How are the security scan results presented?

Findings are displayed with a clear severity level (Clean, Low, Medium, High, or Critical), line numbers, code snippets, and specific remediation steps.

What should I do if a file is marked as CRITICAL or HIGH risk?

The skill will provide an explanation of the specific threat and recommend that you immediately quarantine the file to prevent it from being executed or deployed.

What types of threats does the scan-file skill detect?

It identifies dangerous code patterns like eval/exec, unauthorized network requests, hardcoded credentials, obfuscated code, and suspicious library imports.

Is this skill useful for AI-generated code?

Yes, it is highly recommended for auditing code produced by AI agents to ensure that no prompt injections or malicious security flaws were introduced during generation.

Can it find leaked API keys?

Yes, the scanner specifically looks for credential exposure, including hardcoded API keys, tokens, and other sensitive secrets that could lead to a security breach.

Sigil Security File Scanner

Name: Sigil Security File Scanner
Author: NOMARJ

byNOMARJ

•

Seguridad y Pruebas

Analyzes specific files for security vulnerabilities, malicious patterns, and credential exposure to ensure safe code execution and integration.

The scan-file skill integrates the Sigil security auditing tool directly into Claude Code, allowing for deep static analysis of individual files or code selections. It is designed to identify critical risks such as hardcoded credentials, dangerous system calls like eval or subprocess, and suspicious network activity. By providing a structured severity rating from Clean to Critical along with specific remediation advice, it helps developers and AI agents maintain a 'quarantine-first' workflow, ensuring that untrusted or newly generated code is safe before it enters the main codebase.

Características Principales

01Identification of suspicious network access, webhooks, and socket connections

02Detection of hardcoded API keys, tokens, and sensitive credentials

03Risk assessment with severity levels ranging from Clean to Critical

04Actionable remediation recommendations including quarantine advice for high-risk files

05Comprehensive vulnerability scanning for malicious patterns and dangerous imports

061 GitHub stars

Casos de Uso

01Scanning legacy codebases for hidden secrets or insecure practices like code obfuscation

02Verifying the safety of code generated by AI agents to prevent malicious logic or vulnerabilities

03Auditing third-party libraries or scripts before integration into a project

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add nomarj/sigil scan-file

For use in Claude.ai and ChatGPT

Download Skill