How does it handle detected secrets?

The skill identifies the specific leak (e.g., AWS keys, GitHub tokens) and provides immediate instructions for invalidating the secret and purging it from git history.

What is unsafe code detection?

In Rust projects, it uses cargo-geiger to identify and quantify the use of 'unsafe' blocks, helping developers minimize potential memory safety risks.

Is this skill limited to Rust projects?

While it features deep integration for Rust via cargo tools, its secret detection capabilities (gitleaks) and general auditing workflows are effective for any codebase.

Does it check for license compliance?

Yes, it utilizes cargo-deny to verify that all project dependencies adhere to your allowed license list, preventing legal risks from copyleft licenses.

Can this skill be used for CI/CD workflows?

Yes, it includes specialized 'Quick Audit' patterns specifically designed for fast execution within CI/CD pipelines to catch vulnerabilities early.

Security Audit & Vulnerability Scanner

Name: Security Audit & Vulnerability Scanner
Author: ShunsukeHayashi

byShunsukeHayashi

•

安全与测试

Conducts comprehensive security audits, scans for vulnerabilities, and manages secret detection across codebases.

关于

This skill provides a robust framework for performing deep security analysis, particularly optimized for Rust environments but applicable to general secret management. It automates the detection of vulnerabilities (CVEs) in dependencies, identifies unsafe code usage, and scans for leaked credentials like API keys or private tokens. By integrating tools like cargo-audit, gitleaks, and cargo-deny, it ensures that your project maintains high security standards through every stage of development, especially before production deployment.

主要功能

Strict dependency policy and license compliance enforcement
Automated dependency vulnerability scanning (CVE detection)
Real-time secret and credential leak detection using gitleaks
7 GitHub stars
Comprehensive supply chain security and crate provenance checks
Rust-specific unsafe code analysis and reporting

使用场景

Performing a full security audit before production deployment
Scanning codebases for accidentally committed secrets or API keys
Continuous monitoring of Rust dependencies for security advisories

关于

主要功能

Strict dependency policy and license compliance enforcement
Automated dependency vulnerability scanning (CVE detection)
Real-time secret and credential leak detection using gitleaks
7 GitHub stars
Comprehensive supply chain security and crate provenance checks
Rust-specific unsafe code analysis and reporting

使用场景

Performing a full security audit before production deployment
Scanning codebases for accidentally committed secrets or API keys
Continuous monitoring of Rust dependencies for security advisories