Siddharth-1001 / llm-security-scanner

Public

A lightweight tool that scans LLM-integrated codebases for OWASP LLM Top 10 vulnerabilities — prompt injection patterns, insecure output handling, etc.

100% credibility

Found Apr 07, 2026 at 15 stars -- GitGems finds repos before they trend. Get early access to the next one.

AI Analysis

Python

AI Summary

A static analysis tool that scans Python code for security vulnerabilities specific to large language model integrations, aligned with OWASP LLM Top 10 risks.

How It Works

📰 Discover the tool

You find a free security checker for AI-powered apps that spots hidden dangers in code.

📥 Set it up quickly

You add the checker to your computer in seconds, no hassle needed.

📁 Pick your project

You select the folder holding your AI assistant or app code to review.

🔍 Run the safety scan

You start the check and it quickly examines your code for weak spots like sneaky injections or leaks.

📋 Review the findings

You get a simple report listing issues with friendly explanations and fix suggestions.

🛠️ Fix the problems

You follow the easy steps to patch vulnerabilities and make your app safer.

🛡️ Enjoy secure AI

Your project now runs without common AI security risks, keeping users and data safe.

Sign up to see the full architecture

5 more

Star Growth

See how this repo grew from 15 to 15 stars Sign Up Free

Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose

AI-Generated Review

What is llm-security-scanner?

This Python CLI tool scans your codebase for OWASP LLM Top 10 vulnerabilities like prompt injection, insecure output handling, and excessive agent permissions in LLM integrations. Run `pip install llm-security-scanner && llm-scan scan .` to catch issues in OpenAI, LangChain, or RAG setups before they hit production—no API keys or external services needed. It's a lightweight tool belt for securing LLM apps, outputting text, JSON, or SARIF for GitHub Code Scanning.

Why is it gaining traction?

Zero-config setup and SARIF integration make it a drop-in for CI pipelines, unlike heavier SAST tools that require heavy config. Devs love the YAML-based custom rules—you add detections in minutes without coding—and inline suppressions like `# llm-scan:ignore`. As a lightweight github alternative to full scanners, it hooks Python teams needing fast, LLM-specific checks without bloat.

Who should use this?

Python backend devs building chatbots, RAG pipelines, or agentic apps with LangChain or OpenAI SDKs. Security engineers auditing LLM supply chains or tool-calling risks in production codebases. Teams wanting a lightweight tool pouch for pre-commit hooks or GitHub Actions on LLM-heavy repos.

Verdict

Early days with 15 stars and 1.0% credibility score—docs are solid but test coverage and JS support lag—but it's mature enough for CI trials on Python LLM code. Grab it if you need a lightweight rag github scanner now; watch for agent framework expansions.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.

Stars

Forks

Followers

Base stars: 15 stars

Bonus: AI verified quality (100%)

Account age: 1,662 days

Repo age: 5 days

License: MIT

Updated: Apr 07, 2026