Getting Started
Installation and usage
Ghost Security Agent is packaged as a Claude Code plugin. This guide covers installation, available skills, and configuration.
Quick start
You need Claude Code version 2.1.38 or later. Check your version:
claude --version
Install the Ghost Security Agent plugin:
claude plugin marketplace add ghostsecurity/skills
claude plugin install ghost@ghost-security
Then launch claude from within your repository and run a skill:
/ghost:scan-secrets
/ghost:scan-deps
/ghost:scan-code
Ghost Security Agent downloads the tool binaries automatically on first use. You should see the skill activate, scan your codebase, and report its findings.
Available skills
Once installed, you have access to these skills in Claude Code:
| Skill | What it does |
|---|---|
ghost:repo-context | Builds shared context about your repository structure and criticality |
ghost:scan-deps | Scans dependencies for known vulnerabilities using Wraith |
ghost:scan-secrets | Scans for leaked secrets and credentials using Poltergeist |
ghost:scan-code | AI-powered code analysis for 89 vulnerability types |
ghost:report | Aggregates findings into a prioritized security report |
ghost:validate | Validates individual findings through code analysis and optional live testing |
ghost:proxy | Manages the Reaper MITM proxy for traffic capture |
You can invoke skills directly or let Claude Code choose the right skills based on your request.
Alternative methods
Installation from inside Claude Code
/plugin marketplace add ghostsecurity/skills
/plugin install ghost@ghost-security
Currently, you need to restart Claude Code to load the plugin as plugins are loaded on startup.
Usage without installing the plugin
Clone the skills repo and load it with --plugin-dir:
git clone https://github.com/ghostsecurity/skills.git ~/.ghost/skills
claude --plugin-dir ~/.ghost/skills
The tool binaries (poltergeist, wraith, reaper) are downloaded automatically on first use. To install them manually, see the Poltergeist, Wraith, and Reaper tool pages.
Data storage
Ghost Security Agent stores all data locally:
| Path | Contents |
|---|---|
~/.ghost/bin/ | Tool binaries (poltergeist, wraith, reaper) |
~/.ghost/repos/ | Cached repository context and scan results |
~/.reaper/ | Reaper proxy database and runtime files |
Scan results are cached per repository and commit SHA, so re-running a scan on the same commit returns cached results instantly.
Updating
To update the Ghost Security Agent plugin to the latest version:
claude plugin update ghost@ghost-security
This updates the skills and downloads the latest tool binaries if a newer version is available.