Medusa
AI-first security scanner with 76 analyzers, 9,600+ detection rules, and repo poisoning detection for AI/ML, LLM agents, and MCP servers. Scan any GitHub repo with: medusa scan --git user/repo
Install / Use
/learn @Pantheon-Security/MedusaQuality Score
Category
Development & EngineeringSupported Platforms
README
🐍 MEDUSA - AI Security Scanner
AI-first security scanner with 9,600+ detection patterns for AI/ML, agents, and LLM applications.
🤖 Works out of the box - no tool installation required.
🚨 133 CVEs: Log4Shell, Spring4Shell, XZ Utils, LangChain RCE, MCP-Remote RCE, React2Shell
🔥 NEW: medusa scan --git <URL> — Scan any repo for AI supply chain attacks (repo poisoning, prompt injection, MCP tool poisoning)
✨ v2026.5.0: Repo poisoning detection, 45 new attack rules, FP filter precision fix
🎯 What is MEDUSA?
MEDUSA is an AI-first security scanner with 9,600+ detection patterns that works out of the box. Simply install and scan - no external tool installation required. MEDUSA's built-in rules detect vulnerabilities in AI/ML applications, LLM agents, MCP servers, RAG pipelines, and traditional code.
✨ Key Features
- 🔥
medusa scan --git <URL>- Scan any GitHub repo for AI supply chain attacks in seconds - 🤖 9,600+ AI Security Patterns - Industry-leading coverage for AI/ML, agents, and LLM applications
- 🛡️ Repo Poisoning Detection - Detects weaponized AI editor configs across 28+ file types (Cursor, Cline, Copilot, Claude Code, Gemini, Kiro, and more)
- 🚀 Zero Setup Required - Works immediately after
pip install- no tool installation needed - 🚨 133 CVE Detections - Log4Shell, Spring4Shell, XZ Utils backdoor, LangChain RCE, MCP remote code execution, React2Shell, and more
- ⚡ Parallel Processing - Multi-core scanning (10-40x faster than sequential)
- 🎨 Beautiful CLI - Rich terminal output with progress bars
- 🧠 IDE Integration - Claude Code, Cursor, VS Code, Gemini CLI support
- 🔄 Smart Caching - Skip unchanged files for lightning-fast rescans
- ⚙️ Configurable -
.medusa.ymlfor project-specific settings - 🌍 Cross-Platform - Native Windows, macOS, and Linux support
- 📊 Multiple Reports - JSON, HTML, Markdown, SARIF exports for any workflow
- 🔧 Optional Linter Support - Auto-detects external linters if installed for enhanced coverage
🆕 What's New in v2026.5.0
Repo Poisoning Detection + Git Scanning — Scan any repo for AI supply chain attacks with a single command.
medusa scan --git user/repo
| | What's New | Details |
|---|---|---|
| 🔥 | Git Repo Scanning | medusa scan --git <URL> — clone and scan any GitHub repo for AI supply chain attacks in seconds |
| 🛡️ | Repo Poisoning Detection | 45 new rules for Clinejection, CurXecute (CVE-2025-54135), IDEsaster (CVE-2025-64660), CamoLeak, ToxicSkills, AIShellJack |
| 🎯 | 28+ AI Editor File Types | Detects malicious configs for Cursor, Cline, Copilot, Claude Code, Gemini CLI, Kiro, Codex CLI, Windsurf, Amazon Q, Roo Code |
| 🔍 | MCP Advanced Attacks | 11 new rules — schema poisoning, ATPA, sampling injection, cross-server manipulation, rug-pull, Flowise RCE |
| 🐛 | FP Filter Fix | Path-relative filtering prevents repo names from triggering false positive heuristics |
| 🤖 | 9,600+ AI Patterns | Up from 7,300 — built-in rules for AI/ML, agents, MCP, RAG, prompt injection |
| 🚨 | 37+ CVEs Mapped | CurXecute, IDEsaster, Codex CLI RCE, Kiro RCE, Copilot YOLO mode, and more |
External Linters (optional): MEDUSA auto-detects bandit, eslint, shellcheck, etc. if installed. See Optional Tools Guide.
🚀 Quick Start
Installation
# Install MEDUSA (works on Windows, macOS, Linux)
pip install medusa-security
# Run your first scan - that's it!
medusa scan .
Virtual Environment (Recommended):
# Create and activate virtual environment
python3 -m venv medusa-env
source medusa-env/bin/activate # On Windows: medusa-env\Scripts\activate
# Install and scan
pip install medusa-security
medusa scan .
Platform Notes:
- Windows: Use
py -m medusaifmedusacommand is not found - macOS/Linux: Should work out of the box
Scan Any GitHub Repo
# Scan a remote repo for AI supply chain attacks
medusa scan --git https://github.com/org/repo
# Shorthand - just user/repo
medusa scan --git org/repo
# Scan a specific branch
medusa scan --git https://github.com/org/repo/tree/main
MEDUSA automatically detects 28+ AI editor config files that are known attack vectors:
| Risk Level | Files Detected |
|------------|----------------|
| Critical (RCE) | .cursorrules, .cursor/mcp.json, .clinerules/, .windsurfrules, .codex/config.toml, .kiro/settings/mcp.json, .vscode/settings.json, mcp.json |
| High | CLAUDE.md, GEMINI.md, AGENTS.md, AGENT.md, SKILL.md, .github/copilot-instructions.md, CONVENTIONS.md, .amazonq/rules/, .roo/rules/, .augment/rules/ |
Known attacks detected: Clinejection, CurXecute (CVE-2025-54135), IDEsaster (CVE-2025-64660), ToxicSkills, CamoLeak, RoguePilot, AIShellJack, Cacheract
Optional: AI Model Scanning
# Install modelscan for ML model vulnerability detection
medusa install --ai-tools
Optional: External Linters
MEDUSA auto-detects external linters if installed (bandit, eslint, shellcheck, etc.) and uses them automatically to enhance scan coverage.
See Installation Guide → for platform-specific instructions.
Note: External linters are optional. MEDUSA's 9,600+ built-in rules work without them. For installation support, please refer to each tool vendor's documentation.
Demo
<div align="center">
📊 Report Formats
MEDUSA generates beautiful reports in multiple formats:
JSON - Machine-readable for CI/CD integration
medusa scan . --format json
HTML - Stunning glassmorphism UI with interactive charts
medusa scan . --format html
Markdown - Documentation-friendly for GitHub/wikis
medusa scan . --format markdown
All Formats - Generate everything at once
medusa scan . --format all
📚 Language Support
MEDUSA supports 41 different scanner types covering all major programming languages and file formats:
Backend Languages (9)
| Language | Scanner | Extensions |
|----------|---------|------------|
| Python | Bandit | .py |
| JavaScript/TypeScript | ESLint | .js, .jsx, .ts, .tsx |
| Go | golangci-lint | .go |
| Ruby | RuboCop | .rb, .rake, .gemspec |
| PHP | PHPStan | .php |
| Rust | Clippy | .rs |
| Java | Checkstyle | .java |
| C/C++ | cppcheck | .c, .cpp, .cc, .cxx, .h, .hpp |
| C# | Roslynator | .cs |
JVM Languages (3)
| Language | Scanner | Extensions |
|----------|---------|------------|
| Kotlin | ktlint | .kt, .kts |
| Scala | Scalastyle | .scala |
| Groovy | CodeNarc | .groovy, .gradle |
Functional Languages (5)
| Language | Scanner | Extensions |
|----------|---------|------------|
| Haskell | HLint | .hs, .lhs |
| Elixir | Credo | .ex, .exs |
| Erlang | Elvis | .erl, .hrl |
| F# | FSharpLint | .fs, .fsx |
| Clojure | clj-kondo | .clj, .cljs, .cljc |
Mobile Development (2)
| Language | Scanner | Extensions |
|----------|---------|------------|
| Swift | SwiftLint | .swift |
| Objective-C | OCLint | .m, .mm |
Frontend & Styling (3)
| Language | Scanner | Extensions |
|----------|---------|------------|
| CSS/SCSS/Sass/Less | Stylelint | .css, .scss, .sass, .less |
| HTML | HTMLHint | .html, .htm |
| Vue.js | ESLint | .vue |
Infrastructure as Code (4)
| Language | Scanner | Extensions |
|----------|---------|------------|
| Terraform | tflint | .tf, .tfvars |
| Ansible | ansible-lint | .yml (playbooks) |
| Kubernetes | kubeval | .yml, .yaml (manifests) |
| CloudFormation | cfn-lint | .yml, .yaml, .json (templates) |
Configuration Files (4)
| Language | Scanner | Extensions |
|----------|---------|------------|
| JSON | built-in | .json |
| TOML | taplo | .toml |
| XML | xmllint | .xml |
| Protobuf | buf lint | .proto |
Shell & Scripts (4)
| Language | Scanner | Extensions |
|----------|---------|------------|
| Bash/Shell | ShellCheck | .sh, .bash |
| PowerShell | PSScriptAnalyzer | .ps1, .psm1 |
| Lua | luacheck | .lua |
| Perl | perlcritic | .pl, .pm |
Documentation (2)
| Language | Scanner | Extensions |
|----------|---------|------------|
| Markdown | markdownlint | .md |
| reStructuredText | rst-lint | .rst |
Other Languages (5)
| Language | Scanner | Extensions |
|----------|---------|------------|
| SQL | SQLFluff | .sql |
| R | lintr | .r, .R |
| Dart | dart analyze | .dart |
| Solidity | solhint | .sol |
| Docker | hadolint | Dockerfile* |
Total: 41 scanner types covering 100+ file extensions
🚨 React2Shell CVE Detection (NEW in v2025.8)
MEDUSA now detects CVE-2025-55182 "React2Shell" - a CVSS 10.0 RCE vulnerability affecting React Server Components and Next.js.
# Check if y
