StackHawk Documentation StackHawk Logo HawkDocs
ai security
agent skills
claude code

No results found

Try different keywords or check your spelling

Search documentation

Find guides, API references, and more

esc

Claude Code

/plugin marketplace add stackhawk/agent-skills-marketplace
/plugin install hawkscan@stackhawk
/plugin install stackhawk-api@stackhawk
brew tap stackhawk/cli && brew install hawk hawkop

Download and run the installers from docs.stackhawk.com/downloads:

  • hawk — Windows MSI (includes bundled Java)
  • hawkop — Windows MSI

CMD users: use PowerShell (built into Windows 10+) or WSL.

Then authenticate both CLIs:

hawk init
hawkop init

hawk init prompts for your API key (hawk.xxxxxxxxxx.xxxxxxxxxx) — get one at app.stackhawk.comSettings → API Keys. hawkop init picks up the key automatically and prompts for your default organization.

After installation, ask Claude: “What StackHawk skills do you have?” It should describe the HawkScan scanning skill and API reporting skill.

Ask Claude to scan your application:

Scan my app running on localhost:8080 for security vulnerabilities

Claude will generate a stackhawk.yml config if one doesn’t exist, validate it, run the scan, and present findings. When you finish building a feature, Claude automatically runs a security scan, fixes any findings, and rescans to verify.

  • The agent checks if your app is running and will prompt you to start it if needed
  • For authenticated endpoints, tell Claude your auth pattern (e.g., “my app uses JWT bearer tokens”) and it will configure the scan accordingly
  • Use hawk validate config stackhawk.yml to debug config issues
  • The --json-output flag is used automatically for structured findings parsing

Your privacy settings

We use first and third party cookies to ensure that we give you the best experience on our website and in our products.

Privacy Policy