npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

specter-kit

v1.4.0

Published

SPECTER — The Illusive Security Protocol. Modular security skills for autonomous IDE agents.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

illusivemanillusiveman

Keywords

securitypentestagentcopilotcursorclaudeskillsvulnerabilityassessmentowaspbug-bountyspecter

Readme

Security Protocol for Exploitation, Comprehensive Testing, Evaluation & Reporting

Modular security skill system for autonomous IDE agents.

npm license zero-deps

SPECTER is a zero-dependency skill framework that transforms any LLM-powered coding agent into a governed security operator. One command installs 18 security skills, 22 enforceable guardrails, and a structured assessment workflow into any project — with support for 8 agent platforms (5 auto-detected, 1 custom).

Installation

npx specter-kit init

Or install globally:

npm install -g specter-kit
specter init
# pnpm
pnpm add -g specter-kit && specter init

# Manual clone
git clone https://github.com/AnvinX1/SPECTER-The-Illusive-Security-Protocol.git
bash SPECTER-The-Illusive-Security-Protocol/setup.sh init

Supported Platforms

| Platform | Auto-Detected | |----------|:------------:| | GitHub Copilot | ✓ | | Cursor | ✓ | | Windsurf | ✓ | | Claude Code | — | | Zed Editor | ✓ | | Continue.dev | ✓ | | Cline (VS Code) | ✓ | | Generic (AGENTS.md) | ✓ | | Custom (any agent) | — |

specter init --agent all              # target all platforms
specter init --agent zed              # Zed Editor
specter init --agent cline            # Cline (VS Code)
specter init --agent custom --src ./my-adapter.md --dest ./.myagent/specter.md
specter list --agents                 # show all supported platforms

Skills

| Domain | Skills | Covers | |--------|:------:|--------| | Governance & Triage | 2 | Authorization enforcement, scope control, 22 guardrails, finding intake & dedup | | Reconnaissance & Threat Modeling | 2 | Attack surface mapping, STRIDE/PASTA, AI threat actor profiling, risk prioritization | | Code & Application | 3 | Source review, API security (OWASP Top 10), server misconfiguration | | Infrastructure & Cloud | 3 | Cloud IAM/CIS, container escape & K8s, network segmentation | | Supply Chain & Identity | 3 | Dependency CVEs, secret detection, AI hallucinated packages, CI/CD pipelines, AD/Kerberos | | Exploit, Mobile & AI | 3 | PoC validation, OWASP Mobile Top 10, LLM/AI red teaming, OWASP LLM Top 10 2025 | | Reporting & Audit | 2 | Evidence compilation, redaction, statistics, continuous post-task delta audit |

Workflow

governance ──► recon ──► threat model
                              │
              ┌───────────────┼───────────────┐
              ▼               ▼               ▼
         code & app    infra & cloud      AI / LLM
                             supply chain
              │               │               │
              └───────────────┼───────────────┘
                              ▼
                    triage ──► exploit validation
                              │
                              ▼
                          reporting

Every engagement starts with security-governance — scope authorization and 22 cascading guardrails are enforced before any assessment work begins.

Included

| Type | Count | Description | |------|:-----:|-------------| | Security Skills | 18 | Structured SKILL.md workflows with standard finding formats | | Reference Docs | 14 | Checklists, attack patterns, MITRE ATT&CK mapping, attack chains, severity matrix, CIS benchmarks | | Helper Scripts | 15 | Finding normalization, dedup, export, redaction, validation, scanning, shared utilities | | Guardrails | 22 | Scope enforcement, evidence standards, regulatory escalation |

Commands

specter init       # initialize in current project
specter scan web https://target.com   # TLS + HTTP headers scan
specter scan host target.com          # TLS + port probe
specter scan dir ./src                # secret scan
specter scan all https://target.com . # all checks + optional --output report.md
specter list       # view installed skills
specter doctor     # verify installation health
specter update     # update to latest skills
specter banner     # replay the terminal animation

Guardrails

All assessments operate under 22 mandatory rules enforced by the governance skill:

Scope & Authorization — Written authorization required. Strict scope boundaries. Out-of-scope discovery protocol.

Engagement Rules — Full exploit capability within scope. Credential testing against authorized targets only. Lateral movement requires explicit approval. Destructive action limits enforced.

Evidence & Classification — Suspected ≠ Confirmed. Evidence required for all findings. Conservative severity classification. Standard finding format (S1–S5 severity, C1–C4 confidence).

Compliance & Escalation — PII access limits. Zero-day disclosure protocol. Regulatory escalation triggers for GDPR, PCI-DSS, HIPAA, SOX. Evidence retention policy enforced.

SPECTER · by Anvin · Illusive Operations

MIT License