Does Raven Investigate only work with specific programming languages?

No, Raven is language-agnostic and framework-adaptive. It detects your specific tech stack during the 'Arrive' phase and applies the appropriate security checks for that environment.

What is the output of a Raven investigation?

The result is a comprehensive 'Case File' markdown report containing an executive summary, letter grades for security domains, validated findings with OWASP references, and a prioritized remediation timeline.

How does the 'parallel fan-out' feature work?

Raven uses Claude's Task tool to launch six sub-agents simultaneously. Each agent focuses on a specific domain—such as Secrets, Auth, or CI/CD—allowing for a comprehensive audit in a fraction of the time.

Can Raven fix the security vulnerabilities it finds?

Raven is primarily a detective tool focused on assessment. While it identifies issues, it is designed to hand off remediation to complementary skills like turtle-harden or raccoon-audit.

Raven Security Investigate

Name: Raven Security Investigate
Author: AutumnsGrove

byAutumnsGrove

•

Security & Testing

Conducts rapid, parallel security audits across any codebase to deliver a comprehensive posture assessment and noir-style case file.

Raven Investigate acts as a specialized security detective for Claude Code, designed to rapidly audit unfamiliar codebases. By deploying parallel sub-agents across six critical domains—including secrets, authentication, and input validation—it identifies vulnerabilities and assesses overall security health without the need for manual sequential checking. Whether you are performing due diligence on a new repository or providing professional security review services, Raven provides a graded, prioritized report (A–F) that categorizes risks and suggests remediation paths, ensuring you know exactly where a project's security posture stands.

Key Features

01Manual Triage & Validation: Verifies high-severity risks directly in the source code to eliminate false positives before reporting.

02Stack-Agnostic Detection: Automatically identifies languages and frameworks to apply relevant, context-aware security checks.

03Parallel Multi-Agent Auditing: Launches six simultaneous sub-agents to scan distinct security domains for maximum speed.

04Weighted Grading System: Assigns letter grades (A–F) to security domains based on risk severity, impact, and compounding factors.

052 GitHub stars

06Noir Narrative Reporting: Generates detailed 'Case Files' with executive summaries, security scorecards, and remediation handoffs.

Use Cases

01Onboarding to a new project to establish a security baseline and identify immediate high-risk vulnerabilities.

02Assessing whether AI-maintained codebases follow security best practices and industry standards.

03Performing pre-acquisition code review or due diligence for external software repositories and client projects.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add autumnsgrove/lattice raven-investigate

For use in Claude.ai and ChatGPT

Key Features

01Manual Triage & Validation: Verifies high-severity risks directly in the source code to eliminate false positives before reporting.

02Stack-Agnostic Detection: Automatically identifies languages and frameworks to apply relevant, context-aware security checks.

03Parallel Multi-Agent Auditing: Launches six simultaneous sub-agents to scan distinct security domains for maximum speed.

04Weighted Grading System: Assigns letter grades (A–F) to security domains based on risk severity, impact, and compounding factors.

052 GitHub stars

06Noir Narrative Reporting: Generates detailed 'Case Files' with executive summaries, security scorecards, and remediation handoffs.

Use Cases

01Onboarding to a new project to establish a security baseline and identify immediate high-risk vulnerabilities.

02Assessing whether AI-maintained codebases follow security best practices and industry standards.

03Performing pre-acquisition code review or due diligence for external software repositories and client projects.