Run any Skill in Manus with one click

$pwd:

security-scan

Name: Security Scan
Author: yu-iskw

// Scan for vulnerable dependencies and CVEs via pnpm lint:security (Trunk Trivy/OSV-scanner), optional pnpm security:grype or pnpm lint:all (Trunk-all plus Grype). Use for dependency CVE checks, security-scoped lint, or post-bump verification.

Run Skill in Manus

$ git log --oneline --stat

stars:0

forks:0

updated:April 28, 2026 at 07:19

SKILL.md

readonly

name	security-scan
description	Scan for vulnerable dependencies and CVEs via pnpm lint:security (Trunk Trivy/OSV-scanner), optional pnpm security:grype or pnpm lint:all (Trunk-all plus Grype). Use for dependency CVE checks, security-scoped lint, or post-bump verification.
compatibility	Node and pnpm versions per `.node-version` and root `package.json` `engines`; run `pnpm install` from repo root. Run `pnpm exec trunk install` if Trunk-managed linters are missing (see AGENTS.md). `grype` must be on PATH for `pnpm security:grype` and the Grype step in `pnpm lint:all`.

Security scan: vulnerable dependencies

Purpose

Filesystem and dependency vulnerability checks for this TypeScript monorepo:

pnpm lint:security — trunk check --all --scope security (Trivy, OSV-scanner, and other security-scoped linters in .trunk/trunk.yaml).
pnpm security:grype — Anchore Grype on the repo root (grype on PATH; not installed via pnpm — see knip.json ignoreBinaries).
pnpm lint:all (optional, slower) — full Trunk check across all files, then Grype — CI-style thoroughness.

Default incremental Trunk: pnpm lint (trunk check -y). Prefer pnpm lint:security when the goal is vulnerability scanning.

See AGENTS.md for the layered harness (for example ESLint with eslint-plugin-security alongside Trivy/OSV).

When to use

Scan for CVEs or vulnerable dependencies
Third-party / supply-chain review
After dependency bumps: root and workspace package.json files, pnpm-lock.yaml, and root package.json pnpm.overrides when triaging transitive issues

How to run

From the repository root:

pnpm lint:security
pnpm security:grype

Thorough pass (Trunk-all plus Grype):

pnpm lint:all

If Trunk tools are missing: pnpm exec trunk install per AGENTS.md.

Debugging parity: pnpm security:grype matches grype .. For Trivy/OSV, prefer pnpm lint:security so versions match Trunk; use standalone CLIs only when reproducing or debugging outside Trunk.

Fix loop

Identify: Parse tool output; note affected manifests (pnpm-lock.yaml, root or packages/*/package.json) and CVE IDs.
Triage: Direct versus transitive dependencies; confirm reachability when prioritizing.
Fix: Prefer pnpm up, targeted pnpm add, or root pnpm.overrides when appropriate; run pnpm install after lockfile changes so scans match what you ship.
Verify: Re-run pnpm lint:security and pnpm security:grype (or pnpm lint:all) until clean or remaining issues are accepted with rationale.

Termination

Checks exit zero with no actionable findings, or
Residual risk is explicitly accepted, or
Stop after a sensible iteration cap (default: 3) and summarize blockers.

Related commands (repo)

pnpm lint — default Trunk check
pnpm lint:security — security-scoped Trunk (Trivy/OSV and related linters)
CodeQL: codeql-fix when CodeQL is configured for this repo
Workspace and bumps: AGENTS.md (pnpm workspace) and CLAUDE.md for agent-specific workflows

related-skills.json

same repository

build-and-fix.md

from "yu-iskw/gemini-data-agent-mcp"

Build the project and automatically fix any build errors, compilation failures, or type mismatches. Use when the project fails to build, shows "broken" states, or after making significant changes.

2026-04-280

codeql-fix.md

from "yu-iskw/gemini-data-agent-mcp"

Run CodeQL security/quality analysis and fix findings. Use when the user asks to run CodeQL, security scan, static analysis, or fix CodeQL findings.

2026-04-280

improve-claude-config.md

from "yu-iskw/gemini-data-agent-mcp"

Self-improvement skill for evolving Claude Code configuration. Use when you notice repeated mistakes, want to add new workflows, or optimize the development experience.

2026-04-280

lint-and-fix.md

from "yu-iskw/gemini-data-agent-mcp"

Run linters and fix violations, formatting errors, or style mismatches using Trunk. Use when code quality checks fail, before submitting PRs, or to repair "broken" linting states.

2026-04-280

node-upgrade.md

from "yu-iskw/gemini-data-agent-mcp"

Safely upgrade Node.js dependencies in pnpm workspaces. Use when asked to "upgrade dependencies", "update packages", "check for updates", or fix version mismatches.

2026-04-280

postmortem.md

from "yu-iskw/gemini-data-agent-mcp"

End-of-session capture of failures, surprises, and lessons so agent behavior and repo config improve. Use after non-trivial work; skip trivial sessions unless something went wrong.

2026-04-280

package.json

"author": "yu-iskw"

"repository": "yu-iskw/gemini-data-agent-mcp"

View GitHub Repository View Creator Repositories

$ install --global

$ download --local

Run Skill in Manus

$ useful --forSOC

Information Security AnalystsComputer and Mathematical Occupations15-1212L4

name	security-scan
description	Scan for vulnerable dependencies and CVEs via pnpm lint:security (Trunk Trivy/OSV-scanner), optional pnpm security:grype or pnpm lint:all (Trunk-all plus Grype). Use for dependency CVE checks, security-scoped lint, or post-bump verification.
compatibility	Node and pnpm versions per `.node-version` and root `package.json` `engines`; run `pnpm install` from repo root. Run `pnpm exec trunk install` if Trunk-managed linters are missing (see AGENTS.md). `grype` must be on PATH for `pnpm security:grype` and the Grype step in `pnpm lint:all`.

Security scan: vulnerable dependencies

Purpose

Filesystem and dependency vulnerability checks for this TypeScript monorepo:

pnpm lint:security — trunk check --all --scope security (Trivy, OSV-scanner, and other security-scoped linters in .trunk/trunk.yaml).
pnpm security:grype — Anchore Grype on the repo root (grype on PATH; not installed via pnpm — see knip.json ignoreBinaries).
pnpm lint:all (optional, slower) — full Trunk check across all files, then Grype — CI-style thoroughness.

Default incremental Trunk: pnpm lint (trunk check -y). Prefer pnpm lint:security when the goal is vulnerability scanning.

See AGENTS.md for the layered harness (for example ESLint with eslint-plugin-security alongside Trivy/OSV).

When to use

Scan for CVEs or vulnerable dependencies
Third-party / supply-chain review
After dependency bumps: root and workspace package.json files, pnpm-lock.yaml, and root package.json pnpm.overrides when triaging transitive issues

How to run

From the repository root:

pnpm lint:security
pnpm security:grype

Thorough pass (Trunk-all plus Grype):

pnpm lint:all

If Trunk tools are missing: pnpm exec trunk install per AGENTS.md.

Fix loop

Identify: Parse tool output; note affected manifests (pnpm-lock.yaml, root or packages/*/package.json) and CVE IDs.
Triage: Direct versus transitive dependencies; confirm reachability when prioritizing.
Fix: Prefer pnpm up, targeted pnpm add, or root pnpm.overrides when appropriate; run pnpm install after lockfile changes so scans match what you ship.
Verify: Re-run pnpm lint:security and pnpm security:grype (or pnpm lint:all) until clean or remaining issues are accepted with rationale.

Termination

Checks exit zero with no actionable findings, or
Residual risk is explicitly accepted, or
Stop after a sensible iteration cap (default: 3) and summarize blockers.

Related commands (repo)

pnpm lint — default Trunk check
pnpm lint:security — security-scoped Trunk (Trivy/OSV and related linters)
CodeQL: codeql-fix when CodeQL is configured for this repo
Workspace and bumps: AGENTS.md (pnpm workspace) and CLAUDE.md for agent-specific workflows

security-scan

Security scan: vulnerable dependencies

Purpose

When to use

How to run

Fix loop

Termination

Related commands (repo)

More from this repository

More from this repository

Security scan: vulnerable dependencies

Purpose

When to use

How to run

Fix loop

Termination

Related commands (repo)