원클릭으로 Manus에서 모든 스킬 실행

security-scanner

Node.js security audit: npm audit for known CVEs, Snyk for supply chain vulnerabilities, eslint-plugin-security for code patterns (eval, prototype pollution, path traversal), and AI-driven analysis of container isolation boundaries. Generates SECURITY_REPORT.md with CRITICAL/HIGH/MEDIUM severity ratings. Adapted from ZeroClaw's Rust security-scanner for Node.js/npm ecosystem. Run before any release or dependency update.

Manus에서 실행

개요

설치 명령

npx skills add https://github.com/mk-knight23/AI-Agent-NanoClaw --skill security-scanner

이 명령을 Claude Code에 복사하여 붙여넣어 스킬을 설치하세요

출처

mk-knight23/AI-Agent-NanoClaw

스타1

포크0

업데이트2026년 3월 10일 00:13

SKILL.md

readonly

name

security-scanner

description

security-scanner

Full-spectrum Node.js security audit — CVEs, supply chain, code patterns, container isolation.

Usage

@Andy security-scanner --full
@Andy security-scanner --deps-only         # npm audit + Snyk only
@Andy security-scanner --code-only         # ESLint security rules only
@Andy security-scanner --fail-on high      # Exit non-zero if HIGH+ issues found (CI mode)

What It Checks

1. Known CVEs — `npm audit`

All direct + transitive dependencies checked against npm security advisories
Each finding includes: CVE ID, severity, affected package, fix version

2. Supply Chain — Snyk

License compliance (blocks AGPL, GPL-3.0 by default — configurable)
Typosquatting detection: flags packages with names similar to popular ones
Deprecated package warnings

3. Code Security Patterns — ESLint Security Plugin

eval() and new Function() usage
Prototype pollution via __proto__, constructor.prototype
Path traversal in fs.readFile, path.join with user input
Hardcoded secrets (API keys, tokens in source)
child_process.exec with unsanitized input

4. Container Isolation Audit (NanoClaw-Specific)

Shared state leaking between agent containers
Unauthenticated inter-container communication
Swarm nodes exposing internal ports without firewall rules

Files Created

SECURITY_REPORT.md          # Full report with severity ratings
security_audit.json         # Machine-readable JSON for CI

CI Integration

# .github/workflows/security.yml
- name: NanoClaw Security Scan
  run: |
    npm audit --audit-level=high
    andy security-scanner --full --fail-on high

Philosophy

Container isolation is NanoClaw's core security model. Every issue that could allow one agent to affect another is treated as CRITICAL, regardless of what npm audit says.

이 저장소의 다른 Skills

같은 저장소

code-reviewer

mk-knight23/AI-Agent-NanoClaw

Runs ESLint, TypeScript type checking (tsc --noEmit), and AI-driven review on any JavaScript/TypeScript Node.js codebase or diff. Identifies bugs, type issues, security vulnerabilities (via eslint-plugin-security), async pitfalls, and style violations. Outputs a CODE_REVIEW.md report with CRITICAL/HIGH/MEDIUM/LOW severity ratings. Use before committing or merging Node.js code. Adapted from Nanobot's Python code-reviewer for Node.js/TypeScript runtimes.

2026-03-101

repo-modernizer

mk-knight23/AI-Agent-NanoClaw

Automated portfolio hygiene for Node.js repositories. Updates package.json dependencies to latest stable, migrates CommonJS to ESM, upgrades TypeScript config to strict mode, adds missing .gitignore patterns, adds GitHub Actions CI, generates missing README sections, and standardizes the project structure. Cross-ported from OpenClaw's repo-modernizer. Use when a repository is stale or missing modern Node.js conventions.

2026-03-101

add-discord

mk-knight23/AI-Agent-NanoClaw

Transformation skill to add high-fidelity Discord support. Installs discord.js, creates a multi-channel adapter with thread support, and configures bot intents/tokens. Enables rich embeds and slash command registration.

2026-03-061

add-github-actions

mk-knight23/AI-Agent-NanoClaw

Transformation skill to add robust CI/CD via GitHub Actions. Configures workflows for linting, testing, and auto-deployment. Adds secrets management and PR automation hooks.

2026-03-061

add-gmail

mk-knight23/AI-Agent-NanoClaw

Transforms NanoClaw to add Gmail monitoring and composition. Installs the googleapis dependency, creates a Gmail channel adapter in src/channels/, adds OAuth2 flow, and registers it at startup. Run /add-gmail when you want to monitor your inbox and compose AI-drafted replies via NanoClaw. Requires Google OAuth2 credentials from Google Cloud Console.

2026-03-061

add-linear

mk-knight23/AI-Agent-NanoClaw

Transformation skill to add Linear integration. Installs linear-sdk, configures OAuth/API keys, and adds handlers for issue tracking and project management. Mounts Linear team context into agent containers.

2026-03-061

출처

mk-knight23

mk-knight23/AI-Agent-NanoClaw

GitHub 저장소 열기 Creator 저장소 보기

설치 명령

다운로드

Manus에서 실행

유용한 대상SOC

정보 보안 분석가컴퓨터 및 수학직15-1212L4

name

security-scanner

description

security-scanner

Full-spectrum Node.js security audit — CVEs, supply chain, code patterns, container isolation.

Usage

@Andy security-scanner --full
@Andy security-scanner --deps-only         # npm audit + Snyk only
@Andy security-scanner --code-only         # ESLint security rules only
@Andy security-scanner --fail-on high      # Exit non-zero if HIGH+ issues found (CI mode)

What It Checks

1. Known CVEs — `npm audit`

All direct + transitive dependencies checked against npm security advisories
Each finding includes: CVE ID, severity, affected package, fix version

2. Supply Chain — Snyk

License compliance (blocks AGPL, GPL-3.0 by default — configurable)
Typosquatting detection: flags packages with names similar to popular ones
Deprecated package warnings

3. Code Security Patterns — ESLint Security Plugin

eval() and new Function() usage
Prototype pollution via __proto__, constructor.prototype
Path traversal in fs.readFile, path.join with user input
Hardcoded secrets (API keys, tokens in source)
child_process.exec with unsanitized input

4. Container Isolation Audit (NanoClaw-Specific)

Shared state leaking between agent containers
Unauthenticated inter-container communication
Swarm nodes exposing internal ports without firewall rules

Files Created

SECURITY_REPORT.md          # Full report with severity ratings
security_audit.json         # Machine-readable JSON for CI

CI Integration

# .github/workflows/security.yml
- name: NanoClaw Security Scan
  run: |
    npm audit --audit-level=high
    andy security-scanner --full --fail-on high

Philosophy

Container isolation is NanoClaw's core security model. Every issue that could allow one agent to affect another is treated as CRITICAL, regardless of what npm audit says.

security-scanner

security-scanner

Usage

What It Checks

1. Known CVEs — npm audit

2. Supply Chain — Snyk

3. Code Security Patterns — ESLint Security Plugin

4. Container Isolation Audit (NanoClaw-Specific)

Files Created

CI Integration

Philosophy

이 저장소의 다른 Skills

이 저장소의 다른 Skills

security-scanner

Usage

What It Checks

1. Known CVEs — npm audit

2. Supply Chain — Snyk

3. Code Security Patterns — ESLint Security Plugin

4. Container Isolation Audit (NanoClaw-Specific)

Files Created

CI Integration

Philosophy

1. Known CVEs — `npm audit`

1. Known CVEs — `npm audit`