Agent Skills
StackHawk agent skills are instruction sets that teach AI coding agents how to run security scans, parse findings, fix vulnerabilities, and verify fixes. Install a skill and your agent gains full DAST capability — no separate tools, no context switching.
How Agent Skills Work
When you install a StackHawk agent skill, your AI coding agent learns how to:
- Configure — Generate a
stackhawk.ymlconfig file based on your app type, host, and auth pattern - Scan — Run HawkScan against your running application
- Parse — Read structured JSON findings with vulnerability type, severity, affected path, and method
- Fix — Remediate vulnerabilities directly in your codebase (parameterized queries, output encoding, security headers, etc.)
- Verify — Rescan to confirm all fixes are effective
When you finish building a feature, the agent automatically runs this loop — “done” means “done and secure.”
Supported Platforms
Claude Code
Install with one command from the plugin marketplace.
Cursor
Copy rule files into your project's .cursor/rules/ directory.
Codex
Install with one command from the plugin marketplace.
Gemini CLI
Install as a Gemini extension.
GitHub Copilot
Auto-discovers skills from your repository.
Prerequisites
- A StackHawk account (Secure, Scale, or Vibe)
- A StackHawk API key (generate at app.stackhawk.com → Settings → API Keys)
- HawkScan CLI or Docker — see Install and Run HawkScan for signed installers (macOS
.pkg, Windows.msi, Linux.zip) or Homebrew - An application running locally that the scanner can reach
Two Skills Included
The StackHawk agent skills package includes two skills:
| Skill | Purpose |
|---|---|
| HawkScan | Configure, run, and interpret DAST scans. Fix vulnerabilities and verify fixes. |
| API | Query the StackHawk platform for security posture, findings reports, scan history, and triage status. |