47network/sast-scanner
skills/security/sast-scanner/SKILL.md
Static Application Security Testing — scan TypeScript/JavaScript source code for SQL injection, XSS, SSRF, path traversal, command injection, hardcoded secrets, insecure crypto, auth bypass, prototype pollution, and more. 14 built-in rules mapped to OWASP Top 10 and CWE.
$ install --global
skillsauthnpx skillsauth add 47network/Sven sast-scannerInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 23, 2026, 6:17 PM54.9s2 files scanned
SKILL.md
- name:
- sast-scanner
- description:
- Static Application Security Testing — scan TypeScript/JavaScript source code for SQL injection, XSS, SSRF, path traversal, command injection, hardcoded secrets, insecure crypto, auth bypass, prototype pollution, and more. 14 built-in rules mapped to OWASP Top 10 and CWE.
- version:
- 2026.4.11
- publisher:
- 47Network
- handler_language:
- typescript
- handler_file:
- handler.ts
- inputs_schema:
- {"type":"object","properties":{"action":{"type":"string","enum":["scan","list_rules","get_rule","filter_rules"],"default":"scan"},"files":{"type":"object","description":"Map of filePath → sourceCode to scan","additionalProperties":{"type":"string"}},"rule_id":{"type":"string"},"severity":{"type":"string","enum":["critical","high","medium","low","informational"]},"category":{"type":"string"}},"required":["action"],"additionalProperties":false}
- outputs_schema:
- {"type":"object","properties":{"action":{"type":"string"},"result":{"type":"object"}},"required":["action","result"]}
SAST Scanner Skill
Static analysis security scanner for TypeScript/JavaScript. Detects OWASP Top 10 vulnerabilities with SAST-001 through SAST-014 rules covering injection, XSS, SSRF, path traversal, command injection, insecure deserialization, hardcoded secrets, weak crypto, auth bypass, prototype pollution, open redirect, insecure random, missing headers, and information disclosure.
Actions
scan— Scan source files and produce a security report with scored findingslist_rules— List all available detection rulesget_rule— Get details on a specific rule by IDfilter_rules— Filter rules by severity or category
Scope Mapping
security.sast: read (code analysis, no modifications)
Related Skills
47network/webapp-tester
development
VerifiedTrustedCommunity
Automated web testing advisor — generate Playwright test scripts, accessibility checks, and performance audits.
3SKILL.mdUpdated Apr 23, 2026
47network/security-posture
testing
VerifiedTrustedCommunity
Unified security posture reporting — combines SAST, dependency audit, secret scan, infrastructure scan, and pentest results into a single scored report with OWASP and SOC 2 compliance mapping, top risks, and remediation recommendations.
3SKILL.mdUpdated Apr 23, 2026
47network/secret-scanner
development
VerifiedTrustedCommunity
Detect hardcoded secrets, API keys, tokens, private keys, and credentials in source code and config files. 20 built-in patterns covering AWS, GitHub, Slack, Stripe, database URLs, JWTs, and more.
3SKILL.mdUpdated Apr 23, 2026
47network/pentest-framework
development
VerifiedTrustedCommunity
Controlled penetration testing framework for Sven's own infrastructure. 6 built-in scenarios covering auth brute force, privilege escalation, SQL injection, header security, rate limiting, and information disclosure. Admin-gated — requires 47 user confirmation.
3SKILL.mdUpdated Apr 23, 2026