Jeden Skill in Manus ausführen
mit einem Klick

Jeden Skill in Manus mit einem Klick ausführen

security-scanner

Node.js security audit: npm audit for known CVEs, Snyk for supply chain vulnerabilities, eslint-plugin-security for code patterns (eval, prototype pollution, path traversal), and AI-driven analysis of container isolation boundaries. Generates SECURITY_REPORT.md with CRITICAL/HIGH/MEDIUM severity ratings. Adapted from ZeroClaw's Rust security-scanner for Node.js/npm ecosystem. Run before any release or dependency update.

In Manus ausführen

Überblick

Installationsbefehl

npx skills add https://github.com/mk-knight23/AI-Agent-NanoClaw --skill security-scanner

Kopieren Sie diesen Befehl und fügen Sie ihn in Claude Code ein, um den Skill zu installieren

Quelle

mk-knight23/AI-Agent-NanoClaw

Sterne1

Forks0

Aktualisiert10. März 2026 um 00:13

SKILL.md

readonly

name

security-scanner

description

security-scanner

Full-spectrum Node.js security audit — CVEs, supply chain, code patterns, container isolation.

Usage

@Andy security-scanner --full
@Andy security-scanner --deps-only         # npm audit + Snyk only
@Andy security-scanner --code-only         # ESLint security rules only
@Andy security-scanner --fail-on high      # Exit non-zero if HIGH+ issues found (CI mode)

What It Checks

1. Known CVEs — `npm audit`

All direct + transitive dependencies checked against npm security advisories
Each finding includes: CVE ID, severity, affected package, fix version

2. Supply Chain — Snyk

License compliance (blocks AGPL, GPL-3.0 by default — configurable)
Typosquatting detection: flags packages with names similar to popular ones
Deprecated package warnings

3. Code Security Patterns — ESLint Security Plugin

eval() and new Function() usage
Prototype pollution via __proto__, constructor.prototype
Path traversal in fs.readFile, path.join with user input
Hardcoded secrets (API keys, tokens in source)
child_process.exec with unsanitized input

4. Container Isolation Audit (NanoClaw-Specific)

Shared state leaking between agent containers
Unauthenticated inter-container communication
Swarm nodes exposing internal ports without firewall rules

Files Created

SECURITY_REPORT.md          # Full report with severity ratings
security_audit.json         # Machine-readable JSON for CI

CI Integration

# .github/workflows/security.yml
- name: NanoClaw Security Scan
  run: |
    npm audit --audit-level=high
    andy security-scanner --full --fail-on high

Philosophy

Container isolation is NanoClaw's core security model. Every issue that could allow one agent to affect another is treated as CRITICAL, regardless of what npm audit says.

Mehr aus diesem Repository

gleiches Repository

code-reviewer

mk-knight23/AI-Agent-NanoClaw

Runs ESLint, TypeScript type checking (tsc --noEmit), and AI-driven review on any JavaScript/TypeScript Node.js codebase or diff. Identifies bugs, type issues, security vulnerabilities (via eslint-plugin-security), async pitfalls, and style violations. Outputs a CODE_REVIEW.md report with CRITICAL/HIGH/MEDIUM/LOW severity ratings. Use before committing or merging Node.js code. Adapted from Nanobot's Python code-reviewer for Node.js/TypeScript runtimes.

2026-03-101

repo-modernizer

mk-knight23/AI-Agent-NanoClaw

Automated portfolio hygiene for Node.js repositories. Updates package.json dependencies to latest stable, migrates CommonJS to ESM, upgrades TypeScript config to strict mode, adds missing .gitignore patterns, adds GitHub Actions CI, generates missing README sections, and standardizes the project structure. Cross-ported from OpenClaw's repo-modernizer. Use when a repository is stale or missing modern Node.js conventions.

2026-03-101

add-discord

mk-knight23/AI-Agent-NanoClaw

Transformation skill to add high-fidelity Discord support. Installs discord.js, creates a multi-channel adapter with thread support, and configures bot intents/tokens. Enables rich embeds and slash command registration.

2026-03-061

add-github-actions

mk-knight23/AI-Agent-NanoClaw

Transformation skill to add robust CI/CD via GitHub Actions. Configures workflows for linting, testing, and auto-deployment. Adds secrets management and PR automation hooks.

2026-03-061

add-gmail

mk-knight23/AI-Agent-NanoClaw

Transforms NanoClaw to add Gmail monitoring and composition. Installs the googleapis dependency, creates a Gmail channel adapter in src/channels/, adds OAuth2 flow, and registers it at startup. Run /add-gmail when you want to monitor your inbox and compose AI-drafted replies via NanoClaw. Requires Google OAuth2 credentials from Google Cloud Console.

2026-03-061

add-linear

mk-knight23/AI-Agent-NanoClaw

Transformation skill to add Linear integration. Installs linear-sdk, configures OAuth/API keys, and adds handlers for issue tracking and project management. Mounts Linear team context into agent containers.

2026-03-061

Quelle

mk-knight23

mk-knight23/AI-Agent-NanoClaw

GitHub-Repository öffnen Creator-Repositorys ansehen

Installationsbefehl

Download

In Manus ausführen

Nützlich fürSOC

InformationssicherheitsanalystenInformatik- und Mathematikberufe15-1212L4

name

security-scanner

description

security-scanner

Full-spectrum Node.js security audit — CVEs, supply chain, code patterns, container isolation.

Usage

@Andy security-scanner --full
@Andy security-scanner --deps-only         # npm audit + Snyk only
@Andy security-scanner --code-only         # ESLint security rules only
@Andy security-scanner --fail-on high      # Exit non-zero if HIGH+ issues found (CI mode)

What It Checks

1. Known CVEs — `npm audit`

All direct + transitive dependencies checked against npm security advisories
Each finding includes: CVE ID, severity, affected package, fix version

2. Supply Chain — Snyk

License compliance (blocks AGPL, GPL-3.0 by default — configurable)
Typosquatting detection: flags packages with names similar to popular ones
Deprecated package warnings

3. Code Security Patterns — ESLint Security Plugin

eval() and new Function() usage
Prototype pollution via __proto__, constructor.prototype
Path traversal in fs.readFile, path.join with user input
Hardcoded secrets (API keys, tokens in source)
child_process.exec with unsanitized input

4. Container Isolation Audit (NanoClaw-Specific)

Shared state leaking between agent containers
Unauthenticated inter-container communication
Swarm nodes exposing internal ports without firewall rules

Files Created

SECURITY_REPORT.md          # Full report with severity ratings
security_audit.json         # Machine-readable JSON for CI

CI Integration

# .github/workflows/security.yml
- name: NanoClaw Security Scan
  run: |
    npm audit --audit-level=high
    andy security-scanner --full --fail-on high

Philosophy

Container isolation is NanoClaw's core security model. Every issue that could allow one agent to affect another is treated as CRITICAL, regardless of what npm audit says.

security-scanner

security-scanner

Usage

What It Checks

1. Known CVEs — npm audit

2. Supply Chain — Snyk

3. Code Security Patterns — ESLint Security Plugin

4. Container Isolation Audit (NanoClaw-Specific)

Files Created

CI Integration

Philosophy

Mehr aus diesem Repository

security-scanner

Usage

What It Checks

1. Known CVEs — npm audit

2. Supply Chain — Snyk

3. Code Security Patterns — ESLint Security Plugin

4. Container Isolation Audit (NanoClaw-Specific)

Files Created

CI Integration

Philosophy

Mehr aus diesem Repository

1. Known CVEs — `npm audit`

1. Known CVEs — `npm audit`