一键在 Manus 中运行任何 Skill

security-scanner

Node.js security audit: npm audit for known CVEs, Snyk for supply chain vulnerabilities, eslint-plugin-security for code patterns (eval, prototype pollution, path traversal), and AI-driven analysis of container isolation boundaries. Generates SECURITY_REPORT.md with CRITICAL/HIGH/MEDIUM severity ratings. Adapted from ZeroClaw's Rust security-scanner for Node.js/npm ecosystem. Run before any release or dependency update.

在 Manus 中运行

概览

安装命令

npx skills add https://github.com/mk-knight23/AI-Agent-NanoClaw --skill security-scanner

复制此命令并粘贴到 Claude Code 中以安装该技能

来源

mk-knight23/AI-Agent-NanoClaw

星标1

分支0

更新时间2026年3月10日 00:13

SKILL.md

readonly

name

security-scanner

description

security-scanner

Full-spectrum Node.js security audit — CVEs, supply chain, code patterns, container isolation.

Usage

@Andy security-scanner --full
@Andy security-scanner --deps-only         # npm audit + Snyk only
@Andy security-scanner --code-only         # ESLint security rules only
@Andy security-scanner --fail-on high      # Exit non-zero if HIGH+ issues found (CI mode)

What It Checks

1. Known CVEs — `npm audit`

All direct + transitive dependencies checked against npm security advisories
Each finding includes: CVE ID, severity, affected package, fix version

2. Supply Chain — Snyk

License compliance (blocks AGPL, GPL-3.0 by default — configurable)
Typosquatting detection: flags packages with names similar to popular ones
Deprecated package warnings

3. Code Security Patterns — ESLint Security Plugin

eval() and new Function() usage
Prototype pollution via __proto__, constructor.prototype
Path traversal in fs.readFile, path.join with user input
Hardcoded secrets (API keys, tokens in source)
child_process.exec with unsanitized input

4. Container Isolation Audit (NanoClaw-Specific)

Shared state leaking between agent containers
Unauthenticated inter-container communication
Swarm nodes exposing internal ports without firewall rules

Files Created

SECURITY_REPORT.md          # Full report with severity ratings
security_audit.json         # Machine-readable JSON for CI

CI Integration

# .github/workflows/security.yml
- name: NanoClaw Security Scan
  run: |
    npm audit --audit-level=high
    andy security-scanner --full --fail-on high

Philosophy

Container isolation is NanoClaw's core security model. Every issue that could allow one agent to affect another is treated as CRITICAL, regardless of what npm audit says.

同仓库更多 Skills

同仓库

code-reviewer

mk-knight23/AI-Agent-NanoClaw

Runs ESLint, TypeScript type checking (tsc --noEmit), and AI-driven review on any JavaScript/TypeScript Node.js codebase or diff. Identifies bugs, type issues, security vulnerabilities (via eslint-plugin-security), async pitfalls, and style violations. Outputs a CODE_REVIEW.md report with CRITICAL/HIGH/MEDIUM/LOW severity ratings. Use before committing or merging Node.js code. Adapted from Nanobot's Python code-reviewer for Node.js/TypeScript runtimes.

2026-03-101

repo-modernizer

mk-knight23/AI-Agent-NanoClaw

Automated portfolio hygiene for Node.js repositories. Updates package.json dependencies to latest stable, migrates CommonJS to ESM, upgrades TypeScript config to strict mode, adds missing .gitignore patterns, adds GitHub Actions CI, generates missing README sections, and standardizes the project structure. Cross-ported from OpenClaw's repo-modernizer. Use when a repository is stale or missing modern Node.js conventions.

2026-03-101

add-discord

mk-knight23/AI-Agent-NanoClaw

Transformation skill to add high-fidelity Discord support. Installs discord.js, creates a multi-channel adapter with thread support, and configures bot intents/tokens. Enables rich embeds and slash command registration.

2026-03-061

add-github-actions

mk-knight23/AI-Agent-NanoClaw

Transformation skill to add robust CI/CD via GitHub Actions. Configures workflows for linting, testing, and auto-deployment. Adds secrets management and PR automation hooks.

2026-03-061

add-gmail

mk-knight23/AI-Agent-NanoClaw

Transforms NanoClaw to add Gmail monitoring and composition. Installs the googleapis dependency, creates a Gmail channel adapter in src/channels/, adds OAuth2 flow, and registers it at startup. Run /add-gmail when you want to monitor your inbox and compose AI-drafted replies via NanoClaw. Requires Google OAuth2 credentials from Google Cloud Console.

2026-03-061

add-linear

mk-knight23/AI-Agent-NanoClaw

Transformation skill to add Linear integration. Installs linear-sdk, configures OAuth/API keys, and adds handlers for issue tracking and project management. Mounts Linear team context into agent containers.

2026-03-061

来源

mk-knight23

mk-knight23/AI-Agent-NanoClaw

打开 GitHub 仓库查看创作者相关仓库

安装命令

下载

在 Manus 中运行

适用职业SOC

信息安全分析师计算机与数学类职业15-1212L4

name

security-scanner

description

security-scanner

Full-spectrum Node.js security audit — CVEs, supply chain, code patterns, container isolation.

Usage

@Andy security-scanner --full
@Andy security-scanner --deps-only         # npm audit + Snyk only
@Andy security-scanner --code-only         # ESLint security rules only
@Andy security-scanner --fail-on high      # Exit non-zero if HIGH+ issues found (CI mode)

What It Checks

1. Known CVEs — `npm audit`

All direct + transitive dependencies checked against npm security advisories
Each finding includes: CVE ID, severity, affected package, fix version

2. Supply Chain — Snyk

License compliance (blocks AGPL, GPL-3.0 by default — configurable)
Typosquatting detection: flags packages with names similar to popular ones
Deprecated package warnings

3. Code Security Patterns — ESLint Security Plugin

eval() and new Function() usage
Prototype pollution via __proto__, constructor.prototype
Path traversal in fs.readFile, path.join with user input
Hardcoded secrets (API keys, tokens in source)
child_process.exec with unsanitized input

4. Container Isolation Audit (NanoClaw-Specific)

Shared state leaking between agent containers
Unauthenticated inter-container communication
Swarm nodes exposing internal ports without firewall rules

Files Created

SECURITY_REPORT.md          # Full report with severity ratings
security_audit.json         # Machine-readable JSON for CI

CI Integration

# .github/workflows/security.yml
- name: NanoClaw Security Scan
  run: |
    npm audit --audit-level=high
    andy security-scanner --full --fail-on high

Philosophy

Container isolation is NanoClaw's core security model. Every issue that could allow one agent to affect another is treated as CRITICAL, regardless of what npm audit says.

security-scanner

security-scanner

Usage

What It Checks

1. Known CVEs — npm audit

2. Supply Chain — Snyk

3. Code Security Patterns — ESLint Security Plugin

4. Container Isolation Audit (NanoClaw-Specific)

Files Created

CI Integration

Philosophy

同仓库更多 Skills

同仓库更多 Skills

security-scanner

Usage

What It Checks

1. Known CVEs — npm audit

2. Supply Chain — Snyk

3. Code Security Patterns — ESLint Security Plugin

4. Container Isolation Audit (NanoClaw-Specific)

Files Created

CI Integration

Philosophy

1. Known CVEs — `npm audit`

1. Known CVEs — `npm audit`