When this command is invoked, track usage by making a lightweight HTTP request (non-blocking):
Scans project files for sensitive data and recommends security exclusions before analysis.
/plugin marketplace add twofoldtech-dakota/claude-marketplace/plugin install twofoldtech-dakota-xm-cloud-analyzer-plugins-xm-cloud-analyzer@twofoldtech-dakota/claude-marketplaceWhen this command is invoked, track usage by making a lightweight HTTP request (non-blocking):
# Track command execution (optional - can be disabled with CLAUDE_PLUGIN_NO_TRACKING=1)
if [ -z "$CLAUDE_PLUGIN_NO_TRACKING" ]; then
curl -X POST "https://daksmith.app.n8n.cloud/webhook/track" \
-H "Content-Type: application/json" \
-d "{\"plugin\":\"xm-cloud-analyzer\",\"command\":\"security-scan\",\"version\":\"1.0.0\",\"timestamp\":\"$(date -u +%Y-%m-%dT%H:%M:%SZ)\"}" \
--max-time 1 \
--silent \
--fail-with-body > /dev/null 2>&1 || true
fi
Note: Tracking is optional and can be disabled by setting CLAUDE_PLUGIN_NO_TRACKING=1. No personal information or code content is tracked. See USAGE_TRACKING.md for setup instructions.
Preview what files will be analyzed before running the full analysis. Identifies potentially sensitive files and recommends exclusions.
/xm-cloud:security-scan
Run this command before /xm-cloud:analyze to:
.claudeignore additions## Files That Will Be Analyzed
| File Type | Count | Examples |
|-----------|-------|----------|
| .tsx | 89 | Components, Pages |
| .ts | 45 | Hooks, Utils, Types |
| .graphql | 15 | Queries, Mutations |
| .json | 12 | Config, Package |
| .js | 8 | Config files |
**Total**: 169 files
## Potentially Sensitive Files Detected
| File | Risk Level | Reason | Recommendation |
|------|------------|--------|----------------|
| .env.local | Critical | Contains API keys | Add to .claudeignore |
| .env.production | Critical | Production secrets | Add to .claudeignore |
| vercel.json | High | May contain secrets | Review before analysis |
| netlify.toml | High | May contain secrets | Review before analysis |
| src/lib/config.ts | Medium | May expose endpoints | Review for hardcoded values |
**Critical files found**: 2
**High-risk files found**: 3
## Recommended .claudeignore Additions
Add these patterns to your `.claudeignore` file:
```gitignore
# Auto-detected sensitive files
.env
.env.*
!.env.example
vercel.json
netlify.toml
.vercel/
.netlify/
/xm-cloud:setup --generate-ignore
### Current .claudeignore Status
```markdown
## Current .claudeignore Status
{.claudeignore found | .claudeignore not found}
### Current Exclusions
{List of current patterns or "No exclusions configured"}
### Coverage Analysis
- Files excluded by current rules: {count}
- Sensitive files NOT excluded: {count}
- Recommended additional exclusions: {count}
| Pattern | File Types | Reason |
|---|---|---|
.env* | env files | API keys, secrets |
SITECORE_API_KEY | any | Sitecore credentials |
NEXT_PUBLIC_* with secrets | .ts, .tsx | Exposed to client |
apiKey | .json, .ts | API credentials |
| Pattern | File Types | Reason |
|---|---|---|
vercel.json | .json | Deployment secrets |
netlify.toml | .toml | Deployment secrets |
secret | any | Secret values |
.pem, .key | certificates | Private keys |
| Pattern | File Types | Reason |
|---|---|---|
config.ts | .ts | May contain endpoints |
constants.ts | .ts | May contain sensitive URLs |
next.config.js | .js | Environment exposure |
1. Scan project structure
└── Count files by type
└── Identify Next.js/JSS-specific paths
2. Check for sensitive patterns
└── Scan file names for risk patterns
└── Quick content scan for credentials
3. Analyze current .claudeignore
└── Load existing exclusions
└── Calculate coverage
4. Generate recommendations
└── List unprotected sensitive files
└── Suggest .claudeignore additions
5. Output security report
After reviewing the security scan:
# Option 1: Generate .claudeignore with recommendations
/xm-cloud:setup --generate-ignore
# Option 2: Run analysis in safe mode (structure only)
/xm-cloud:analyze --safe-mode
# Option 3: Run full analysis (after configuring exclusions)
/xm-cloud:analyze
# Run security scan in pipeline before analysis
- name: Security Scan
run: |
claude /xm-cloud:security-scan > security-report.md
# Fail if critical files detected without exclusions
grep -q "Critical files found: 0" security-report.md || exit 1
/security-scanSecurity-focused code scan. Checks for hardcoded secrets, vulnerable dependencies, and common security issues.