القائمة
Inspect and optionally install security scanning tools for the security plugin
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
Create or update the project security baseline, profile, suppressions file, and gitignore entries for security scans
Fix or guide remediation for a specific security finding from the latest scan report
Run a security assessment using deterministic static analysis tools with LLM-powered triage
Query ctx memory and inject results into context
Show ctx memory status (node counts, types, tiers, tokens)
MANDATORY persistent memory system for decisions, facts, patterns, and observations.
| name | setup |
| description | Inspect and optionally install security scanning tools for the security plugin |
| disable-model-invocation | true |
| allowed-tools | ["Bash","Read","AskUserQuestion"] |
Inspect scanner availability and help the user install missing tools. Do not install anything without explicit user approval.
Run:
"${CLAUDE_PLUGIN_ROOT}/scripts/detect-tools.sh"
Display:
| Tool | Status | Version | Purpose |
|---|---|---|---|
| semgrep | installed/missing | version | Multi-language SAST |
| gitleaks | installed/missing | version | Secret detection |
| trivy | installed/missing | version | Dependency/container/IaC scanning |
| bandit | installed/missing | version | Python SAST |
| gosec | installed/missing | version | Go SAST |
Show the coverage estimate from the script.
Recommendations:
semgrep.gitleaks for any repository with git history.trivy when Dockerfile, lockfiles, IaC, or container usage is detected.bandit only for Python projects.gosec only for Go projects.Prefer isolated/user-scoped installers where practical:
# macOS
brew install semgrep
# Isolated Python tool install
pipx install semgrep
# uv
uv tool install semgrep
brew install gitleaks
go install github.com/gitleaks/gitleaks/v8@latest
brew install trivy
# Linux packages: https://aquasecurity.github.io/trivy/latest/getting-started/installation/
pipx install bandit
uv tool install bandit
go install github.com/securego/gosec/v2/cmd/gosec@latest
brew install gosec
Avoid global pip install unless the user explicitly chooses it.
Ask which missing tools to install. Include a "show commands only" option. If the user chooses installation, run only the selected commands and explain any command that needs elevated privileges before running it.
If no supported installer is available, print manual instructions and do not attempt workarounds.
Run:
"${CLAUDE_PLUGIN_ROOT}/scripts/detect-tools.sh"
Display updated coverage and next step:
Run /security:baseline to create the project profile, then /security:scan.
Begin by detecting current state.