Generated source
This hub uses the same local package data as individual package pages: Nucleus package metadata, Homebrew enrichment, Geiger classifier output, secret-handling manifests, and approval-gate seeds where available.
topical
Security, identity, cryptography, password, signing, and certificate-related packages.
summary
Security and crypto packages currently includes 857 package catalog entries. 0 have protected-tool coverage, 3 have approval-gate metadata, and 223 have non-low Geiger classifier findings. The grouping comes from package metadata, so it can stay current as that metadata changes.
This hub uses the same local package data as individual package pages: Nucleus package metadata, Homebrew enrichment, Geiger classifier output, secret-handling manifests, and approval-gate seeds where available.
Use the hub to find command families that need tighter secret injection, approval gates, or manual review before agents run them.
packages
| Package | Manager | Signals | Why it appears here |
|---|---|---|---|
| mkcert | Homebrew | approval gate, green risk, v1.4.4 | 4 approval-gate rules are present. |
| ffmpeg | Homebrew | approval gate, blue risk, v8.1.2 | 4 approval-gate rules are present. |
| openssl@3 | Homebrew | approval gate, v3.6.3 | 5 approval-gate rules are present. |
| crytic-compile | Homebrew | yellow risk, v0.4.1 | generalized runtime or code generation signal |
| dehydrated | Homebrew | yellow risk, v0.7.2 | broad file, network, media, or database tool signal |
| deno | Homebrew | yellow risk, v2.9.2 | doc example: JavaScript runtime |
| mono | Homebrew | yellow risk, v6.14.1 | broad file, network, media, or database tool signal |
| nikto | Homebrew | yellow risk, v2.6.0 | broad file, network, media, or database tool signal |
| nono | Homebrew | yellow risk, v0.67.1 | generalized runtime or code generation signal |
| ponyc | Homebrew | yellow risk, v0.66.0 | broad file, network, media, or database tool signal |
| proxify | Homebrew | yellow risk, v0.0.16 | broad file, network, media, or database tool signal |
| pwncat | Homebrew | yellow risk, v0.1.2 | generalized runtime or code generation signal |
| rush | Homebrew | yellow risk, v2.4 | generalized runtime or code generation signal |
| rustcat | Homebrew | yellow risk, v3.0.0 | generalized runtime or code generation signal |
| smap | Homebrew | yellow risk, v0.1.12 | generalized runtime or code generation signal |
| vsh | Homebrew | yellow risk, v1.0.0 | generalized runtime or code generation signal |
| wassette | Homebrew | yellow risk, v0.4.0 | generalized runtime or code generation signal |
| afflib | Homebrew | green risk, v3.7.22 | narrow executable package without higher-risk signals |
| afl++ | Homebrew | green risk, v5.02c | narrow executable package without higher-risk signals |
| age-plugin-se | Homebrew | green risk, v0.1.4 | narrow executable package without higher-risk signals |
| aide | Homebrew | green risk, v0.19.3 | narrow executable package without higher-risk signals |
| amass | Homebrew | green risk, v5.1.1 | narrow executable package without higher-risk signals |
| anubis | Homebrew | green risk, v1.25.0 | narrow executable package without higher-risk signals |
| apkleaks | Homebrew | green risk, v2.6.3 | narrow executable package without higher-risk signals |
| argocd-vault-plugin | Homebrew | green risk, v1.18.1 | narrow executable package without higher-risk signals |
| argon2 | Homebrew | green risk, v20190702 | library-like package without higher-risk signals |
| arjun | Homebrew | v2.2.7 | no executable entrypoint in the package index |
| arpoison | Homebrew | green risk, v0.7 | narrow executable package without higher-risk signals |
| authz0 | Homebrew | green risk, v1.1.2 | narrow executable package without higher-risk signals |
| aws-google-auth | Homebrew | v0.0.38 | no executable entrypoint in the package index |
| aws-keychain | Homebrew | green risk, v3.0.0 | narrow executable package without higher-risk signals |
| aws-lc | Homebrew | v5.1.0 | no executable entrypoint in the package index |
| aws-rotate-key | Homebrew | green risk, v1.2.0 | narrow executable package without higher-risk signals |
| aws-spiffe-workload-helper | Homebrew | green risk, v0.0.5 | narrow executable package without higher-risk signals |
| azurehound | Homebrew | green risk, v2.12.2 | narrow executable package without higher-risk signals |
| b3sum | Homebrew | green risk, v1.8.5 | narrow executable package without higher-risk signals |
| badkeys | Homebrew | v0.0.19 | no executable entrypoint in the package index |
| bagel | Homebrew | v0.7.1 | no executable entrypoint in the package index |
| bandit | Homebrew | green risk, v1.9.4 | narrow executable package without higher-risk signals |
| bbot | Homebrew | v2.8.4 | no executable entrypoint in the package index |
| betterleaks | Homebrew | v1.6.1 | no executable entrypoint in the package index |
| bfg | Homebrew | green risk, v1.15.0 | narrow executable package without higher-risk signals |
| bitwarden-cli | Homebrew | v2026.6.0 | no executable entrypoint in the package index |
| bogofilter | Homebrew | green risk, v1.2.5 | narrow executable package without higher-risk signals |
| bom | Homebrew | green risk, v0.7.1 | narrow executable package without higher-risk signals |
| bomber | Homebrew | green risk, v0.5.1 | narrow executable package without higher-risk signals |
| botan | Homebrew | v3.12.0 | no executable entrypoint in the package index |
| bubblewrap | Homebrew | green risk, v0.11.2 | narrow executable package without higher-risk signals |
| bulk_extractor | Homebrew | v2.1.1 | no executable entrypoint in the package index |
| c2patool | Homebrew | v0.26.70 | no executable entrypoint in the package index |
| calicoctl | Homebrew | green risk, v3.32.1 | narrow executable package without higher-risk signals |
| caracal | Homebrew | green risk, v0.2.3 | narrow executable package without higher-risk signals |
| cargo-audit | Homebrew | green risk, v0.22.2 | narrow executable package without higher-risk signals |
| cargo-cyclonedx | Homebrew | green risk, v0.5.9 | narrow executable package without higher-risk signals |
| cargo-deny | Homebrew | v0.20.2 | no executable entrypoint in the package index |
| cargo-geiger | Homebrew | green risk, v0.13.0 | narrow executable package without higher-risk signals |
| cariddi | Homebrew | green risk, v1.4.6 | narrow executable package without higher-risk signals |
| ccheck | Homebrew | green risk, v1.0.1 | narrow executable package without higher-risk signals |
| cdxgen | Homebrew | v12.7.1 | no executable entrypoint in the package index |
| censys | Homebrew | v2.2.19 | no executable entrypoint in the package index |
| certbot | Homebrew | v5.6.0 | no executable entrypoint in the package index |
| certgraph | Homebrew | green risk, v0.1.2 | narrow executable package without higher-risk signals |
| certigo | Homebrew | green risk, v1.18.0 | narrow executable package without higher-risk signals |
| certstrap | Homebrew | green risk, v1.3.0 | narrow executable package without higher-risk signals |
| certsync | Homebrew | v0.1.6 | no executable entrypoint in the package index |
| chain-bench | Homebrew | green risk, v0.1.10 | narrow executable package without higher-risk signals |
| chainloop-cli | Homebrew | v1.103.1 | no executable entrypoint in the package index |
| chainsaw | Homebrew | v2.16.2 | no executable entrypoint in the package index |
| chamber | Homebrew | green risk, v3.1.5 | narrow executable package without higher-risk signals |
| checkdmarc | Homebrew | v5.17.3 | no executable entrypoint in the package index |
| checkpwn | Homebrew | green risk, v0.6.0 | narrow executable package without higher-risk signals |
| chezmoi | Homebrew | v2.71.0 | no executable entrypoint in the package index |