Does it support mobile and frontend applications?

Yes, it is designed to audit various project types including backend services, frontend web applications, mobile projects, and standalone libraries.

How do I control the intensity of the security scan?

You can specify a depth argument: 'quick' for a fast overview, 'balanced' for a standard check, or 'full' for an exhaustive audit that uses more tokens.

How does the verification step work?

After analyzing potential issues, the skill runs a verification script to review each finding, helping to distinguish between genuine security threats and false positives.

What types of vulnerabilities can this skill detect?

Ghost Security SAST identifies common security flaws including SQL injection, Cross-Site Scripting (XSS), Broken Object Level Authorization (BOLA), SSRF, prototype pollution, and unsafe deserialization.

Where can I find the results of the security scan?

Scan results, including planned vectors and verified findings, are stored in a local directory ($HOME/.ghost/repos/) and summarized for you at the end of the process.

Ghost Security SAST

Name: Ghost Security SAST
Author: ghostsecurity

byghostsecurity

•

357

•

安全与测试

Performs automated Static Application Security Testing (SAST) to identify vulnerabilities in source code and libraries.

Ghost Security SAST is a specialized security auditing skill that automates the process of identifying critical vulnerabilities within a codebase. It systematically plans and executes targeted scans for a wide range of issues, including SQL injection, Cross-Site Scripting (XSS), BOLA, SSRF, and prototype pollution. Designed to support backends, frontends, mobile applications, and libraries, the skill provides a multi-step workflow—from planning and file nomination to analysis and verification—ensuring high-fidelity security insights while allowing users to control token usage through configurable scan depths.

主要功能

01Comprehensive scanning for OWASP vulnerabilities like SQLi, XSS, and SSRF

02357 GitHub stars

03Configurable scan depths (quick, balanced, full) for optimized performance

04Cross-platform compatibility for backend, web, and mobile repositories

05Support for specialized library flaws including ReDoS and unsafe deserialization

06Automated verification process to minimize false positives in findings

使用场景

01Automating vulnerability detection during the development phase to improve AppSec

02Conducting a security audit on a codebase before a major release

03Identifying vulnerabilities in third-party libraries or legacy code

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add ghostsecurity/skills scan-code

For use in Claude.ai and ChatGPT

Download Skill