prefer to run inside your editor instead of pasting a URL? Lictor ships as a Claude Code skill. Paste 3 commands and type /lictor-security-check in any project.
# 1. Clone the repo git clone https://github.com/Raffa-jarrl/Lictor-AI.git ~/Code/lictor # 2. Make sure Claude's skills folder exists mkdir -p ~/.claude/skills # 3. Copy the Lictor skills in cp -r ~/Code/lictor/skills/lictor-* ~/.claude/skills/
Then open Claude Code in any project and type /lictor-security-check
It's free. Forever.
Lictor's core is open source under Apache 2.0. The scanner runs on Cloudflare Workers ($30/month at our projected volumes) and a domain (one-time). The audit corpus, the public scorecards, and the leaderboard are all free.
If Lictor helps you ship a safer app, the world treats back the same:
For commercial use with continuous monitoring + Slack alerts + audit log export, Lictor for Teams is $19/month flat, unlimited seats. No per-seat pricing, ever. (Learn more on the home page.)