원클릭으로
sc-data-exposure
Sensitive data exposure detection — PII leaks, verbose errors, debug mode, and information disclosure
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Sensitive data exposure detection — PII leaks, verbose errors, debug mode, and information disclosure
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Comprehensive AI-powered security scanning suite with 48 skills covering OWASP Top 10, 7 language-specific deep scanners (Go, TypeScript, Python, PHP, Rust, Java, C#), supply chain analysis, infrastructure-as-code scanning, and 3000+ checklist items. Use when you need to run a security audit, find vulnerabilities, scan a PR for security issues, or perform a penetration test on a codebase.
C#/.NET-specific security deep scan
Go-specific security deep scan
Java/Kotlin-specific security deep scan
PHP-specific security deep scan
Python-specific security deep scan
| name | sc-data-exposure |
| description | Sensitive data exposure detection — PII leaks, verbose errors, debug mode, and information disclosure |
| license | MIT |
| metadata | {"author":"ersinkoc","category":"security","version":"1.0.0"} |
Detects sensitive data exposure including PII in logs, stack traces in production responses, debug mode enabled in production, sensitive data in URLs, source maps deployed to production, exposed .git directories, backup files, and excessive data in API responses. Focuses on data leaving the application boundary unintentionally.
Called by sc-orchestrator during Phase 2. Always runs.
# Debug/verbose modes
"DEBUG = True", "debug: true", "NODE_ENV.*development",
"FLASK_DEBUG", "APP_DEBUG", "RAILS_ENV.*development",
"stackTrace", "stack_trace", "printStackTrace"
# PII in logs
"logger.*email", "log.*password", "console.log.*token",
"logging.*credit", "log.*ssn", "print.*secret"
# Sensitive data in URLs
"?token=", "?api_key=", "?password=", "?secret=",
"?access_token=", "?session="
# Information disclosure
".git/", "phpinfo()", "server_info", "X-Powered-By",
".env", "wp-config.php", "web.config", "application.properties"
# Source maps
".map", "sourceMappingURL", "//# sourceMappingURL"
# Verbose error responses
"res.status(500).send(err)", "return error.message",
"traceback.format_exc()", "e.getMessage()"
1. Stack Trace in Production:
// VULNERABLE: Raw error sent to client
app.use((err, req, res, next) => {
res.status(500).json({ error: err.stack });
});
// SAFE: Generic error in production
app.use((err, req, res, next) => {
console.error(err.stack); // Log internally
res.status(500).json({ error: 'Internal server error' });
});
2. PII in Logs:
# VULNERABLE: Logging sensitive data
logger.info(f"User login: email={email}, password={password}")
logger.debug(f"Payment: card={card_number}, cvv={cvv}")
# SAFE: Redact sensitive fields
logger.info(f"User login: email={mask_email(email)}")
logger.debug(f"Payment: card=****{card_number[-4:]}")
3. Debug Mode in Production:
# VULNERABLE: Django debug mode
# settings.py
DEBUG = True # Exposes full stack traces, SQL queries, template context
# SAFE
DEBUG = os.environ.get('DEBUG', 'False') == 'True'
4. Excessive Data in API Response:
// VULNERABLE: Returning full user object including sensitive fields
app.get('/api/users/:id', async (req, res) => {
const user = await User.findById(req.params.id);
res.json(user); // Includes password hash, internal IDs, etc.
});
// SAFE: Select only needed fields
app.get('/api/users/:id', async (req, res) => {
const user = await User.findById(req.params.id)
.select('name email avatar');
res.json(user);
});
DEBUG = os.getenv('DEBUG') properly controlled by environment