Run any Skill in Manus with one click

$pwd:

ghost-scan-deps

Name: Ghost Scan Deps
Author: ghostsecurity

// Ghost Security - Software Composition Analysis (SCA) scanner. Scans dependency lockfiles for known vulnerabilities, identifies CVEs, and generates findings with severity levels and remediation guidance. Use when the user asks about dependency vulnerabilities, vulnerable packages, CVE checks, security audits of dependencies, or wants to scan lockfiles like package-lock.json, yarn.lock, go.sum, or Gemfile.lock.

Run Skill in Manus

$ git log --oneline --stat

stars:382

forks:26

updated:February 17, 2026 at 20:35

File Explorer

10 files

SKILL.md

readonly

name	ghost-scan-deps
description	Ghost Security - Software Composition Analysis (SCA) scanner. Scans dependency lockfiles for known vulnerabilities, identifies CVEs, and generates findings with severity levels and remediation guidance. Use when the user asks about dependency vulnerabilities, vulnerable packages, CVE checks, security audits of dependencies, or wants to scan lockfiles like package-lock.json, yarn.lock, go.sum, or Gemfile.lock.
allowed-tools	Read, Glob, Grep, Bash, Task, TodoRead, TodoWrite
argument-hint	[path-to-scan]
license	apache-2.0
metadata	{"version":"1.1.0"}

Ghost Security SCA Scanner — Orchestrator

You are the top-level orchestrator for Software Composition Analysis (SCA) scanning. Your ONLY job is to call the Task tool to spawn subagents to do the actual work. Each step below gives you the exact Task tool parameters to use. Do not do the work yourself.

Defaults

repo_path: the current working directory
scan_dir: ~/.ghost/repos/<repo_id>/scans/<short_sha>/deps
short_sha: git rev-parse --short HEAD (falls back to YYYYMMDD for non-git dirs)

$ARGUMENTS

Any values provided above override the defaults.

Execution

Setup — compute paths and create output directories
Initialize Wraith — install the wraith binary
Discover Lockfiles — find all dependency lockfiles in the repo
Scan for Vulnerabilities — run wraith against each lockfile
Analyze Candidates — assess exploitability of each candidate
Summarize Results — generate the final scan report

Step 0: Setup

Run this Bash command to compute the repo-specific output directory, create it, and locate the skill files:

repo_name=$(basename "$(pwd)") && remote_url=$(git remote get-url origin 2>/dev/null || pwd) && short_hash=$(printf '%s' "$remote_url" | git hash-object --stdin | cut -c1-8) && repo_id="${repo_name}-${short_hash}" && short_sha=$(git rev-parse --short HEAD 2>/dev/null || date +%Y%m%d) && ghost_repo_dir="$HOME/.ghost/repos/${repo_id}" && scan_dir="${ghost_repo_dir}/scans/${short_sha}/deps" && cache_dir="${ghost_repo_dir}/cache" && mkdir -p "$scan_dir/findings" && skill_dir=$(find . -path '*skills/scan-deps/SKILL.md' 2>/dev/null | head -1 | xargs dirname) && echo "scan_dir=$scan_dir cache_dir=$cache_dir skill_dir=$skill_dir"

Store scan_dir (the absolute path under ~/.ghost/repos/), cache_dir (the repo-level cache directory), and skill_dir (the absolute path to the skill directory containing agents/, scripts/, etc.).

After this step, your only remaining tool is Task. Do not use Bash, Read, Grep, Glob, or any other tool for Steps 1–5.

Step 1: Initialize Wraith

Call the Task tool to initialize the wraith binary:

{
  "description": "Initialize wraith binary",
  "subagent_type": "general-purpose",
  "prompt": "You are the init agent. Read and follow the instructions in <skill_dir>/agents/init/agent.md.\n\n## Inputs\n- skill_dir: <skill_dir>"
}

The init agent installs wraith to ~/.ghost/bin/wraith (or wraith.exe on Windows).

Step 2: Discover Lockfiles

Call the Task tool to discover lockfiles in the repository:

{
  "description": "Discover lockfiles",
  "subagent_type": "general-purpose",
  "prompt": "You are the discover agent. Read and follow the instructions in <skill_dir>/agents/discover/agent.md.\n\n## Inputs\n- repo_path: <repo_path>\n- scan_dir: <scan_dir>"
}

The discover agent finds all lockfiles (go.mod, package-lock.json, etc.) and writes <scan_dir>/lockfiles.json.

If lockfile count is 0: Skip to Step 5 (Summarize) with no lockfiles found.

Step 3: Scan for Vulnerabilities

Call the Task tool to run the wraith scanner:

{
  "description": "Scan for vulnerabilities",
  "subagent_type": "general-purpose",
  "prompt": "You are the scan agent. Read and follow the instructions in <skill_dir>/agents/scan/agent.md.\n\n## Inputs\n- repo_path: <repo_path>\n- scan_dir: <scan_dir>"
}

The scan agent executes wraith for each lockfile and writes <scan_dir>/candidates.json.

If candidate count is 0: Skip to Step 5 (Summarize) with no vulnerabilities found.

Step 4: Analyze Candidates

Call the Task tool to analyze the vulnerability candidates:

{
  "description": "Analyze vulnerability candidates",
  "subagent_type": "general-purpose",
  "prompt": "You are the analysis agent. Read and follow the instructions in <skill_dir>/agents/analyze/agent.md.\n\n## Inputs\n- repo_path: <repo_path>\n- scan_dir: <scan_dir>\n- skill_dir: <skill_dir>\n- cache_dir: <cache_dir>"
}

The analysis agent spawns parallel analyzers for each candidate to assess exploitability and writes finding files to <scan_dir>/findings/.

Step 5: Summarize Results

Call the Task tool to summarize the findings:

{
  "description": "Summarize scan results",
  "subagent_type": "general-purpose",
  "prompt": "You are the summarize agent. Read and follow the instructions in <skill_dir>/agents/summarize/agent.md.\n\n## Inputs\n- repo_path: <repo_path>\n- scan_dir: <scan_dir>\n- skill_dir: <skill_dir>\n- cache_dir: <cache_dir>"
}

After executing all the tasks, report the scan results to the user.

Error Handling

If any Task call fails, retry it once. If it fails again, stop and report the failure.

related-skills.json

same repository

ghost-scan-code.md

from "ghostsecurity/skills"

Ghost Security - SAST code scanner. Finds security vulnerabilities in source code by planning and executing targeted scans for issues like SQL injection, XSS, BOLA, BFLA, SSRF, and other OWASP categories. Supports applications (backend, frontend, mobile) and libraries (prototype pollution, unsafe deserialization, ReDoS, path traversal, zip slip). Use when the user asks for a code security audit, SAST scan, vulnerability scan of source code, or wants to find security flaws in a codebase or library.

2026-03-11382

ghost-repo-context.md

from "ghostsecurity/skills"

Scans directory structure, detects projects, maps dependencies, and documents code organization into a repo.md file. Use when the user needs a codebase overview, project structure map, or repository context before security analysis.

2026-02-25382

ghost-proxy.md

from "ghostsecurity/skills"

Starts and controls the reaper MITM proxy to capture, inspect, search, and replay HTTP/HTTPS traffic between clients and servers. Capabilities include starting/stopping the proxy scoped to specific domains, viewing captured request/response logs, searching traffic by method/path/status/host, and inspecting full raw HTTP entries for security analysis. Use when the user asks to "start the proxy", "capture traffic", "intercept requests", "inspect HTTP traffic", "search captured requests", or "view request/response".

2026-02-17382

ghost-report.md

from "ghostsecurity/skills"

Ghost Security — combined security report. Aggregates findings from all scan skills (scan-deps, scan-secrets, scan-code) into a single prioritized report focused on the highest risk, highest confidence issues. Use when the user requests a security overview, vulnerability summary, full security audit, or combined scan results.

2026-02-17382

ghost-scan-secrets.md

from "ghostsecurity/skills"

Ghost Security - Secrets and credentials scanner. Scans codebase for leaked API keys, tokens, passwords, and sensitive data. Detects hardcoded secrets and generates findings with severity and remediation guidance. Use when the user asks to check for leaked secrets, scan for credentials, find hardcoded API keys or passwords, detect exposed .env values, or audit code for sensitive data exposure.

2026-02-17382

ghost-validate.md

from "ghostsecurity/skills"

This skill should be used when the user asks to "validate a finding", "check if a vulnerability is real", "triage a security finding", "confirm a vulnerability", "determine if a finding is a true positive or false positive", or provides a security finding for review. It validates security vulnerability findings by tracing data flows, verifying exploit conditions, analyzing security controls, and optionally testing attack vectors against a live application.

2026-02-17382

package.json

"author": "ghostsecurity"

"repository": "ghostsecurity/skills"

View GitHub Repository View Creator Repositories

$ install --global

$ download --local

Run Skill in Manus

$ useful --forSOC

Information Security AnalystsComputer and Mathematical Occupations15-1212L4

name	ghost-scan-deps
description	Ghost Security - Software Composition Analysis (SCA) scanner. Scans dependency lockfiles for known vulnerabilities, identifies CVEs, and generates findings with severity levels and remediation guidance. Use when the user asks about dependency vulnerabilities, vulnerable packages, CVE checks, security audits of dependencies, or wants to scan lockfiles like package-lock.json, yarn.lock, go.sum, or Gemfile.lock.
allowed-tools	Read, Glob, Grep, Bash, Task, TodoRead, TodoWrite
argument-hint	[path-to-scan]
license	apache-2.0
metadata	{"version":"1.1.0"}

Ghost Security SCA Scanner — Orchestrator

Defaults

repo_path: the current working directory
scan_dir: ~/.ghost/repos/<repo_id>/scans/<short_sha>/deps
short_sha: git rev-parse --short HEAD (falls back to YYYYMMDD for non-git dirs)

$ARGUMENTS

Any values provided above override the defaults.

Execution

Setup — compute paths and create output directories
Initialize Wraith — install the wraith binary
Discover Lockfiles — find all dependency lockfiles in the repo
Scan for Vulnerabilities — run wraith against each lockfile
Analyze Candidates — assess exploitability of each candidate
Summarize Results — generate the final scan report

Step 0: Setup

Run this Bash command to compute the repo-specific output directory, create it, and locate the skill files:

repo_name=$(basename "$(pwd)") && remote_url=$(git remote get-url origin 2>/dev/null || pwd) && short_hash=$(printf '%s' "$remote_url" | git hash-object --stdin | cut -c1-8) && repo_id="${repo_name}-${short_hash}" && short_sha=$(git rev-parse --short HEAD 2>/dev/null || date +%Y%m%d) && ghost_repo_dir="$HOME/.ghost/repos/${repo_id}" && scan_dir="${ghost_repo_dir}/scans/${short_sha}/deps" && cache_dir="${ghost_repo_dir}/cache" && mkdir -p "$scan_dir/findings" && skill_dir=$(find . -path '*skills/scan-deps/SKILL.md' 2>/dev/null | head -1 | xargs dirname) && echo "scan_dir=$scan_dir cache_dir=$cache_dir skill_dir=$skill_dir"

After this step, your only remaining tool is Task. Do not use Bash, Read, Grep, Glob, or any other tool for Steps 1–5.

Step 1: Initialize Wraith

Call the Task tool to initialize the wraith binary:

{
  "description": "Initialize wraith binary",
  "subagent_type": "general-purpose",
  "prompt": "You are the init agent. Read and follow the instructions in <skill_dir>/agents/init/agent.md.\n\n## Inputs\n- skill_dir: <skill_dir>"
}

The init agent installs wraith to ~/.ghost/bin/wraith (or wraith.exe on Windows).

Step 2: Discover Lockfiles

Call the Task tool to discover lockfiles in the repository:

{
  "description": "Discover lockfiles",
  "subagent_type": "general-purpose",
  "prompt": "You are the discover agent. Read and follow the instructions in <skill_dir>/agents/discover/agent.md.\n\n## Inputs\n- repo_path: <repo_path>\n- scan_dir: <scan_dir>"
}

The discover agent finds all lockfiles (go.mod, package-lock.json, etc.) and writes <scan_dir>/lockfiles.json.

If lockfile count is 0: Skip to Step 5 (Summarize) with no lockfiles found.

Step 3: Scan for Vulnerabilities

Call the Task tool to run the wraith scanner:

{
  "description": "Scan for vulnerabilities",
  "subagent_type": "general-purpose",
  "prompt": "You are the scan agent. Read and follow the instructions in <skill_dir>/agents/scan/agent.md.\n\n## Inputs\n- repo_path: <repo_path>\n- scan_dir: <scan_dir>"
}

The scan agent executes wraith for each lockfile and writes <scan_dir>/candidates.json.

If candidate count is 0: Skip to Step 5 (Summarize) with no vulnerabilities found.

Step 4: Analyze Candidates

Call the Task tool to analyze the vulnerability candidates:

{
  "description": "Analyze vulnerability candidates",
  "subagent_type": "general-purpose",
  "prompt": "You are the analysis agent. Read and follow the instructions in <skill_dir>/agents/analyze/agent.md.\n\n## Inputs\n- repo_path: <repo_path>\n- scan_dir: <scan_dir>\n- skill_dir: <skill_dir>\n- cache_dir: <cache_dir>"
}

The analysis agent spawns parallel analyzers for each candidate to assess exploitability and writes finding files to <scan_dir>/findings/.

Step 5: Summarize Results

Call the Task tool to summarize the findings:

{
  "description": "Summarize scan results",
  "subagent_type": "general-purpose",
  "prompt": "You are the summarize agent. Read and follow the instructions in <skill_dir>/agents/summarize/agent.md.\n\n## Inputs\n- repo_path: <repo_path>\n- scan_dir: <scan_dir>\n- skill_dir: <skill_dir>\n- cache_dir: <cache_dir>"
}

After executing all the tasks, report the scan results to the user.

Error Handling

If any Task call fails, retry it once. If it fails again, stop and report the failure.

ghost-scan-deps

Ghost Security SCA Scanner — Orchestrator

Defaults

Execution

Step 0: Setup

Step 1: Initialize Wraith

Step 2: Discover Lockfiles

Step 3: Scan for Vulnerabilities

Step 4: Analyze Candidates

Step 5: Summarize Results

Error Handling

More from this repository

More from this repository

Ghost Security SCA Scanner — Orchestrator

Defaults

Execution

Step 0: Setup

Step 1: Initialize Wraith

Step 2: Discover Lockfiles

Step 3: Scan for Vulnerabilities

Step 4: Analyze Candidates

Step 5: Summarize Results

Error Handling