skills for everythingsecurity-scanning
This skill should be used when the user asks to "scan for vulnerabilities", "check for security issues", "find secrets in code", "audit dependencies", "detect SQL injection", "find XSS vulnerabilities", "check for OWASP issues", "scan for hardcoded credentials", or mentions security analysis of code.
SKILL.md
| Name | security-scanning |
| Description | This skill should be used when the user asks to "scan for vulnerabilities", "check for security issues", "find secrets in code", "audit dependencies", "detect SQL injection", "find XSS vulnerabilities", "check for OWASP issues", "scan for hardcoded credentials", or mentions security analysis of code. |
name: Security Scanning description: This skill should be used when the user asks to "scan for vulnerabilities", "check for security issues", "find secrets in code", "audit dependencies", "detect SQL injection", "find XSS vulnerabilities", "check for OWASP issues", "scan for hardcoded credentials", or mentions security analysis of code. version: 1.0.0
Security Scanning
Comprehensive security analysis skill for detecting vulnerabilities, secrets, and security anti-patterns in codebases.
Core Capabilities
Secrets Detection
Scan for accidentally committed secrets and credentials:
Patterns to detect:
- API keys (AWS, GCP, Azure, Stripe, etc.)
- Private keys (RSA, SSH, PGP)
- Passwords and tokens in code
- Database connection strings with credentials
- JWT secrets and signing keys
- OAuth client secrets
Common file locations:
.envfiles committed to repo- Configuration files (config.py, settings.json)
- Test fixtures with real credentials
- Documentation with example credentials
- CI/CD configuration files
Search patterns:
# API Keys
grep -rE "(api[_-]?key|apikey)\s*[:=]\s*['\"][a-zA-Z0-9]{20,}"
# AWS Keys
grep -rE "AKIA[0-9A-Z]{16}"
# Private Keys
grep -rE "-----BEGIN (RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----"
# Generic Secrets
grep -rE "(password|secret|token)\s*[:=]\s*['\"][^'\"]{8,}"
OWASP Vulnerability Detection
Identify common web application vulnerabilities:
SQL Injection:
- String concatenation in SQL queries
- Unparameterized queries
- Dynamic table/column names from user input
Cross-Site Scripting (XSS):
- Unescaped user input in HTML output
- innerHTML assignments with user data
- Template rendering without auto-escaping
Command Injection:
- Shell command construction with user input
- subprocess/os.system calls with variables
- eval() with external data
Path Traversal:
- File operations with user-controlled paths
- Missing path sanitization
- Symlink following vulnerabilities
Insecure Deserialization:
- pickle.loads with untrusted data
- yaml.load without safe_load
- JSON parsing of user input into code execution
Dependency Auditing
Check for known vulnerabilities in dependencies:
Python:
# Using pip-audit
pip-audit -r requirements.txt
# Using safety
safety check -r requirements.txt
# Check outdated packages
pip list --outdated
JavaScript/Node:
npm audit
yarn audit
General approach:
- Parse dependency files (requirements.txt, package.json, go.mod)
- Check versions against known CVE databases
- Report severity and remediation guidance
Security Anti-Patterns
Detect insecure coding patterns:
Weak Cryptography:
- MD5/SHA1 for password hashing
- ECB mode encryption
- Hardcoded encryption keys
- Weak random number generation
Authentication Issues:
- Hardcoded credentials
- Missing authentication checks
- Weak password policies
- Session fixation vulnerabilities
Authorization Flaws:
- Missing access control checks
- IDOR (Insecure Direct Object References)
- Privilege escalation paths
Data Exposure:
- Sensitive data in logs
- Unencrypted sensitive storage
- Debug information in production
Scanning Workflow
Full Security Scan
To perform a comprehensive security scan:
- Secrets scan: Search for hardcoded credentials
- Dependency audit: Check for known CVEs
- Code analysis: Identify vulnerability patterns
- Configuration review: Check security settings
Quick Security Check
For rapid assessment of recent changes:
- Identify modified files from git diff
- Scan only changed files for secrets
- Check new dependencies added
- Review security-sensitive code paths
Output Format
Present findings with severity levels:
Critical: Immediate exploitation risk
- Hardcoded production credentials
- Known exploitable CVEs
- Authentication bypass
High: Significant security risk
- SQL injection vulnerabilities
- XSS in user-facing pages
- Weak cryptographic usage
Medium: Potential security concern
- Missing input validation
- Outdated dependencies (no known CVE)
- Insecure defaults
Low: Best practice violations
- Verbose error messages
- Missing security headers
- Suboptimal configurations
Language-Specific Patterns
Python
# SQL Injection - BAD
cursor.execute(f"SELECT * FROM users WHERE id = {user_id}")
# SQL Injection - GOOD
cursor.execute("SELECT * FROM users WHERE id = %s", (user_id,))
# Command Injection - BAD
os.system(f"ls {user_input}")
# Command Injection - GOOD
subprocess.run(["ls", user_input], shell=False)
# Insecure Deserialization - BAD
data = pickle.loads(user_data)
# Secure Alternative
data = json.loads(user_data)
JavaScript
// XSS - BAD
element.innerHTML = userInput;
// XSS - GOOD
element.textContent = userInput;
// SQL Injection - BAD
db.query(`SELECT * FROM users WHERE id = ${userId}`);
// SQL Injection - GOOD
db.query('SELECT * FROM users WHERE id = ?', [userId]);
Integration with Other Tools
When security issues are found, coordinate with:
- code-quality skill: For fixing identified issues
- git-workflows skill: For secure commit practices
- documentation skill: For security documentation
Remediation Guidance
For each finding, provide:
- Description: What the vulnerability is
- Location: File path and line number
- Risk: Potential impact if exploited
- Fix: Specific remediation steps
- Prevention: How to avoid in future
Additional Resources
Reference Files
For detailed vulnerability patterns:
- Consult OWASP Top 10 documentation
- Check CWE (Common Weakness Enumeration) database
- Review language-specific security guides