Slash Command

/security-scan

Run comprehensive security scan on codebase for OWASP vulnerabilities

npx claudepluginhub latestaiagents/agent-skills --plugin security-guardian

Prompt Preview

# /security-scan

Scan your codebase for common security vulnerabilities.

## What I Need

Tell me:
- What language/framework is your project?
- Any specific concerns (auth, API, data handling)?
- Scope: full scan or specific files?

## Scan Coverage

### OWASP Top 10 Checks

1. **A01 - Injection** - SQL, NoSQL, Command injection
2. **A02 - Broken Auth** - Session management, passwords
3. **A03 - Sensitive Data** - Encryption, data exposure
4. **A04 - XXE** - XML processing vulnerabilities
5. **A05 - Access Control** - Authorization flaws
6. **A06 - Misconfig** - Security settings, defaults...

Command Content

Other plugins with /security-scan

/security-scan

1.0k

Scans codebase for OWASP Top 10 vulnerabilities and common security patterns. Defaults to entire project or limits to specified path.

code-guardian

/check-owasp

1.9k

Scans the current codebase for OWASP Top 10 vulnerabilities including injection, broken access control, and cryptographic failures, then outputs a security assessment with remediation advice.

owasp-compliance-checker

/audit

1.4k

Performs security audit of codebase for dependency vulnerabilities, secrets, OWASP Top 10, input validation, auth issues, and misconfigs. Outputs findings report by severity with fixes and references.

claude-code-toolkit

/security-scan

Scans codebase for vulnerabilities, hardcoded secrets, OWASP Top 10 compliance, and security best practices violations. Produces report with issues and fix recommendations.

5 tools

autonomous-dev

/audit

Audits project security: dependencies (npm/pip-audit), secrets (gitleaks), SAST (semgrep), OWASP Top 10; generates SECURITY_AUDIT.md, vulnerabilities.json, remediation-plan.md.

aura-frog

/security-scan

1.3k

Scans codebase for hardcoded secrets, vulnerable dependencies, code patterns like injections/XSS, and config issues. Produces structured report with issues, severities, and remediation steps.

project-starter

Stats

Parent Repo Stars2

Parent Repo Forks0

Last CommitFeb 5, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

/security-scan

Scan your codebase for common security vulnerabilities.

What I Need

Tell me:

What language/framework is your project?
Any specific concerns (auth, API, data handling)?
Scope: full scan or specific files?

Scan Coverage

OWASP Top 10 Checks

A01 - Injection - SQL, NoSQL, Command injection
A02 - Broken Auth - Session management, passwords
A03 - Sensitive Data - Encryption, data exposure
A04 - XXE - XML processing vulnerabilities
A05 - Access Control - Authorization flaws
A06 - Misconfig - Security settings, defaults
A07 - XSS - Cross-site scripting
A08 - Deserialization - Unsafe object handling
A09 - Vulnerable Components - Dependencies
A10 - Logging - Insufficient monitoring

Scan Process

Step 1: Static Analysis

I'll search for vulnerable patterns in your code:

String concatenation in queries
Eval/exec with user input
Hardcoded secrets
Missing input validation

Step 2: Dependency Check

I'll review your dependencies:

Known CVEs
Outdated packages
Unused dependencies

Step 3: Configuration Review

I'll check security settings:

CORS configuration
Security headers
Cookie settings
Environment variables

Output

I'll provide:

Severity-ranked findings
Specific file:line locations
Fix recommendations with code examples
Links to relevant documentation

Quick Commands

# Run with Semgrep
semgrep --config=p/owasp-top-ten .

# Check dependencies (npm)
npm audit

# Check dependencies (Python)
pip-audit

# Scan secrets
gitleaks detect --source .