Stats
Actions
Tags
From cli-power-skills
Use when checking code for vulnerabilities, linting shell scripts, scanning containers or IaC for security issues, or managing encrypted secrets
How this skill is triggered — by the user, by Claude, or both
Slash command
/cli-power-skills:security-scanningThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
- Scanning a project directory for known vulnerabilities (CVEs)
| Tool | Purpose | Structured output |
|---|---|---|
| Trivy | Vulnerability scanner for filesystems, containers, IaC | --format json or --format sarif |
| ShellCheck | Static analysis and linting for shell scripts | -f json for JSON output |
| sops | Encrypt/decrypt secrets in YAML, JSON, ENV files | Outputs decrypted file to stdout |
trivy fs --format json --output results.json .
trivy fs --severity HIGH,CRITICAL .
trivy image --format json --output scan.json nginx:latest
trivy config --format json .
trivy fs --scanners vuln --format json package-lock.json
trivy fs --format sarif --output report.sarif .
shellcheck -f json script.sh
shellcheck -f json *.sh scripts/*.sh
shellcheck -S warning -f json script.sh
sops --encrypt --age $(cat ~/.config/sops/age/keys.txt | grep "public key:" | awk '{print $NF}') secrets.yaml > secrets.enc.yaml
sops --decrypt secrets.enc.yaml
sops secrets.enc.yaml
sops --decrypt --extract '["database"]["password"]' secrets.enc.yaml
trivy fs --format json . | jq '[.Results[] | .Vulnerabilities[]? | select(.Severity == "CRITICAL") | {id: .VulnerabilityID, pkg: .PkgName, title: .Title}]'
Each stage: Trivy scans and outputs JSON, jq filters to critical vulnerabilities and extracts key fields.
shellcheck -f json scripts/*.sh | jq 'group_by(.level) | map({level: .[0].level, count: length})'
Each stage: ShellCheck lints all scripts to JSON, jq groups and counts by severity level.
trivy image --format json myapp:latest | jq -e '[.Results[] | .Vulnerabilities[]? | select(.Severity == "CRITICAL")] | length == 0'
Each stage: Trivy scans image, jq checks for critical vulns and exits non-zero if any found.
npm audit / pip audit — scans all ecosystems in one passnpx claudepluginhub ykotik/cli-power-skills --plugin cli-power-skillsScans container images and Dockerfiles for vulnerabilities, misconfigurations, and compliance using Trivy, Grype, Snyk, and Hadolint. Generates reports with remediation steps and CI/CD integration.
Scans container images, filesystems, and Kubernetes manifests for vulnerabilities, misconfigurations, secrets, and license issues using Trivy. Generates SBOM and integrates into CI/CD pipelines.
Scans container images, filesystems, and Kubernetes manifests for vulnerabilities, misconfigurations, secrets, and license issues using Trivy. Generates SBOM and integrates into CI/CD pipelines.