| name | scan |
| description | Run a security scan on the codebase using available scanners. Returns structured findings with severity and OWASP mapping. |
Security Scan Skill
Overview
Run a multi-engine security scan on a target directory and produce a structured vulnerability report.
Engines
- Semgrep - SAST rules for JS/TS
- Trivy - Dependency + container scanning
Workflow
- Detect project languages and package managers
- Run applicable scanners
- Classify by severity: CRITICAL, HIGH, MEDIUM, LOW
- Map findings to OWASP Top 10
- Output structured report
Guardrails
- Read-only: do not modify any scanned files
- Filter out low-confidence results by default