Can I target the scan to only look at my recent changes?

Yes, you can set the 'scope' parameter to 'changed', which will limit the security analysis to files modified in your current working branch or session.

How are the security findings reported?

Findings are returned in a structured JSON format including severity levels (Critical to Low), the exact file location, a code snippet, and a specific remediation suggestion.

Is this skill computationally expensive or high on token usage?

No, it is designed for token efficiency. It primarily uses pattern-based static analysis and local shell commands rather than LLM inference to perform the actual scanning.

Does it support dependency scanning for all languages?

It currently includes built-in support for npm (JavaScript/TypeScript) and pip (Python) dependency auditing using standard security tools like npm audit and pip-audit.

What types of vulnerabilities can this skill detect?

The skill detects a wide range of issues including SQL injection, Cross-Site Scripting (XSS), Command Injection, Path Traversal, hardcoded credentials, and insecure third-party dependencies.

Security Vulnerability Scanner

Name: Security Vulnerability Scanner
Author: astro44

byastro44

•

セキュリティとテスト

Scans codebases for OWASP Top 10 vulnerabilities, hardcoded secrets, and insecure dependencies using static analysis.

The Security Vulnerability Scanner is a specialized capability designed to automate security audits within your development workflow. It identifies critical risks including SQL injection, cross-site scripting (XSS), hardcoded API keys, and vulnerable third-party packages by employing pattern-based static analysis. The skill categorizes findings by severity, maps them to CWE identifiers, and provides specific remediation instructions, making it an essential tool for maintaining high security standards during the coding process.

主な機能

01Dependency auditing for known vulnerabilities in npm and pip packages

02Automated secrets scanning for API keys, AWS credentials, and private tokens

03Severity classification with actionable remediation advice for each finding

04Flexible scanning scopes including project-wide, changed files, or ticket-specific

05Comprehensive detection of OWASP Top 10 vulnerabilities like SQLi and XSS

062 GitHub stars

ユースケース

01Automating dependency health checks to ensure third-party libraries are up to date and secure

02Conducting deep-dive audits on legacy codebases to identify hardcoded secrets and technical debt

03Running pre-merge security checks on changed files to prevent introducing new vulnerabilities

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add astro44/autonom8-agents security-scan

For use in Claude.ai and ChatGPT

主な機能

01Dependency auditing for known vulnerabilities in npm and pip packages

02Automated secrets scanning for API keys, AWS credentials, and private tokens

03Severity classification with actionable remediation advice for each finding

04Flexible scanning scopes including project-wide, changed files, or ticket-specific

05Comprehensive detection of OWASP Top 10 vulnerabilities like SQLi and XSS

062 GitHub stars

ユースケース

01Automating dependency health checks to ensure third-party libraries are up to date and secure

02Conducting deep-dive audits on legacy codebases to identify hardcoded secrets and technical debt

03Running pre-merge security checks on changed files to prevent introducing new vulnerabilities