Niro — pentesting that keeps up with your PRs
git clone https://github.com/apxlabs-ai/niroMCP Servers overview
# Niro > Push a PR. Niro hacks it. Your agent patches it. A PR adds a saved-search feature to your app. Niro reports 4 cross-tenant data leaks in under 6 minutes for $2.84 in model spend. Your coding agent writes a regression test for each, patches the code, and re-runs Niro to verify the fix. The PR goes green. That's the loop. ## What a run looks like 1. Push a PR. Your coding agent calls Niro. 2. Niro pentests your running app — scoped to what the PR changed — and returns each finding with the exact HTTP request that proved it. 3. Your agent writes a failing regression test, patches the code, and asks Niro to re-verify. 4. Niro posts a green check on the PR. Merge. ## Why Niro? Your AI agent ships code in minutes. Security testing takes days — if it happens at all. Niro closes that gap. Your agent calls it, gets reproducible exploits back, patches the code, and re-runs Niro to verify — all in the same loop, before CI finishes. No Jira ticket. No triage queue. You review a clean PR. ## Commitments - Findings in under 8 minutes (P80) - Under $3 in model spend per run (P80) Both are commitments, not averages — they're the floor the product is engineered around. ## Before you install Niro orchestrates tools you already use — it doesn't bundle them. You'll need: - **Container runtime:** Docker or Podman - **Git**, plus the CLI for your code host: `gh` (GitHub) or `az` (Azure DevOps) - **Coding agent:** Claude Code (`claude`) or GitHub Copilot (`copilot`) installed locally Codex (`codex`) support is coming soon. Need GitLab, Cursor, or something else? [Open an issue](https://github.com/apxlabs-ai/niro/issues) — we prioritize by demand. Runs on macOS, Linux, and Windows. ## Install **macOS, Linux:** ```bash curl -fsSL https://raw.githubusercontent.com/apxlabs-ai/niro/main/install.sh | sh ``` **Windows (PowerShell):** ```powershell irm https://raw.githubusercontent.com/apxlabs-ai/niro/main/install.ps1 | iex ``` ## Quickstart From the root of your repo: ```bash niro init ``` This scaffolds a `niro/` directory and wires Niro into your coding agent as an MCP server. Your agent decides when to call it from there — typically right before a push. ## What you control - **Pentest engine** runs in a local sandbox with default-deny egress. The only reachable endpoints are the targets you list in `niro/scope.yaml`. - **Niro plugs into the coding agent you already use** — Claude Code or GitHub Copilot — and lets it do the reasoning. Your agent calls its LLM provider directly using the credentials already in your shell. Niro doesn't have an API key and doesn't see yours. The bill arrives on your provider account. - **No telemetry.** Niro doesn't phone home — no metrics, no analytics, no logs sent to our servers. Your code, findings, and runs stay on your machine. ## License Apache License 2.0 ([LICENSE](LICENSE), [NOTICE](NOTICE)). Install, run, redistribute, and build on niro freely. ## Issues <https://github.com/apxlabs-ai/niro/issues>
What people ask about niro
What is apxlabs-ai/niro?
+
apxlabs-ai/niro is mcp servers for the Claude AI ecosystem. Niro — pentesting that keeps up with your PRs It has 2 GitHub stars and was last updated today.
How do I install niro?
+
You can install niro by cloning the repository (https://github.com/apxlabs-ai/niro) or following the README instructions on GitHub. ClaudeWave also provides quick install blocks on this page.
Is apxlabs-ai/niro safe to use?
+
apxlabs-ai/niro has not been audited yet by our security agent. Review the original repository on GitHub before using it in production.
Who maintains apxlabs-ai/niro?
+
apxlabs-ai/niro is maintained by apxlabs-ai. The last recorded GitHub activity is from today, with 0 open issues.
Are there alternatives to niro?
+
Yes. On ClaudeWave you can browse similar mcp servers at /categories/mcp, sorted by popularity or recent activity.
Deploy niro to your cloud
Ship this repo to production in minutes. Each platform spins up its own environment with editable env vars.
Maintain this repo? Add a badge to your README
Drop the badge into your GitHub README to show it's tracked on ClaudeWave. Each badge links back to this page and reflects the live Trust Score.
[](https://claudewave.com/repo/apxlabs-ai-niro)<a href="https://claudewave.com/repo/apxlabs-ai-niro"><img src="https://claudewave.com/api/badge/apxlabs-ai-niro" alt="Featured on ClaudeWave: apxlabs-ai/niro" width="320" height="64" /></a>More MCP Servers
Fair-code workflow automation platform with native AI capabilities. Combine visual building with custom code, self-host or cloud, 400+ integrations.
User-friendly AI Interface (Supports Ollama, OpenAI API, ...)
An open-source AI agent that brings the power of Gemini directly into your terminal.
The fastest path to AI-powered full stack observability, even for lean teams.
🕷️ An adaptive Web Scraping framework that handles everything from a single request to a full-scale crawl!
⭐AI-driven public opinion & trend monitor with multi-platform aggregation, RSS, and smart alerts.🎯 告别信息过载,你的 AI 舆情监控助手与热点筛选工具!聚合多平台热点 + RSS 订阅,支持关键词精准筛选。AI 智能筛选新闻 + AI 翻译 + AI 分析简报直推手机,也支持接入 MCP 架构,赋能 AI 自然语言对话分析、情感洞察与趋势预测等。支持 Docker ,数据本地/云端自持。集成微信/飞书/钉钉/Telegram/邮件/ntfy/bark/slack 等渠道智能推送。