Is this a replacement for tools like Snyk or SonarQube?

No, it is a complementary tool designed to find logic flaws and cross-file issues that traditional static analysis tools often miss by leveraging advanced AI reasoning.

When is the best time to run a security scan?

You should run it before production deployments, after significant architectural changes, or during scheduled quarterly security reviews.

How does the large context window benefit security scanning?

It allows the AI to see the entire application structure simultaneously, tracing data from an API entry point through multiple modules to a database sink.

Does it scan for hardcoded secrets?

Yes, it includes specialized checks for hardcoded API keys, passwords, and unencrypted credentials within your source code and configuration files.

What programming languages are supported?

It supports a wide range of popular languages including TypeScript, JavaScript, Python, Go, Rust, and Ruby.

Security Scan

Name: Security Scan
Author: phrazzld

byphrazzld

•

安全与测试

Performs deep, whole-codebase security audits using extensive context windows to detect vulnerabilities, logic flaws, and cross-module data flow issues.

Security Scan is a high-effort diagnostic tool designed to leverage large context windows for comprehensive, end-to-end codebase analysis. Unlike traditional file-by-file scanners, it maps entire attack surfaces—including authentication middleware, API routes, and data access layers—to identify complex logic flaws and cross-module vulnerabilities. By tracing user input from entry points to dangerous sinks across multiple files, it provides a sophisticated layer of defense that catches business logic errors and trust boundary violations that standard SAST tools often overlook.

主要功能

01Prioritized security reporting with exploit paths and remediation guidance.

02Deep tracing of cross-module data flows and complex trust boundary violations.

03Automated OWASP Top 10 auditing including injection and broken access control.

04Integrated secrets scanning and third-party dependency vulnerability detection.

055 GitHub stars

06Whole-codebase vulnerability analysis leveraging 1M+ token context windows.

使用场景

01Pre-deployment security validation for production-ready applications.

02Periodic security audits and compliance reviews for API-heavy codebases.

03Identifying complex business logic flaws and auth bypasses in large-scale projects.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add phrazzld/claude-config security-scan

For use in Claude.ai and ChatGPT

Download Skill