بنقرة واحدة
sc-orchestrator
Master orchestration skill that coordinates the entire 4-phase security scanning pipeline
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
Master orchestration skill that coordinates the entire 4-phase security scanning pipeline
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
Comprehensive AI-powered security scanning suite with 48 skills covering OWASP Top 10, 7 language-specific deep scanners (Go, TypeScript, Python, PHP, Rust, Java, C#), supply chain analysis, infrastructure-as-code scanning, and 3000+ checklist items. Use when you need to run a security audit, find vulnerabilities, scan a PR for security issues, or perform a penetration test on a codebase.
C#/.NET-specific security deep scan
Go-specific security deep scan
Java/Kotlin-specific security deep scan
PHP-specific security deep scan
Python-specific security deep scan
| name | sc-orchestrator |
| description | Master orchestration skill that coordinates the entire 4-phase security scanning pipeline |
| license | MIT |
| metadata | {"author":"ersinkoc","category":"security","version":"1.0.0"} |
The orchestrator is the central coordination skill for the security-check pipeline. It manages the execution of all scanning phases, dispatches vulnerability detection skills, tracks progress, aggregates results, and ensures the pipeline runs to completion even when individual skills encounter errors.
This skill activates when the user issues any of the following commands:
For diff/incremental mode, see sc-diff-report.
Before starting a scan:
security-report/ directory existssc-diff-report)security-report/ directoryExecute these skills sequentially:
sc-recon skillsecurity-report/architecture.mddetected_languages: list of programming languages founddetected_frameworks: list of frameworks foundapplication_type: web app, API, CLI, library, etc.entry_points: HTTP routes, CLI commands, etc.sc-dependency-audit skillsecurity-report/dependency-audit.mdBased on detected_languages from Phase 1, activate the appropriate skills.
| Detected Language | Skill to Activate |
|---|---|
| Go | sc-lang-go |
| TypeScript, JavaScript | sc-lang-typescript |
| Python | sc-lang-python |
| PHP | sc-lang-php |
| Rust | sc-lang-rust |
| Java, Kotlin | sc-lang-java |
| C#, F#, VB.NET | sc-lang-csharp |
Launch ALL of the following skills as parallel subagents. Each skill runs independently and writes its results to security-report/{skill-name}-results.md.
Injection Attacks:
Code Execution:
Access Control:
Data Exposure:
Server-Side:
Client-Side:
Logic & Design:
API Security:
Infrastructure (activate if relevant files detected):
security-report/{skill-name}-results.md"No issues found by {skill-name}."After all Phase 2 skills complete:
sc-verifier skillsecurity-report/*-results.md filessecurity-report/verified-findings.mdAfter verification completes:
sc-report skillsecurity-report/verified-findings.mdsecurity-report/SECURITY-REPORT.mdsc-recon fails: abort scan, report error to usersc-dependency-audit fails: continue without dependency data, note in reportsc-verifier fails: skip verification, use raw findings in report (note: unverified)sc-report fails: output raw verified-findings.md as the reportDuring execution, report progress to the user at these milestones:
security-report/
├── architecture.md # Phase 1: Codebase architecture map
├── dependency-audit.md # Phase 1: Dependency analysis
├── sc-sqli-results.md # Phase 2: Per-skill results
├── sc-xss-results.md # ...
├── sc-rce-results.md # ...
├── ... # (one file per skill)
├── verified-findings.md # Phase 3: Verified findings
└── SECURITY-REPORT.md # Phase 4: Final report