GitHub Copilot

Install

copilot plugin marketplace add stackhawk/agent-skills
copilot plugin install hawkscan@stackhawk
copilot plugin install stackhawk-api@stackhawk

Install hawk and hawkop

brew tap stackhawk/cli && brew install hawk hawkop

Then authenticate both CLIs:

hawk init
hawkop init

hawk init prompts for your API key (hawk.xxxxxxxxxx.xxxxxxxxxx) — get one at app.stackhawk.com → Settings → API Keys. hawkop init picks up the key automatically and prompts for your default organization.

Verify

Check your directory structure — after install, you should see:

~/.agents/skills/
├── hawkscan/
│   ├── SKILL.md
│   └── references/
└── stackhawk-api/
    ├── SKILL.md
    └── references/

In VS Code: Open GitHub Copilot → Configure Skills. Both hawkscan and stackhawk-api should appear in the list.

Ask Copilot: "What StackHawk skills do you have?" — the response should mention both the HawkScan security scanning skill and the StackHawk API skill.

Usage

Ask Copilot to scan your application:

Scan my app running on localhost:8080 for security vulnerabilities

Tips

• Install once, scan everywhere: Personal skills in ~/.agents/skills/ are available across all your projects
• Multi-tool support: ~/.agents/skills/ works across Copilot, Claude Code, and other tools that follow the shared agents convention
• Team distribution: For team-wide rollout, add skills to .github/skills/ in your repos
• Custom locations: Configure additional skill directories via the chat.skillsLocations setting in VS Code
• The agent checks if your app is running and will prompt you to start it if needed