CodexClaude CodeCursorOpenClaw
Back to Tools
cli · tool profile
Tirith
Terminal security for developers and AI agents. Intercepts homograph URLs, pipe-to-shell, ANSI injection, obfuscated payloads, data exfiltration, and malicious AI skills/configs before they execute.
cli CodexClaude CodeCursorOpenClaw
01
At a glance.
A compact read before the deeper capability notes and official setup links.
02
Core features.
Feature cards focus on what the tool helps users do, not generated setup commands.
Your browser would catch this.
Website Docs SKILL.md Changelog
Browsers solved this years ago.
Malicious skill file — caught on scan:
Post-compromise behavior Process memory scraping (/proc//mem), Docker remote privilege escalation, credential file sweeps — calibrated against TeamPCP and UNC1069 post-compromise tooling
Cloaking detection Server-side cloaking (bot vs browser), clipboard hidden content, PDF hidden text
Team PCP / UNC1069 tooling ongoing Post-compromise credential sweeps, /proc//mem scraping, Docker privilege escalation
Package-name extraction currently covers language ecosystems (pip, npm/yarn/pnpm/bun, cargo, gem, go, composer, dotnet, mvn/gradle), not distro-level package managers (apt / dnf / yum / pacman).
04
Agent / Skill / MCP / Workflow fit.
This panel keeps technical format separate from the user-facing AI category.
05
Official setup path.
Generated install snippets are intentionally not mirrored here because they drift. The page links to source-owned setup docs instead.
06
Evidence and adoption notes.
These notes help a user decide whether to investigate the official project further.
Source repository last pushed at 2026-05-19T08:04:09Z.
Generated from source metadata; confirm operational details in the official project before adopting it.
Review the upstream license, maintenance activity, and issue history before using it in production.
Trusted source