# Security and crypto packages

Security, identity, cryptography, password, signing, and certificate-related packages.

- **Packages:** 857
- **Protected tools:** 0
- **Approval gates:** 3
- **Non-low risk:** 223
- **Updated:** 2026-07-10

## Why this package group is here

Security and crypto packages currently includes 857 package catalog entries. 0 have protected-tool coverage, 3 have approval-gate metadata, and 223 have non-low Geiger classifier findings. The grouping comes from package metadata, so it can stay current as that metadata changes.

## Generated source

This hub uses the same local package data as individual package pages: Nucleus package metadata, Homebrew enrichment, Geiger classifier output, secret-handling manifests, and approval-gate seeds where available.

## Review model

Use the hub to find command families that need tighter secret injection, approval gates, or manual review before agents run them.

## Indexed package pages

- [mkcert](https://www.automicvault.com/pkg/brew/mkcert/) - 4 approval-gate rules are present.
- [ffmpeg](https://www.automicvault.com/pkg/brew/ffmpeg/) - 4 approval-gate rules are present.
- [openssl@3](https://www.automicvault.com/pkg/brew/openssl-3/) - 5 approval-gate rules are present.
- [crytic-compile](https://www.automicvault.com/pkg/brew/crytic-compile/) - generalized runtime or code generation signal
- [dehydrated](https://www.automicvault.com/pkg/brew/dehydrated/) - broad file, network, media, or database tool signal
- [deno](https://www.automicvault.com/pkg/brew/deno/) - doc example: JavaScript runtime
- [mono](https://www.automicvault.com/pkg/brew/mono/) - broad file, network, media, or database tool signal
- [nikto](https://www.automicvault.com/pkg/brew/nikto/) - broad file, network, media, or database tool signal
- [nono](https://www.automicvault.com/pkg/brew/nono/) - generalized runtime or code generation signal
- [ponyc](https://www.automicvault.com/pkg/brew/ponyc/) - broad file, network, media, or database tool signal
- [proxify](https://www.automicvault.com/pkg/brew/proxify/) - broad file, network, media, or database tool signal
- [pwncat](https://www.automicvault.com/pkg/brew/pwncat/) - generalized runtime or code generation signal
- [rush](https://www.automicvault.com/pkg/brew/rush/) - generalized runtime or code generation signal
- [rustcat](https://www.automicvault.com/pkg/brew/rustcat/) - generalized runtime or code generation signal
- [smap](https://www.automicvault.com/pkg/brew/smap/) - generalized runtime or code generation signal
- [vsh](https://www.automicvault.com/pkg/brew/vsh/) - generalized runtime or code generation signal
- [wassette](https://www.automicvault.com/pkg/brew/wassette/) - generalized runtime or code generation signal
- [afflib](https://www.automicvault.com/pkg/brew/afflib/) - narrow executable package without higher-risk signals
- [afl++](https://www.automicvault.com/pkg/brew/aflplusplus/) - narrow executable package without higher-risk signals
- [age-plugin-se](https://www.automicvault.com/pkg/brew/age-plugin-se/) - narrow executable package without higher-risk signals
- [aide](https://www.automicvault.com/pkg/brew/aide/) - narrow executable package without higher-risk signals
- [amass](https://www.automicvault.com/pkg/brew/amass/) - narrow executable package without higher-risk signals
- [anubis](https://www.automicvault.com/pkg/brew/anubis/) - narrow executable package without higher-risk signals
- [apkleaks](https://www.automicvault.com/pkg/brew/apkleaks/) - narrow executable package without higher-risk signals
- [argocd-vault-plugin](https://www.automicvault.com/pkg/brew/argocd-vault-plugin/) - narrow executable package without higher-risk signals
- [argon2](https://www.automicvault.com/pkg/brew/argon2/) - library-like package without higher-risk signals
- [arjun](https://www.automicvault.com/pkg/brew/arjun/) - no executable entrypoint in the package index
- [arpoison](https://www.automicvault.com/pkg/brew/arpoison/) - narrow executable package without higher-risk signals
- [authz0](https://www.automicvault.com/pkg/brew/authz0/) - narrow executable package without higher-risk signals
- [aws-google-auth](https://www.automicvault.com/pkg/brew/aws-google-auth/) - no executable entrypoint in the package index
- [aws-keychain](https://www.automicvault.com/pkg/brew/aws-keychain/) - narrow executable package without higher-risk signals
- [aws-lc](https://www.automicvault.com/pkg/brew/aws-lc/) - no executable entrypoint in the package index
- [aws-rotate-key](https://www.automicvault.com/pkg/brew/aws-rotate-key/) - narrow executable package without higher-risk signals
- [aws-spiffe-workload-helper](https://www.automicvault.com/pkg/brew/aws-spiffe-workload-helper/) - narrow executable package without higher-risk signals
- [azurehound](https://www.automicvault.com/pkg/brew/azurehound/) - narrow executable package without higher-risk signals
- [b3sum](https://www.automicvault.com/pkg/brew/b3sum/) - narrow executable package without higher-risk signals
- [badkeys](https://www.automicvault.com/pkg/brew/badkeys/) - no executable entrypoint in the package index
- [bagel](https://www.automicvault.com/pkg/brew/bagel/) - no executable entrypoint in the package index
- [bandit](https://www.automicvault.com/pkg/brew/bandit/) - narrow executable package without higher-risk signals
- [bbot](https://www.automicvault.com/pkg/brew/bbot/) - no executable entrypoint in the package index
- [betterleaks](https://www.automicvault.com/pkg/brew/betterleaks/) - no executable entrypoint in the package index
- [bfg](https://www.automicvault.com/pkg/brew/bfg/) - narrow executable package without higher-risk signals
- [bitwarden-cli](https://www.automicvault.com/pkg/brew/bitwarden-cli/) - no executable entrypoint in the package index
- [bogofilter](https://www.automicvault.com/pkg/brew/bogofilter/) - narrow executable package without higher-risk signals
- [bom](https://www.automicvault.com/pkg/brew/bom/) - narrow executable package without higher-risk signals
- [bomber](https://www.automicvault.com/pkg/brew/bomber/) - narrow executable package without higher-risk signals
- [botan](https://www.automicvault.com/pkg/brew/botan/) - no executable entrypoint in the package index
- [bubblewrap](https://www.automicvault.com/pkg/brew/bubblewrap/) - narrow executable package without higher-risk signals
- [bulk_extractor](https://www.automicvault.com/pkg/brew/bulk-extractor/) - no executable entrypoint in the package index
- [c2patool](https://www.automicvault.com/pkg/brew/c2patool/) - no executable entrypoint in the package index
- [calicoctl](https://www.automicvault.com/pkg/brew/calicoctl/) - narrow executable package without higher-risk signals
- [caracal](https://www.automicvault.com/pkg/brew/caracal/) - narrow executable package without higher-risk signals
- [cargo-audit](https://www.automicvault.com/pkg/brew/cargo-audit/) - narrow executable package without higher-risk signals
- [cargo-cyclonedx](https://www.automicvault.com/pkg/brew/cargo-cyclonedx/) - narrow executable package without higher-risk signals
- [cargo-deny](https://www.automicvault.com/pkg/brew/cargo-deny/) - no executable entrypoint in the package index
- [cargo-geiger](https://www.automicvault.com/pkg/brew/cargo-geiger/) - narrow executable package without higher-risk signals
- [cariddi](https://www.automicvault.com/pkg/brew/cariddi/) - narrow executable package without higher-risk signals
- [ccheck](https://www.automicvault.com/pkg/brew/ccheck/) - narrow executable package without higher-risk signals
- [cdxgen](https://www.automicvault.com/pkg/brew/cdxgen/) - no executable entrypoint in the package index
- [censys](https://www.automicvault.com/pkg/brew/censys/) - no executable entrypoint in the package index
- [certbot](https://www.automicvault.com/pkg/brew/certbot/) - no executable entrypoint in the package index
- [certgraph](https://www.automicvault.com/pkg/brew/certgraph/) - narrow executable package without higher-risk signals
- [certigo](https://www.automicvault.com/pkg/brew/certigo/) - narrow executable package without higher-risk signals
- [certstrap](https://www.automicvault.com/pkg/brew/certstrap/) - narrow executable package without higher-risk signals
- [certsync](https://www.automicvault.com/pkg/brew/certsync/) - no executable entrypoint in the package index
- [chain-bench](https://www.automicvault.com/pkg/brew/chain-bench/) - narrow executable package without higher-risk signals
- [chainloop-cli](https://www.automicvault.com/pkg/brew/chainloop-cli/) - no executable entrypoint in the package index
- [chainsaw](https://www.automicvault.com/pkg/brew/chainsaw/) - no executable entrypoint in the package index
- [chamber](https://www.automicvault.com/pkg/brew/chamber/) - narrow executable package without higher-risk signals
- [checkdmarc](https://www.automicvault.com/pkg/brew/checkdmarc/) - no executable entrypoint in the package index
- [checkpwn](https://www.automicvault.com/pkg/brew/checkpwn/) - narrow executable package without higher-risk signals
- [chezmoi](https://www.automicvault.com/pkg/brew/chezmoi/) - no executable entrypoint in the package index
