Can it automatically fix vulnerabilities?

Yes, it supports several fix modes including safe audit fixes (no breaking changes), forced breaking changes, and the ability to apply fixes via a new Pull Request.

Can I preview changes before they are made?

The skill includes a dry-run flag that allows you to preview which vulnerabilities were found and what issues would be created without actually modifying your repository.

How does it avoid duplicate GitHub issues?

The skill checks existing open issues for matching CVE IDs, GHSA IDs, or specific package and severity combinations before creating a new entry.

Does it support custom severity thresholds?

Yes, users can configure the scan to report only critical vulnerabilities, high and critical (recommended), or all findings including low and moderate issues.

What tools does this skill rely on?

It primarily utilizes the npm CLI for auditing vulnerabilities and the GitHub CLI (gh) for searching and creating repository issues.

Security Scan & Issue Tracker

Name: Security Scan & Issue Tracker
Author: jrc1883

byjrc1883

セキュリティとテスト

Performs automated security vulnerability audits and synchronizes findings with GitHub issues for streamlined remediation.

概要

The pop-security-scan skill empowers developers to maintain secure codebases by automating dependency audits and vulnerability tracking. It integrates directly with npm audit to detect vulnerabilities across varying severity levels and cross-references findings with existing GitHub issues to prevent duplicates. With support for multiple remediation paths—including safe fixes, forced updates, and automated PR generation—this skill helps teams proactively manage security debt. It is designed for both on-demand usage and integration into routine maintenance workflows, providing clear reporting and health scoring to keep projects secure.

主な機能

Intelligent GitHub issue synchronization with duplicate detection via CVE/GHSA IDs
0 GitHub stars
Multi-mode remediation including safe fixes, forced updates, and PR creation
Automated npm audit integration for real-time vulnerability detection
Severity-based filtering and custom priority labeling for issue tracking
Comprehensive security reporting in Markdown and JSON formats

ユースケース

Validating project security posture and dependency health before production deployments
Running automated nightly security audits as part of a routine maintenance workflow
Automating the creation of tracked work items for newly discovered CVEs in existing projects

概要

主な機能

Intelligent GitHub issue synchronization with duplicate detection via CVE/GHSA IDs
0 GitHub stars
Multi-mode remediation including safe fixes, forced updates, and PR creation
Automated npm audit integration for real-time vulnerability detection
Severity-based filtering and custom priority labeling for issue tracking
Comprehensive security reporting in Markdown and JSON formats

ユースケース

Validating project security posture and dependency health before production deployments
Running automated nightly security audits as part of a routine maintenance workflow
Automating the creation of tracked work items for newly discovered CVEs in existing projects