JLighter/security-scan
.claude/skills/security-scan/SKILL.md
Deep security audit of the codebase. Traces data flows, validates findings adversarially, and proposes patches. Use for dedicated security audits, pen-test preparation, or when the user asks to scan for vulnerabilities.
development
Updated Apr 16, 2026
$ install --global
skillsauthnpx skillsauth add JLighter/dotfiles security-scanInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 16, 2026, 6:54 PM26.0s1 file scanned
SKILL.md
- name:
- security-scan
- description:
- Deep security audit of the codebase. Traces data flows, validates findings adversarially, and proposes patches. Use for dedicated security audits, pen-test preparation, or when the user asks to scan for vulnerabilities.
Launch the code-security agent to perform a deep security audit.
This is a standalone security scan — it runs ONLY the security researcher agent (opus), not the full code-review suite. Use this for dedicated security work.
Scope is determined by arguments:
- No arguments: scan files changed in the current git diff.
- File path(s): scan those specific files, tracing data flows into and out of them.
- Directory path: full security audit of all source files in the directory.
- "full": scan the entire codebase from root.
When scanning a full codebase or directory, instruct the agent to prioritize:
- Entry points (API routes, controllers, handlers) first.
- Authentication and authorization logic second.
- Data access layer (queries, ORM usage) third.
- Then remaining application code.
$ARGUMENTS
Related Skills
JLighter/ux-review
development
VerifiedTrustedCommunity
Launch UX review (visual hierarchy, interaction, user flow). Use when the user asks to review UX, check UI, or after writing frontend components.
SKILL.mdUpdated Apr 16, 2026
JLighter/review-feature
data-ai
VerifiedTrustedCommunity
Smart review that detects file types and launches the right review agents. Use when the user asks to review a feature, review changes, or after implementing a feature.
SKILL.mdUpdated Apr 16, 2026
JLighter/review-docs
development
VerifiedTrustedCommunity
Audit product documentation coherence against the codebase. Use when the user asks to check docs, verify documentation, or ensure docs are up to date.
SKILL.mdUpdated Apr 16, 2026
JLighter/review-all
development
VerifiedTrustedCommunity
Launch ALL four review agents in parallel (code, DDD, UX, CSS). Use when the user wants a comprehensive full review of everything.
SKILL.mdUpdated Apr 16, 2026