FREE · NO SIGNUP · APACHE 2.0 · YOUR URL NEVER LEAVES OUR WORKER

Paste a URL. Get a security grade.

Free public scanner for AI-built apps. Built for projects deployed from any AI-generated app, but it works on anything public. Takes about 30 seconds.

Free, passive surface check of HTTPS, security headers, and exposed files, graded in plain English. No signup, no telemetry. Want a deep audit of your code? Run the open-source CLI.

Here's what a scorecard looks like.

Below is the live scan of lictor-ai.com itself. We scan ourselves first, publicly. Our findings are public. That's the contract.

See the full scorecard for lictor-ai.com →

How it works.

You paste a URL.

Any public web app. No login, no GitHub install, no signup.

A Cloudflare Worker scans it.

Our 7-check Rust engine, compiled to WebAssembly, runs against your URL in about 30 seconds. The same engine that runs in /lictor-security-check and the Shield browser extension.

You get a letter grade.

A through F. Plus the 5 worst findings in plain English, with a 5-minute fix for each. Shareable. Re-runnable as you fix.

What we do with your scan.

We never store your URL or scorecard publicly without your consent. Your scan is yours.
We store one anonymous fingerprint per scan, a hash of (check + severity + platform) with no URL, no app name, no PII. This builds the public dataset on how AI assistants get security wrong.
Patrol (our continuous scanner) respects a 30-day private-disclosure window for individual founders and 90 days for companies.
One-click opt-out at lictor-ai.com/scan/<hash>/remove. Meerkat processes it within 24 hours.
Zero telemetry, ever. The CLI version is also free and runs entirely offline.

Or run it locally. 3 commands, 30 seconds

Prefer to run inside your editor instead of pasting a URL? Lictor ships as a Claude Code skill. Paste 3 commands and type /lictor-security-check in any project.

# 1. Clone the repo
git clone https://github.com/Raffa-jarrl/Lictor-AI.git ~/Code/lictor

# 2. Make sure Claude's skills folder exists
mkdir -p ~/.claude/skills

# 3. Copy the Lictor skills in
cp -r ~/Code/lictor/skills/lictor-* ~/.claude/skills/

Then open Claude Code in any project and type /lictor-security-check

It's free. Forever.

Lictor's core is open source under Apache 2.0. The scanner runs on Cloudflare Workers ($30/month at our projected volumes) and a domain (one-time). The audit corpus, the public scorecards, and the leaderboard are all free.

If Lictor helps you ship a safer app, the world treats back the same:

Donate → Star the repo

For commercial use with continuous monitoring + Slack alerts + audit log export, Lictor for Teams is $19/month flat, unlimited seats. No per-seat pricing, ever. (Learn more on the home page.)