Language: 日本語English

nightvision Plugin

Topics
Security, Auth & Compliance · Claude Code Customization & Workflow
First seen
2026-07-09
Last confirmed
2026-07-13
Explanation last updated
2026-07-12

The explanation below is AI-generated. Please verify it against the sources.

nightvision is a Claude Code plugin that packages Agent Skills for working with NightVision, a white-box-assisted DAST and API Discovery platform. According to the README, NightVision combines API Discovery (static analysis to extract OpenAPI specs from source code), dynamic scanning (ZAP + Nuclei engines), and Code Traceback (tracing vulnerabilities back to exact source locations) to find exploitable vulnerabilities in web applications and REST APIs. The plugin provides four skills — scan-configuration, scan-triage, api-discovery, and ci-cd-integration — that let a coding agent run scans, triage findings, and wire security testing into CI/CD pipelines using natural language. The skills are built on the open Agent Skills format, so the same skill folders also work with OpenAI Codex, Cursor, and other compatible agentic tools, not just Claude Code.

Overview

NightVision is described in the README as a white-box-assisted DAST (Dynamic Application Security Testing) platform. It combines static analysis to extract OpenAPI specs from source code (API Discovery), dynamic scanning using ZAP and Nuclei engines, and Code Traceback that traces vulnerabilities back to exact source locations, aiming to find exploitable vulnerabilities in web applications and REST APIs.

What you can do with nightvision

  • scan-configuration: Set up DAST scans — create targets, configure authentication (Playwright, headers, cookies), manage projects, define scope exclusions, and prepare private network scans
  • scan-triage: Interpret scan results — read SARIF/CSV findings, understand vulnerabilities, locate vulnerable code, validate with curl, prioritize by severity, suggest fixes, and mark false positives
  • api-discovery: Extract OpenAPI specs from source code via static analysis, troubleshoot extraction issues, compare specs across versions, and leverage Code Traceback
  • ci-cd-integration: Wire NightVision into pipelines — GitHub Actions, GitLab CI, Azure DevOps, Jenkins, BitBucket, and JFrog with SARIF/CSV export and breaking-change detection
  • Invoke skills via natural-language requests to your agent, or directly with slash commands in Claude Code (/scan-configuration, /scan-triage, /api-discovery, /ci-cd-integration)
  • Install via Claude Code plugin marketplace (claude plugin install nightvision@nvsecurity), or copy/symlink the skills/ folders into ~/.agents/skills/ or a project-level .agents/skills/ for Codex, Cursor, and other Agent Skills-compatible tools

Sources

Original description (English)

Skills for working with NightVision, a DAST and API Discovery platform that finds exploitable vulnerabilities in web applications and REST APIs

History of nightvision

Back to list