Security News
US Government Forces Anthropic to Pull Claude Fable Days After Launch
Anthropic says the directive cited national security concerns over a narrow jailbreak, but offered no specific technical details.
By Sarah Gooding - Jun 13, 2026
Big News: Socket raises $60M Series C at a $1B valuation to secure software supply chains for AI-driven development.Announcement →
specter-kit
Advanced tools
specter-kit
SPECTER — The Illusive Security Protocol. Modular security skills for autonomous IDE agents.
███████╗██████╗ ███████╗ ██████╗████████╗███████╗██████╗ ██╔════╝██╔══██╗██╔════╝██╔════╝╚══██╔══╝██╔════╝██╔══██╗ ███████╗██████╔╝█████╗ ██║ ██║ █████╗ ██████╔╝ ╚════██║██╔═══╝ ██╔══╝ ██║ ██║ ██╔══╝ ██╔══██╗ ███████║██║ ███████╗╚██████╗ ██║ ███████╗██║ ██║ ╚══════╝╚═╝ ╚══════╝ ╚═════╝ ╚═╝ ╚══════╝╚═╝ ╚═╝
Security Protocol for Exploitation, Comprehensive Testing, Evaluation & Reporting
Modular security skill system for autonomous IDE agents.
SPECTER is a zero-dependency skill framework that transforms any LLM-powered coding agent into a governed security operator. One command installs 18 security skills, 22 enforceable guardrails, and a structured assessment workflow into any project — with support for 8 agent platforms (5 auto-detected, 1 custom).
Installation
npx specter-kit init
Or install globally:
npm install -g specter-kit
specter init
Other methods
# pnpm
pnpm add -g specter-kit && specter init
# Manual clone
git clone https://github.com/AnvinX1/SPECTER-The-Illusive-Security-Protocol.git
bash SPECTER-The-Illusive-Security-Protocol/setup.sh init
Supported Platforms
| Platform | Auto-Detected |
|---|---|
| GitHub Copilot | ✓ |
| Cursor | ✓ |
| Windsurf | ✓ |
| Claude Code | — |
| Zed Editor | ✓ |
| Continue.dev | ✓ |
| Cline (VS Code) | ✓ |
| Generic (AGENTS.md) | ✓ |
| Custom (any agent) | — |
specter init --agent all # target all platforms
specter init --agent zed # Zed Editor
specter init --agent cline # Cline (VS Code)
specter init --agent custom --src ./my-adapter.md --dest ./.myagent/specter.md
specter list --agents # show all supported platforms
Skills
| Domain | Skills | Covers |
|---|---|---|
| Governance & Triage | 2 | Authorization enforcement, scope control, 22 guardrails, finding intake & dedup |
| Reconnaissance & Threat Modeling | 2 | Attack surface mapping, STRIDE/PASTA, AI threat actor profiling, risk prioritization |
| Code & Application | 3 | Source review, API security (OWASP Top 10), server misconfiguration |
| Infrastructure & Cloud | 3 | Cloud IAM/CIS, container escape & K8s, network segmentation |
| Supply Chain & Identity | 3 | Dependency CVEs, secret detection, AI hallucinated packages, CI/CD pipelines, AD/Kerberos |
| Exploit, Mobile & AI | 3 | PoC validation, OWASP Mobile Top 10, LLM/AI red teaming, OWASP LLM Top 10 2025 |
| Reporting & Audit | 2 | Evidence compilation, redaction, statistics, continuous post-task delta audit |
Workflow
governance ──► recon ──► threat model
│
┌───────────────┼───────────────┐
▼ ▼ ▼
code & app infra & cloud AI / LLM
supply chain
│ │ │
└───────────────┼───────────────┘
▼
triage ──► exploit validation
│
▼
reporting
Every engagement starts with security-governance — scope authorization and 22 cascading guardrails are enforced before any assessment work begins.
Included
| Type | Count | Description |
|---|---|---|
| Security Skills | 18 | Structured SKILL.md workflows with standard finding formats |
| Reference Docs | 14 | Checklists, attack patterns, MITRE ATT&CK mapping, attack chains, severity matrix, CIS benchmarks |
| Helper Scripts | 15 | Finding normalization, dedup, export, redaction, validation, scanning, shared utilities |
| Guardrails | 22 | Scope enforcement, evidence standards, regulatory escalation |
Commands
specter init # initialize in current project
specter scan web https://target.com # TLS + HTTP headers scan
specter scan host target.com # TLS + port probe
specter scan dir ./src # secret scan
specter scan all https://target.com . # all checks + optional --output report.md
specter list # view installed skills
specter doctor # verify installation health
specter update # update to latest skills
specter banner # replay the terminal animation
Guardrails
All assessments operate under 22 mandatory rules enforced by the governance skill:
Scope & Authorization — Written authorization required. Strict scope boundaries. Out-of-scope discovery protocol.
Engagement Rules — Full exploit capability within scope. Credential testing against authorized targets only. Lateral movement requires explicit approval. Destructive action limits enforced.
Evidence & Classification — Suspected ≠ Confirmed. Evidence required for all findings. Conservative severity classification. Standard finding format (S1–S5 severity, C1–C4 confidence).
Compliance & Escalation — PII access limits. Zero-day disclosure protocol. Regulatory escalation triggers for GDPR, PCI-DSS, HIPAA, SOX. Evidence retention policy enforced.
SPECTER · by Anvin · Illusive Operations
MIT License
FAQs
SPECTER — The Illusive Security Protocol. Modular security skills for autonomous IDE agents.
We found that specter-kit demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 14 Mar 2026
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
152 Chrome Live Wallpaper Extensions Hid Ad Tracking and Faked Google Search Traffic
A network of 152 Chrome live wallpaper extensions hid ad tracking and made extension-driven traffic look like Google search clicks.
By Kush Pandya - Jun 12, 2026
Company News
Andrew Becherer Joins Socket as Chief Information Security Officer
Socket’s first CISO brings deep experience securing high-growth SaaS companies as open source supply chain threats accelerate.
By Sarah Gooding - Jun 11, 2026