Run any Skill in Manus with one click

security-scanner

Node.js security audit: npm audit for known CVEs, Snyk for supply chain vulnerabilities, eslint-plugin-security for code patterns (eval, prototype pollution, path traversal), and AI-driven analysis of container isolation boundaries. Generates SECURITY_REPORT.md with CRITICAL/HIGH/MEDIUM severity ratings. Adapted from ZeroClaw's Rust security-scanner for Node.js/npm ecosystem. Run before any release or dependency update.

Run Skill in Manus

Overview

Install command

npx skills add https://github.com/mk-knight23/AI-Agent-NanoClaw --skill security-scanner

Copy and paste this command into Claude Code to install the skill

Source

mk-knight23/AI-Agent-NanoClaw

Stars1

Forks0

UpdatedMarch 10, 2026 at 00:13

SKILL.md

readonly

name

security-scanner

description

security-scanner

Full-spectrum Node.js security audit — CVEs, supply chain, code patterns, container isolation.

Usage

@Andy security-scanner --full
@Andy security-scanner --deps-only         # npm audit + Snyk only
@Andy security-scanner --code-only         # ESLint security rules only
@Andy security-scanner --fail-on high      # Exit non-zero if HIGH+ issues found (CI mode)

What It Checks

1. Known CVEs — `npm audit`

All direct + transitive dependencies checked against npm security advisories
Each finding includes: CVE ID, severity, affected package, fix version

2. Supply Chain — Snyk

License compliance (blocks AGPL, GPL-3.0 by default — configurable)
Typosquatting detection: flags packages with names similar to popular ones
Deprecated package warnings

3. Code Security Patterns — ESLint Security Plugin

eval() and new Function() usage
Prototype pollution via __proto__, constructor.prototype
Path traversal in fs.readFile, path.join with user input
Hardcoded secrets (API keys, tokens in source)
child_process.exec with unsanitized input

4. Container Isolation Audit (NanoClaw-Specific)

Shared state leaking between agent containers
Unauthenticated inter-container communication
Swarm nodes exposing internal ports without firewall rules

Files Created

SECURITY_REPORT.md          # Full report with severity ratings
security_audit.json         # Machine-readable JSON for CI

CI Integration

# .github/workflows/security.yml
- name: NanoClaw Security Scan
  run: |
    npm audit --audit-level=high
    andy security-scanner --full --fail-on high

Philosophy

Container isolation is NanoClaw's core security model. Every issue that could allow one agent to affect another is treated as CRITICAL, regardless of what npm audit says.

More from this repository

same repository

code-reviewer

mk-knight23/AI-Agent-NanoClaw

Runs ESLint, TypeScript type checking (tsc --noEmit), and AI-driven review on any JavaScript/TypeScript Node.js codebase or diff. Identifies bugs, type issues, security vulnerabilities (via eslint-plugin-security), async pitfalls, and style violations. Outputs a CODE_REVIEW.md report with CRITICAL/HIGH/MEDIUM/LOW severity ratings. Use before committing or merging Node.js code. Adapted from Nanobot's Python code-reviewer for Node.js/TypeScript runtimes.

2026-03-101

repo-modernizer

mk-knight23/AI-Agent-NanoClaw

Automated portfolio hygiene for Node.js repositories. Updates package.json dependencies to latest stable, migrates CommonJS to ESM, upgrades TypeScript config to strict mode, adds missing .gitignore patterns, adds GitHub Actions CI, generates missing README sections, and standardizes the project structure. Cross-ported from OpenClaw's repo-modernizer. Use when a repository is stale or missing modern Node.js conventions.

2026-03-101

add-discord

mk-knight23/AI-Agent-NanoClaw

Transformation skill to add high-fidelity Discord support. Installs discord.js, creates a multi-channel adapter with thread support, and configures bot intents/tokens. Enables rich embeds and slash command registration.

2026-03-061

add-github-actions

mk-knight23/AI-Agent-NanoClaw

Transformation skill to add robust CI/CD via GitHub Actions. Configures workflows for linting, testing, and auto-deployment. Adds secrets management and PR automation hooks.

2026-03-061

add-gmail

mk-knight23/AI-Agent-NanoClaw

Transforms NanoClaw to add Gmail monitoring and composition. Installs the googleapis dependency, creates a Gmail channel adapter in src/channels/, adds OAuth2 flow, and registers it at startup. Run /add-gmail when you want to monitor your inbox and compose AI-drafted replies via NanoClaw. Requires Google OAuth2 credentials from Google Cloud Console.

2026-03-061

add-linear

mk-knight23/AI-Agent-NanoClaw

Transformation skill to add Linear integration. Installs linear-sdk, configures OAuth/API keys, and adds handlers for issue tracking and project management. Mounts Linear team context into agent containers.

2026-03-061

Source

mk-knight23

mk-knight23/AI-Agent-NanoClaw

View GitHub Repository View Creator Repositories

Install command

Download

Run Skill in Manus

Useful forSOC

Information Security AnalystsComputer and Mathematical Occupations15-1212L4

name

security-scanner

description

security-scanner

Full-spectrum Node.js security audit — CVEs, supply chain, code patterns, container isolation.

Usage

@Andy security-scanner --full
@Andy security-scanner --deps-only         # npm audit + Snyk only
@Andy security-scanner --code-only         # ESLint security rules only
@Andy security-scanner --fail-on high      # Exit non-zero if HIGH+ issues found (CI mode)

What It Checks

1. Known CVEs — `npm audit`

All direct + transitive dependencies checked against npm security advisories
Each finding includes: CVE ID, severity, affected package, fix version

2. Supply Chain — Snyk

License compliance (blocks AGPL, GPL-3.0 by default — configurable)
Typosquatting detection: flags packages with names similar to popular ones
Deprecated package warnings

3. Code Security Patterns — ESLint Security Plugin

eval() and new Function() usage
Prototype pollution via __proto__, constructor.prototype
Path traversal in fs.readFile, path.join with user input
Hardcoded secrets (API keys, tokens in source)
child_process.exec with unsanitized input

4. Container Isolation Audit (NanoClaw-Specific)

Shared state leaking between agent containers
Unauthenticated inter-container communication
Swarm nodes exposing internal ports without firewall rules

Files Created

SECURITY_REPORT.md          # Full report with severity ratings
security_audit.json         # Machine-readable JSON for CI

CI Integration

# .github/workflows/security.yml
- name: NanoClaw Security Scan
  run: |
    npm audit --audit-level=high
    andy security-scanner --full --fail-on high

Philosophy

Container isolation is NanoClaw's core security model. Every issue that could allow one agent to affect another is treated as CRITICAL, regardless of what npm audit says.

security-scanner

security-scanner

Usage

What It Checks

1. Known CVEs — npm audit

2. Supply Chain — Snyk

3. Code Security Patterns — ESLint Security Plugin

4. Container Isolation Audit (NanoClaw-Specific)

Files Created

CI Integration

Philosophy

More from this repository

More from this repository

security-scanner

Usage

What It Checks

1. Known CVEs — npm audit

2. Supply Chain — Snyk

3. Code Security Patterns — ESLint Security Plugin

4. Container Isolation Audit (NanoClaw-Specific)

Files Created

CI Integration

Philosophy

1. Known CVEs — `npm audit`

1. Known CVEs — `npm audit`