Which programming languages and frameworks are supported?

While it provides general security logic, it includes specialized commands and checks for Go (backend), Next.js (web), and Firebase (database/auth).

Can it detect leaked secrets?

Yes, it proactively checks for API keys, passwords, and other sensitive strings within your source code and ensures PII is not leaked into application logs.

Does it check for web-specific vulnerabilities like XSS or SQL injection?

Yes, the skill includes checks for injection attacks, cross-site scripting (XSS), and improper output encoding as part of its OWASP Top 10 assessment.

How are the security results formatted?

Results are delivered in a structured markdown report, categorizing issues by Critical, High, and Medium risk, followed by actionable security recommendations.

When does the Security Scan skill activate?

The skill triggers automatically whenever you modify security-sensitive code, such as authentication logic, new API endpoints, database queries, or file upload handlers.

Security Scan

Name: Security Scan
Author: muyen

bymuyen

•

Security & Testing

Performs proactive security audits and enforces best practices for authentication, data protection, and API integrity.

About

The Security Scan skill provides automated, real-time vulnerability assessment for full-stack applications, ensuring that code changes adhere to modern security standards. It automatically triggers when developers modify sensitive components such as authentication middleware, API endpoints, or database queries, cross-referencing implementations against the OWASP Top 10. By integrating platform-specific checks for Go and Next.js alongside Firebase security rule validation, it helps prevent common risks like injection, broken access control, and secret leakage before they reach production.

Key Features

Automated OWASP Top 10 vulnerability auditing
Real-time monitoring of authentication and authorization logic
22 GitHub stars
Firebase and Firestore security rule validation and testing
Sensitive data leakage detection for logs and source code
Specialized security scanning for Go backends and Next.js frontends

Use Cases

Ensuring PII and sensitive user data are handled according to data protection standards
Auditing new API endpoints for proper rate limiting and CORS configuration
Validating input handling and file upload logic to prevent path traversal and injection

About

Key Features

Automated OWASP Top 10 vulnerability auditing
Real-time monitoring of authentication and authorization logic
22 GitHub stars
Firebase and Firestore security rule validation and testing
Sensitive data leakage detection for logs and source code
Specialized security scanning for Go backends and Next.js frontends

Use Cases

Ensuring PII and sensitive user data are handled according to data protection standards
Auditing new API endpoints for proper rate limiting and CORS configuration
Validating input handling and file upload logic to prevent path traversal and injection