Install the AgentKeeper Plugin

Add real-time threat detection to Claude Code in 60 seconds. No account, no API key, no configuration. Just install and go.

What you get instantly

✓Threat detection patterns — credential exfiltration, reverse shells, prompt injection, SUID manipulation, DNS exfiltration, and more
✓4 lifecycle hooks — UserPromptSubmit, PreToolUse, PostToolUse, SessionStart
✓9 slash commands — /agentkeeper:audit, /agentkeeper:secrets, /agentkeeper:inspect, and more
✓Zero network calls — everything runs locally on your machine. No telemetry.

Add RAD Security's Claude Code marketplace

In Claude Code, run:

/plugin marketplace add rad-security/claude-code-plugin

This registers the AgentKeeper plugin catalog with your Claude Code installation. You only need to do this once.

Install AgentKeeper

/plugin install agentkeeper

Claude Code installs the plugin package. The new slash commands become available after reloading the plugin registry.

Reload plugin commands

/reload-plugins

This refreshes Claude Code's command registry so AgentKeeper slash commands are available in the current session.

Restart Claude Code

Quit Claude Code and reopen it. Hooks are loaded once at startup, so a full restart is required before AgentKeeper begins intercepting tool calls.

Try it out

Run a security audit of your Claude Code setup:

/agentkeeper:audit

This checks 10 security dimensions — sandbox mode, root execution, secret exposure, git signing, hook coverage, permissions, and more — then gives you a letter grade with actionable recommendations.

Then scan for exposed secrets:

/agentkeeper:secrets

And audit your installed plugins for threats:

/agentkeeper:inspect

Connect your dashboard

Link the plugin to a free AgentKeeper account so threats surface in your dashboard and every session contributes to fleet visibility.

/agentkeeper:connect

Opens your browser to approve the device. Sign up at AgentKeeper signup first if you don't already have an account — free, no credit card. After approval, restart Claude Code again so the connected HTTP hooks load at startup.

Prefer local-only?

You can skip this step by running /agentkeeper:setup --local instead. Detection still runs against bundled threat patterns, but nothing leaves your machine and you won't see events in a dashboard. You can connect later at any time.

Configure warn or block mode

/agentkeeper:setup

Default mode is warn— threats are flagged but execution continues. Switch to block to prevent dangerous commands from executing.

Need team-wide coverage?

The plugin protects individual developers. For fleet-wide policy enforcement where every developer who pulls a repo is automatically covered, use push-hooks for teams.

Source code

The plugin is open source: github.com/rad-security/claude-code-plugin/tree/main/plugins/agentkeeper

Automate these checks with AgentKeeper

One setup flow connects your agent fleet and starts enforcing policy.