Scan code for security vulnerabilities including OWASP Top 10, secrets, and misconfigurations. Use when you need comprehensive security analysis of a codebase.
npx claudepluginhub joshuarweaver/cascade-content-creation-misc-1 --plugin jwynia-agent-skills-1This skill uses the workspace's default tool permissions.
Comprehensive security vulnerability detection for codebases.
Guides Next.js Cache Components and Partial Prerendering (PPR) with cacheComponents enabled. Implements 'use cache', cacheLife(), cacheTag(), revalidateTag(), static/dynamic optimization, and cache debugging.
Guides building MCP servers enabling LLMs to interact with external services via tools. Covers best practices, TypeScript/Node (MCP SDK), Python (FastMCP).
Generates original PNG/PDF visual art via design philosophy manifestos for posters, graphics, and static designs on user request.
Comprehensive security vulnerability detection for codebases.
/security-scan # Full scan of current directory
/security-scan --scope src/ # Scan specific directory
/security-scan --quick # Fast scan (critical issues only)
/security-scan --focus injection # Focus on specific category
Analyzes code for security vulnerabilities across multiple categories:
Comprehensive analysis of all security categories.
/security-scan
Checks performed:
Duration: 2-5 minutes depending on codebase size
Fast check for critical and high-severity issues only.
/security-scan --quick
Checks performed:
Duration: Under 1 minute
Target specific vulnerability category.
/security-scan --focus <category>
Categories:
injection - SQL, XSS, command injectionsecrets - Credentials, API keys, tokenscrypto - Cryptographic weaknessesauth - Authentication/authorization issuesconfig - Configuration security| Level | Icon | Meaning | Action Required |
|---|---|---|---|
| CRITICAL | [!] | Exploitable vulnerability | Immediate fix |
| HIGH | [H] | Serious security risk | Fix before deploy |
| MEDIUM | [M] | Potential vulnerability | Plan to address |
| LOW | [L] | Minor issue or hardening | Consider fixing |
| INFO | [i] | Informational finding | Awareness only |
[SEVERITY] CATEGORY: Brief description
File: path/to/file.ext:line
Pattern: What was detected
Risk: Why this is dangerous
Fix: How to remediate
SECURITY SCAN RESULTS
=====================
Scope: src/
Files scanned: 127
Duration: 45 seconds
FINDINGS BY SEVERITY
Critical: 2
High: 5
Medium: 12
Low: 8
TOP ISSUES
1. [!] SQL Injection in src/api/users.ts:45
2. [!] Hardcoded AWS key in src/config.ts:12
3. [H] XSS vulnerability in src/components/Comment.tsx:89
...
Run `/security-scan --details` for full report.
| # | Category | Detection Approach |
|---|---|---|
| A01 | Broken Access Control | Authorization pattern analysis |
| A02 | Cryptographic Failures | Weak crypto detection |
| A03 | Injection | Pattern matching + data flow |
| A04 | Insecure Design | Security control gaps |
| A05 | Security Misconfiguration | Config file analysis |
| A06 | Vulnerable Components | Dependency scanning |
| A07 | Auth Failures | Auth pattern review |
| A08 | Data Integrity Failures | Deserialization checks |
| A09 | Logging Failures | Audit log analysis |
| A10 | SSRF | Request pattern detection |
See references/owasp/ for detailed detection rules per category.
SQL Injection:
- String concatenation in queries
- Unsanitized user input in database calls
- Dynamic query construction
Cross-Site Scripting (XSS):
- innerHTML assignments with user data
- document.write() with dynamic content
- Unescaped template interpolation
Command Injection:
- exec(), system(), popen() with user input
- Shell command string construction
- Unsanitized subprocess arguments
See references/patterns/ for language-specific patterns.
High-Confidence Patterns:
AWS Access Key: AKIA[0-9A-Z]{16}
AWS Secret Key: [A-Za-z0-9/+=]{40}
GitHub Token: gh[pousr]_[A-Za-z0-9]{36,}
Stripe Key: sk_live_[A-Za-z0-9]{24,}
Private Key: -----BEGIN (RSA |EC )?PRIVATE KEY-----
Medium-Confidence Patterns:
Generic API Key: api[_-]?key.*[=:]\s*['"][a-zA-Z0-9]{16,}
Password in Code: password\s*[=:]\s*['"][^'"]+['"]
Connection String: (mysql|postgres|mongodb)://[^:]+:[^@]+@
Weak Algorithms:
- MD5 for password hashing
- SHA1 for security purposes
- DES/3DES encryption
- RC4 stream cipher
Implementation Issues:
- Hardcoded encryption keys
- Weak random number generation
- Missing salt in password hashing
- ECB mode encryption
/secrets-scanFocused deep-dive on credential detection:
/secrets-scan # Dedicated secrets analysis
/secrets-scan --entropy # High-entropy string detection
/dependency-scanPackage vulnerability analysis:
/dependency-scan # Check all dependencies
/dependency-scan --fix # Auto-fix where possible
/config-scanInfrastructure and configuration review:
/config-scan # All config files
/config-scan --docker # Container security
/config-scan --iac # Infrastructure as Code
1. Identify project type (languages, frameworks)
2. Locate relevant files (source, config, dependencies)
3. Determine applicable security rules
1. Pattern matching for known vulnerabilities
2. Data flow analysis for injection paths
3. Configuration review
1. High-confidence pattern matching
2. Entropy analysis for potential secrets
3. Git history check (optional)
1. Parse package manifests
2. Check against vulnerability databases
3. Identify outdated packages
1. Deduplicate findings
2. Assign severity scores
3. Generate actionable report
4. Provide remediation guidance
Create .security-scan.yaml in project root:
# Scan configuration
scan:
exclude:
- "node_modules/**"
- "vendor/**"
- "**/*.test.ts"
- "**/__mocks__/**"
# Severity thresholds
thresholds:
fail_on: critical # critical, high, medium, low
warn_on: medium
# Category toggles
categories:
injection: true
secrets: true
crypto: true
auth: true
config: true
dependencies: true
# Custom patterns
patterns:
secrets:
- name: "Internal API Key"
pattern: "INTERNAL_[A-Z]{3}_KEY_[a-zA-Z0-9]{32}"
severity: high
Create .security-scan-ignore for false positives:
# Ignore specific files
src/test/fixtures/mock-credentials.ts
# Ignore specific lines (use inline comment)
# security-scan-ignore: test fixture
const mockApiKey = "sk_test_fake123";
| Command | Description |
|---|---|
/security-scan | Full security scan |
/security-scan --quick | Critical issues only |
/security-scan --scope <path> | Scan specific path |
/security-scan --focus <cat> | Single category |
/security-scan --details | Verbose output |
/security-scan --json | JSON output |
/security-scan --fix | Auto-fix where possible |
/secrets-scan - Deep secrets detection/dependency-scan - Package vulnerability analysis/config-scan - Configuration security review/review-code - General code review (includes security)references/owasp/ - OWASP Top 10 detection detailsreferences/patterns/ - Language-specific vulnerability patternsreferences/remediation/ - Fix guidance by vulnerability typeassets/severity-matrix.md - Severity scoring criteria