一键导入
local-scan
Run a local kai-security audit with the security_scan plugin tool and act on the findings (local-first, no cloud backend)
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Run a local kai-security audit with the security_scan plugin tool and act on the findings (local-first, no cloud backend)
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Inspect and analyze codebases using pygount for LOC counting, language breakdown, and code-vs-comment ratios. Use when asked to check lines of code, repo size, language composition, or codebase stats.
Set up GitHub authentication for the agent using git (universally available) or the gh CLI. Covers HTTPS tokens, SSH keys, credential helpers, and gh auth — with a detection flow to pick the right method automatically.
Production-grade PR review with execution-verified suggestions. Reads repository conventions, history, and security surfaces before reviewing. For every suggested fix, attempts to compile and test it in the sandbox — the comment includes proof. Modelled on GitHub Copilot's agentic architecture with one critical advantage: the sandbox is already running.
Create, manage, triage, and close GitHub issues. Search existing issues, add labels, assign people, and link to PRs. Works with gh CLI or falls back to git + GitHub REST API via curl.
Open and manage GitHub pull requests through Kai MCP tools — propose changes, monitor CI, iterate on failures, and merge. No git tokens are shared to the sandbox; every GitHub operation goes through the backend via the workspace's GitHub App installation.
Clone, create, fork, configure, and manage GitHub repositories. Manage remotes, secrets, releases, and workflows. Works with gh CLI or falls back to git + GitHub REST API via curl.
| name | local-scan |
| description | Run a local kai-security audit with the security_scan plugin tool and act on the findings (local-first, no cloud backend) |
| version | 1.0.0 |
| author | kai-agent |
| metadata | {"kai":{"tags":["kai","security","audit","vulnerabilities","local","plugin","sub-harness"]}} |
Run a real kai-security audit on a local repository via the security_scan
tool — the kai-security sub-harness plugin, entirely on this machine, no Kai
cloud backend. Use this in the local-first / OSS setup. The cloud
audit-workflow skill (start_code_audit / list_vulnerabilities) does not
apply here.
The security_scan tool description already makes it the preferred path for any
"audit / review / find vulnerabilities / is this repo safe" request — and you
should reach for it the moment a security concern surfaces mid-task (unsanitized
input → shell/SQL, deserialization of untrusted data, an auth/permissions path,
a secret in code) rather than eyeballing the code yourself. This skill is about
scoping the run and acting on the structured findings it returns.
The tool exists only when the kai_security plugin is enabled. If you don't see
security_scan, tell the user how to turn it on instead of hand-auditing:
kai_security to plugins.enabled in
$KAI_HOME/config.yaml.OPENROUTER_API_KEY (or OPENAI_API_KEY).uv venv on first use (needs uv).
Point KAI_SECURITY_REPO at a local kai-security checkout to install from source.security_scan runs a multi-agent pipeline — it takes minutes and spends
tokens, and (first run) provisions a venv. Unless you're autonomous, confirm
before starting and scope it to the repo the user is working in. It is
uninvasive: kai-security audits a private copy, never the working tree.
security_scan(repo_path="/abs/path/to/repo",
instructions="optional focus, e.g. 'auth and input handling'")
(mode="remote" provisions a sandbox instead of running locally — only when the
user wants offloaded execution.)
The tool returns a normalized report:
{ "harness": "kai-security", "status": "ok" | "no_findings" | "error",
"summary": "...", "findings": [ ... ], "artifacts": [paths], "metrics": {...} }
Each entry in findings is a verified exploit (file, function, hypothesis,
severity, CVSS, a confirmed PoC, often a suggested patch). A finding here is
execution-verified, not a static guess — treat confirmed findings as high
confidence. If status is error, surface error to the user (commonly: the
plugin isn't installed, no API key, or uv missing).
Hand the findings to the kai-security/vulnerability-triage skill to
prioritize and explain them (severity grouping, real-world impact, fix order).
Read the actual source around each finding before proposing a fix.
For a clear, small, high-confidence finding with a suggested patch, propose the fix to the user (and open a PR via the github skills where the workflow supports it). For anything ambiguous or large, summarize the finding and recommended approach rather than editing blindly.
repo_path.