| name | security-scan |
| description | Comprehensive security audit based on OWASP 2025 Top 10 with automated checks. Scans for vulnerabilities, insecure patterns, hardcoded secrets, and dependency risks. |
| user-invocable | true |
| allowed-tools | Read, Grep, Glob, Bash |
| context | fork |
| agent | security-auditor |
| argument-hint | [target-dir] |
| metadata | {"version":"3.0.0","updated":"2025-02"} |
| hooks | {"SessionStart":[{"hooks":[{"type":"command","command":"node -e \"\n const { execSync } = require('child_process');\n const fs = require('fs');\n const warnings = [];\n if (fs.existsSync('package.json')) {\n try { execSync('npx --yes npm-audit-resolver --version', { stdio: 'pipe', timeout: 10000 }); }\n catch { warnings.push('npm audit available but npm-audit-resolver not found (optional).'); }\n }\n if (fs.existsSync('requirements.txt') || fs.existsSync('pyproject.toml')) {\n try { execSync('pip-audit --version', { stdio: 'pipe', timeout: 5000 }); }\n catch { warnings.push('pip-audit not installed. Run pip install pip-audit for Python dependency scanning.'); }\n }\n if (fs.existsSync('Cargo.toml')) {\n try { execSync('cargo audit --version', { stdio: 'pipe', timeout: 5000 }); }\n catch { warnings.push('cargo-audit not installed. Run cargo install cargo-audit for Rust dependency scanning.'); }\n }\n if (warnings.length > 0) {\n console.log(JSON.stringify({additionalContext: 'Audit Tool Warnings:\\\\n' + warnings.map(w => '- ' + w).join('\\\\n')}));\n }\n\"\n"}]}]} |
Security Scan
Perform a comprehensive security audit on $ARGUMENTS.
Reference: OWASP Top 10 2025
Scan Strategy
- Identify application type and tech stack
- Run automated dependency vulnerability checks
- Scan source code for insecure patterns
- Detect hardcoded secrets and credentials
- Review configuration files for misconfigurations
- Assess authentication and authorization flows
Dynamic Context
- Dependency audit: !
npm audit --json 2>/dev/null | node -e "const d=JSON.parse(require('fs').readFileSync(0,'utf8'));console.log('Vulnerabilities:',JSON.stringify(d.metadata?.vulnerabilities||'N/A'))" 2>/dev/null || pip-audit 2>/dev/null | tail -5 || cargo audit 2>/dev/null | tail -5 || echo "No dependency audit tool found"
- Recently changed files: !
git diff --name-only HEAD~10 2>/dev/null || echo "N/A"
- Project type: !
ls package.json requirements.txt Cargo.toml go.mod pyproject.toml 2>/dev/null | head -3 || echo "Unknown"
- Environment files: !
find . -name '.env*' -o -name '*.env' 2>/dev/null | head -5 || echo "None"
References
Related Skills
Resources
Guardrails
- Prefer measured evidence over blanket rules of thumb.
- Ask for explicit human approval before destructive data operations (drops/deletes/truncates).