Ejecuta cualquier Skill en Manus
con un clic

Ejecuta cualquier Skill en Manus con un clic

security-scanner

Node.js security audit: npm audit for known CVEs, Snyk for supply chain vulnerabilities, eslint-plugin-security for code patterns (eval, prototype pollution, path traversal), and AI-driven analysis of container isolation boundaries. Generates SECURITY_REPORT.md with CRITICAL/HIGH/MEDIUM severity ratings. Adapted from ZeroClaw's Rust security-scanner for Node.js/npm ecosystem. Run before any release or dependency update.

Ejecutar en Manus

Resumen

Comando de instalación

npx skills add https://github.com/mk-knight23/AI-Agent-NanoClaw --skill security-scanner

Copia y pega este comando en Claude Code para instalar la habilidad

Fuente

mk-knight23/AI-Agent-NanoClaw

Estrellas1

Forks0

Actualizado10 de marzo de 2026, 00:13

SKILL.md

readonly

name

security-scanner

description

security-scanner

Full-spectrum Node.js security audit — CVEs, supply chain, code patterns, container isolation.

Usage

@Andy security-scanner --full
@Andy security-scanner --deps-only         # npm audit + Snyk only
@Andy security-scanner --code-only         # ESLint security rules only
@Andy security-scanner --fail-on high      # Exit non-zero if HIGH+ issues found (CI mode)

What It Checks

1. Known CVEs — `npm audit`

All direct + transitive dependencies checked against npm security advisories
Each finding includes: CVE ID, severity, affected package, fix version

2. Supply Chain — Snyk

License compliance (blocks AGPL, GPL-3.0 by default — configurable)
Typosquatting detection: flags packages with names similar to popular ones
Deprecated package warnings

3. Code Security Patterns — ESLint Security Plugin

eval() and new Function() usage
Prototype pollution via __proto__, constructor.prototype
Path traversal in fs.readFile, path.join with user input
Hardcoded secrets (API keys, tokens in source)
child_process.exec with unsanitized input

4. Container Isolation Audit (NanoClaw-Specific)

Shared state leaking between agent containers
Unauthenticated inter-container communication
Swarm nodes exposing internal ports without firewall rules

Files Created

SECURITY_REPORT.md          # Full report with severity ratings
security_audit.json         # Machine-readable JSON for CI

CI Integration

# .github/workflows/security.yml
- name: NanoClaw Security Scan
  run: |
    npm audit --audit-level=high
    andy security-scanner --full --fail-on high

Philosophy

Container isolation is NanoClaw's core security model. Every issue that could allow one agent to affect another is treated as CRITICAL, regardless of what npm audit says.

Más de este repositorio

mismo repositorio

code-reviewer

mk-knight23/AI-Agent-NanoClaw

Runs ESLint, TypeScript type checking (tsc --noEmit), and AI-driven review on any JavaScript/TypeScript Node.js codebase or diff. Identifies bugs, type issues, security vulnerabilities (via eslint-plugin-security), async pitfalls, and style violations. Outputs a CODE_REVIEW.md report with CRITICAL/HIGH/MEDIUM/LOW severity ratings. Use before committing or merging Node.js code. Adapted from Nanobot's Python code-reviewer for Node.js/TypeScript runtimes.

2026-03-101

repo-modernizer

mk-knight23/AI-Agent-NanoClaw

Automated portfolio hygiene for Node.js repositories. Updates package.json dependencies to latest stable, migrates CommonJS to ESM, upgrades TypeScript config to strict mode, adds missing .gitignore patterns, adds GitHub Actions CI, generates missing README sections, and standardizes the project structure. Cross-ported from OpenClaw's repo-modernizer. Use when a repository is stale or missing modern Node.js conventions.

2026-03-101

add-discord

mk-knight23/AI-Agent-NanoClaw

Transformation skill to add high-fidelity Discord support. Installs discord.js, creates a multi-channel adapter with thread support, and configures bot intents/tokens. Enables rich embeds and slash command registration.

2026-03-061

add-github-actions

mk-knight23/AI-Agent-NanoClaw

Transformation skill to add robust CI/CD via GitHub Actions. Configures workflows for linting, testing, and auto-deployment. Adds secrets management and PR automation hooks.

2026-03-061

add-gmail

mk-knight23/AI-Agent-NanoClaw

Transforms NanoClaw to add Gmail monitoring and composition. Installs the googleapis dependency, creates a Gmail channel adapter in src/channels/, adds OAuth2 flow, and registers it at startup. Run /add-gmail when you want to monitor your inbox and compose AI-drafted replies via NanoClaw. Requires Google OAuth2 credentials from Google Cloud Console.

2026-03-061

add-linear

mk-knight23/AI-Agent-NanoClaw

Transformation skill to add Linear integration. Installs linear-sdk, configures OAuth/API keys, and adds handlers for issue tracking and project management. Mounts Linear team context into agent containers.

2026-03-061

Fuente

mk-knight23

mk-knight23/AI-Agent-NanoClaw

Abrir repositorio de GitHub Ver repositorios del creador

Comando de instalación

Descarga

Ejecutar en Manus

Útil paraSOC

Analistas de seguridad de la informaciónOcupaciones informáticas y matemáticas15-1212L4

name

security-scanner

description

security-scanner

Full-spectrum Node.js security audit — CVEs, supply chain, code patterns, container isolation.

Usage

@Andy security-scanner --full
@Andy security-scanner --deps-only         # npm audit + Snyk only
@Andy security-scanner --code-only         # ESLint security rules only
@Andy security-scanner --fail-on high      # Exit non-zero if HIGH+ issues found (CI mode)

What It Checks

1. Known CVEs — `npm audit`

All direct + transitive dependencies checked against npm security advisories
Each finding includes: CVE ID, severity, affected package, fix version

2. Supply Chain — Snyk

License compliance (blocks AGPL, GPL-3.0 by default — configurable)
Typosquatting detection: flags packages with names similar to popular ones
Deprecated package warnings

3. Code Security Patterns — ESLint Security Plugin

eval() and new Function() usage
Prototype pollution via __proto__, constructor.prototype
Path traversal in fs.readFile, path.join with user input
Hardcoded secrets (API keys, tokens in source)
child_process.exec with unsanitized input

4. Container Isolation Audit (NanoClaw-Specific)

Shared state leaking between agent containers
Unauthenticated inter-container communication
Swarm nodes exposing internal ports without firewall rules

Files Created

SECURITY_REPORT.md          # Full report with severity ratings
security_audit.json         # Machine-readable JSON for CI

CI Integration

# .github/workflows/security.yml
- name: NanoClaw Security Scan
  run: |
    npm audit --audit-level=high
    andy security-scanner --full --fail-on high

Philosophy

Container isolation is NanoClaw's core security model. Every issue that could allow one agent to affect another is treated as CRITICAL, regardless of what npm audit says.

security-scanner

security-scanner

Usage

What It Checks

1. Known CVEs — npm audit

2. Supply Chain — Snyk

3. Code Security Patterns — ESLint Security Plugin

4. Container Isolation Audit (NanoClaw-Specific)

Files Created

CI Integration

Philosophy

Más de este repositorio

Más de este repositorio

security-scanner

Usage

What It Checks

1. Known CVEs — npm audit

2. Supply Chain — Snyk

3. Code Security Patterns — ESLint Security Plugin

4. Container Isolation Audit (NanoClaw-Specific)

Files Created

CI Integration

Philosophy

1. Known CVEs — `npm audit`

1. Known CVEs — `npm audit`