// Sets up security scanning for secrets and dependency vulnerabilities. Use when adding security infrastructure to a project.
[HINT] Download the complete skill directory including SKILL.md and all related files
| name | ln-760-security-setup |
| description | Sets up security scanning for secrets and dependency vulnerabilities. Use when adding security infrastructure to a project. |
| license | MIT |
Paths: File paths (
references/,../ln-*) are relative to this skill directory.
Type: L2 Domain Coordinator Category: 7XX Bootstrap
Step 1: Detect Project Type
.gitleaks.toml, SECURITY.md)Step 2: Check Tool Availability
Step 3: Load Existing Configs
.gitleaks.toml exists: note for preservationSECURITY.md exists: note for update (not overwrite).pre-commit-config.yaml exists: check for gitleaks hookStep 1: Invoke ln-761 Secret Scanner
Step 2: Invoke ln-625 Dependencies Auditor (mode=vulnerabilities_only)
mode=vulnerabilities_onlyStep 1: Combine Findings
Step 2: Risk Assessment
Step 3: Build Summary
Step 1: Create/Update SECURITY.md
references/templates/security_md_template.mdStep 2: Configure Pre-commit Hooks
.pre-commit-config.yaml missing: create from templatereferences/templates/precommit_config_template.yamlStep 3: Generate CI Workflow
.github/workflows/security.yml missing: create from templatereferences/templates/ci_workflow_template.yamlStep 4: Update .gitignore
.env, .env.*, !.env.example*.pem, *.keyHost Skill Invocation: Skill(skill: "...", args: "...") is mandatory delegation.
SKILL.md, treat args as $ARGUMENTS, execute that skill workflow, then return here with its result/artifact.CRITICAL: All delegations use Agent tool with
subagent_type: "general-purpose"for context isolation.
| Worker | Parallel | Purpose |
|---|---|---|
| ln-761-secret-scanner | Yes | Hardcoded secret detection |
| ln-625-dependencies-auditor | Yes | Vulnerability scanning (mode=vulnerabilities_only) |
Prompt template:
Agent(description: "Secret scanning via ln-761",
prompt: "Execute security scanner.
Step 1: Invoke worker:
Skill(skill: \"ln-761-secret-scanner\")
CONTEXT:
Project: {projectPath}",
subagent_type: "general-purpose")
Agent(description: "Dependency vulnerability scan via ln-625",
prompt: "Execute vulnerability scanner.
Step 1: Invoke worker:
Skill(skill: \"ln-625-dependencies-auditor\")
CONTEXT:
Project: {projectPath}
Mode: vulnerabilities_only (only CVE scan, skip outdated/unused checks)",
subagent_type: "general-purpose")
Pattern: Both workers can execute in parallel via Agent tool, then aggregate results.
Anti-Patterns:
- Phase 1: Invoke secret scanner ln-761 (pending)
- Phase 2: Invoke dependency auditor ln-625 (pending)
- Phase 3: Aggregate findings (pending)
- Phase 4: Generate security artifacts (pending)
- Phase 5: Return summary (pending)
Optional reference: load references/meta_analysis_protocol.md only when the user asks for post-run meta-analysis or protocol-formatted run reflection.
Skill type: planning-coordinator. When requested, run after all phases complete. Output to chat using the protocol format.
| File | Purpose |
|---|---|
references/templates/security_md_template.md | Template for SECURITY.md generation |
references/templates/precommit_config_template.yaml | Pre-commit hooks configuration |
references/templates/ci_workflow_template.yaml | GitHub Actions security workflow |
mode=vulnerabilities_only to ln-625 — full audit mode is not appropriate for bootstrap context.gitleaks.toml, SECURITY.md, or .pre-commit-config.yaml exist, update rather than overwritesubagent_type: "general-purpose" for all worker delegations (context isolation)Version: 3.0.0 Last Updated: 2026-02-05