一键在 Manus 中运行任何 Skill

security-scan

星标0

分支0

更新时间2026年2月12日 08:32

Context-aware security audit based on OWASP Top 10. Scans for vulnerabilities in code and configuration. Includes proactive secret scanning for API keys and credentials.

安装

用 Codex 或 Claude 帮你安装复制这段 Prompt，粘贴到 Codex、Claude 或其他助手里，让它检查 Skill 页面并帮你完成安装。

在 Manus 中运行

来源

hadimiftahulf

hadimiftahulf/antigravity-skills

打开 GitHub 仓库查看创作者相关仓库

下载

在 Manus 中运行

Security Scan (The Hacker 🔐)

Merged: security-scan + secret-guard.

When to Activate

User mentions: "security", "vulnerability", "hack", "audit", "credentials".

Scan Scope

OWASP Top 10

Injection (SQL, NoSQL, OS Command)
Broken Authentication
Sensitive Data Exposure
XML External Entities (XXE)
Broken Access Control (IDOR)
Security Misconfiguration
Cross-Site Scripting (XSS)
Insecure Deserialization
Using Components with Known Vulnerabilities
Insufficient Logging & Monitoring

Secret Scanning (formerly secret-guard)

Proactively scan for leaked secrets:

API Keys: sk_live_, AKIA, ghp_
Private Keys: BEGIN RSA PRIVATE KEY, PEM files
Database URLs: postgres://, mysql:// with credentials
Tokens: JWT, Bearer tokens in source code
.env files committed to version control

Rules

NEVER allow secrets in committed code.
Flag .env files not in .gitignore.
Check for hardcoded credentials in config files.
Recommend environment variable injection for all secrets.

Cost: High (Explicit Trigger Required)

同仓库更多 Skills

同仓库

arch-reviewer

hadimiftahulf/antigravity-skills

Enforces modularity, reusability (DRY), and high-level architectural patterns. Focuses on SOLID principles, Design Patterns, and Scalability.

2026-02-120

deep-audit

hadimiftahulf/antigravity-skills

Universal architectural auditor for any tech stack. Enforces Separation of Concerns, Clean Architecture, and best practices by identifying the project structure and detecting layer violations.

2026-02-120

skill-activation-policy

hadimiftahulf/antigravity-skills

Defines rules for skill activation, including input requirements, output contracts, conflict lists, and performance costs. Enforces Lean Execution mode by default.

2026-02-120

advanced-architecture

hadimiftahulf/antigravity-skills

Implementation of Enterprise patterns: CQRS, Event Sourcing, Domain-Driven Design (DDD).

2026-02-120

api-connector

hadimiftahulf/antigravity-skills

Generates robust, production-grade 3rd party API integrations with Retry, Rate Limiting, and DTOs.

2026-02-120

brainstorm-feature

hadimiftahulf/antigravity-skills

Workflow for deeply researching and architecting a new module/feature. STRICTLY NO CODE EXAMPLES. Use this for high-level technical design and research before implementation.

2026-02-120

name	security-scan
description	Context-aware security audit based on OWASP Top 10. Scans for vulnerabilities in code and configuration. Includes proactive secret scanning for API keys and credentials.

Security Scan (The Hacker 🔐)

Merged: security-scan + secret-guard.

When to Activate

User mentions: "security", "vulnerability", "hack", "audit", "credentials".

Scan Scope

OWASP Top 10

Injection (SQL, NoSQL, OS Command)
Broken Authentication
Sensitive Data Exposure
XML External Entities (XXE)
Broken Access Control (IDOR)
Security Misconfiguration
Cross-Site Scripting (XSS)
Insecure Deserialization
Using Components with Known Vulnerabilities
Insufficient Logging & Monitoring

Secret Scanning (formerly secret-guard)

Proactively scan for leaked secrets:

API Keys: sk_live_, AKIA, ghp_
Private Keys: BEGIN RSA PRIVATE KEY, PEM files
Database URLs: postgres://, mysql:// with credentials
Tokens: JWT, Bearer tokens in source code
.env files committed to version control

Rules

NEVER allow secrets in committed code.
Flag .env files not in .gitignore.
Check for hardcoded credentials in config files.
Recommend environment variable injection for all secrets.