// Use when the user asks to run screw-agents scans from Codex, including command-shaped requests such as screw:scan, scan with a specific agent or domain, provider-primary scans, challenger scans, parallel provider scans, adaptive scans, or output-format selection.
[HINT] Download the complete skill directory including SKILL.md and all related files
| name | screw-scan |
| description | Use when the user asks to run screw-agents scans from Codex, including command-shaped requests such as screw:scan, scan with a specific agent or domain, provider-primary scans, challenger scans, parallel provider scans, adaptive scans, or output-format selection. |
This skill is the Codex-supported entry point for the same scan workflow
described by plugins/screw/commands/scan.md.
Handle requests shaped like any of these:
screw:scan sqli src/scan ssti vulnerable/__init__.py --format jsonrun screw-agents full . --no-confirmscan sqli src/api --primary-provider codex --primary-transport cli --primary-execution cliscan sqli src/api --challenger claude_primary_codex_challenger --challenger-execution dry_runscan sqli src/api --parallel-providers claude:cli:cli,codex:cli:cliDo not require the user to type a slash command in Codex. Parse the command text and execute the same MCP-backed workflow.
screw-agents MCP server. Do not run ad hoc shell scanners.screw-agents installed, and MCP tool contracts are the authoritative
scan interface.resolve_scope to parse scope text; do not maintain a duplicate registry.--adaptive and --no-confirm as mutually exclusive.For provider-primary, provider-primary-plus-challenger, and parallel-provider
routes, resolve path targets before calling MCP tools. If the user supplied a
relative path such as src/app.py, pass an absolute target.path under the
current project root in the MCP payload. Keep user-facing summaries readable,
but do not make the backend retry relative paths.
If --primary-provider, --primary-transport, or --primary-execution is
present and --challenger is not present, call run_provider_scan with
finalize=true and pass any requested output formats.
If provider-primary flags and --challenger are present, call
run_composed_provider_scan. This route finalizes normal .screw/findings/
reports and attaches configured challenger review.
If --parallel-providers is present, call run_parallel_provider_scan with
finalize=true and pass any requested output formats so the parallel route
writes normal .screw/findings/ reports with reconciliation metadata.
If no provider-primary or parallel-provider flags are present:
resolve_scope with the scope text.scan_agents with cursor=null, the resolved agents, target, and
thoroughness.scan_agents until next_cursor is null.accumulate_findings.finalize_scan_results.When constructing findings, use the finding objects produced or justified by
the returned code chunks and agent prompt. Do not run local package imports such
as python -c "from screw_agents.models import Finding" from the target
workspace.
For adaptive mode, follow the adaptive staging and review requirements in
plugins/screw/commands/scan.md; do not promote or execute generated adaptive
scripts without explicit user approval.
Summarize: