一键导入
security-scan
Deep security analysis of codebase. Scans for secrets, vulnerabilities, and insecure patterns.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Deep security analysis of codebase. Scans for secrets, vulnerabilities, and insecure patterns.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
| name | security-scan |
| description | Deep security analysis of codebase. Scans for secrets, vulnerabilities, and insecure patterns. |
| context | fork |
| agent | Explore |
| allowed-tools | Read, Grep, Glob, Bash(git log *), Bash(pip-audit), Bash(npm audit), Bash(find * -name *) |
| disable-model-invocation | true |
Perform a comprehensive security scan on the codebase.
Search for exposed credentials:
- password=
- api_key=
- secret=
- token=
- private_key
- -----BEGIN.*PRIVATE KEY-----
- AKIA[A-Z0-9]{16} # AWS Access Key
- sk_live_ # Stripe
- ghp_ # GitHub Personal Token
Check for vulnerable dependencies:
pip-audit (Python) or npm audit (JS)Scan for:
Check for:
find . -name "package.json" -o -name "requirements.txt" -o -name "Gemfile" -o -name "go.mod" 2>/dev/null | head -10grep -r -l "password\|secret\|api_key\|token" --include="*.py" --include="*.js" --include="*.ts" --include="*.env*" 2>/dev/null | head -5Return a JSON security report:
{
"audit_summary": "Overall security assessment",
"risk_level": "low|medium|high|critical",
"findings": [
{
"id": "SEC-001",
"title": "Hardcoded API Key Found",
"severity": "critical",
"category": "secrets",
"file": "config/settings.py",
"line": 15,
"description": "AWS access key hardcoded in source file",
"evidence": "AWS_ACCESS_KEY = 'AKIA...'",
"remediation": "Move to environment variables or secrets manager",
"cwe": "CWE-798"
}
],
"recommendations": [
"Enable secret scanning in CI/CD",
"Implement dependency vulnerability scanning"
],
"dependencies_checked": true,
"files_scanned": 42
}
$ARGUMENTS
Comprehensive pre-merge testing for CodeGeass. Tests PR changes FIRST, then runs regression tests on all CLI commands and Dashboard API endpoints.
Implement code from a GitHub issue specification. Explores codebase, researches docs, creates temporary implementation plan, then implements incrementally (small piece → test → commit → next). Cleans up plan file before PR.
Plan new features/integrations following SOLID principles. Analyzes codebase architecture, researches official documentation and best practices, designs extensible solution, and creates comprehensive GitHub issue with implementation blueprint.
Refactor monolithic code into clean, single-responsibility modules following SOLID principles
Release a new version to PyPI - updates version, changelog, commits, tags, and pushes
Comprehensive code review for PRs or recent changes. Checks correctness, security, performance, maintainability, and tests.