#1
ASH is an extensible, open source SAST, SCA, and IaC security scanner orchestration engine.
657 starsJun 12, 2026 pushsecurityPythonSAST
$ npx skills add awslabs/automated-security-helperAlternatives
Sast Scan alternatives for AI agents.
Compare similar skills by workflow fit, trust score, quality, GitHub adoption, maintenance, and install readiness.
Current skill
Sast Scan
Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
56
Quality
75
Trust
878
Stars
#2
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
2.7K starsJun 15, 2026 pushsecurityGoSAST
$ npx skills add Bearer/bearer#3
Complete Solution for VAPT/AppSec and Pentesting Guide: Web | Mobile | API | Thick Client | Source Code Review | DevSecOps | Wireless | Network Pentesting | SAST | DAST etc...
1.7K starsJun 6, 2026 pushsecurityShellSAST
$ npx skills add m14r41/PentestingEverything#4
Incredibly fast crawler designed for OSINT.
13K starsFeb 10, 2026 pushsecurityPythonOSINT
$ npx skills add s0md3v/Photon#5
Bandit is a tool designed to find common security issues in Python code.
8.1K starsMay 25, 2026 pushsecurityPythonSecurity
$ npx skills add PyCQA/bandit#6
A modular vulnerability scanner with automatic report generation capabilities.
1.2K starsJun 13, 2026 pushsecurityPythonSecurity
$ npx skills add CERT-Polska/Artemis#7
Open Source Intelligence Interface for Deep Web Scraping
1.6K starsApr 8, 2026 pushsecurityPythonOSINT
$ npx skills add josh0xA/darkdump#8
The ZAP by Checkmarx Core project
15K starsJun 11, 2026 pushsecurityJavaSecurity
$ npx skills add zaproxy/zaproxy#9
🕵️♂️ Collect a dossier on a person by username from 3000+ sites
33K starsJun 11, 2026 pushsecurityPythonOSINT
$ npx skills add soxoj/maigret#10
Download pictures (or videos) along with their captions and other metadata from Instagram.
13K starsApr 15, 2026 pushsecurityPythonOSINT
$ npx skills add instaloader/instaloader#11
Open-source intelligence for the global theater. Track everything from the corporate/private jets of the wealthy, and spy satellites, to seismic events in one unified interface. Hook an AI agent up to have it parse through data and find previously unseen correlations. The knowledge is available to all but rarely aggregated in the open, until now.
9.2K starsJun 12, 2026 pushsecurityPythonOSINT
$ npx skills add BigBodyCobain/Shadowbroker#12
Toutatis is a tool that allows you to extract information from instagrams accounts such as e-mails, phone numbers and more
4.0K starsDec 5, 2024 pushsecurityPythonOSINT
$ npx skills add megadose/toutatis#13
A friendly car security exploration tool for the CAN bus
918 starsJun 12, 2026 pushsecurityPythonSecurity
$ npx skills add CaringCaribou/caringcaribou#14
A default credential scanner.
1.5K starsJul 8, 2025 pushsecurityPythonSecurity
$ npx skills add ztgrace/changeme#15
The recursive internet scanner for hackers. 🧡
9.9K starsJun 12, 2026 pushsecurityPythonOSINT
$ npx skills add blacklanternsecurity/bbot#16
OneForAll是一款功能强大的子域收集工具
9.8K starsMay 11, 2026 pushsecurityPythonOSINT
$ npx skills add shmilylty/OneForAllHow to choose
When should you switch?
Use an alternative when it has a clearer install path, higher trust score, fresher maintenance, or better platform fit for your current agent stack. Keep Sast Scan if it already passes your workflow test and repository review.
Next step
Compare top candidates side by side
Open the compare page, test the install commands in a sandbox, and check each repository before using a skill in production.