PeterBooker/security-scan
.claude/skills/security-scan/SKILL.md
Run gosec and govulncheck to find security vulnerabilities. Use before releases or after dependency changes.
$ install --global
skillsauthnpx skillsauth add PeterBooker/veloria security-scanInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 24, 2026, 8:56 PM1.8s1 file scanned
SKILL.md
- name:
- security-scan
- description:
- Run gosec and govulncheck to find security vulnerabilities. Use before releases or after dependency changes.
- disable-model-invocation:
- true
- argument-hint:
- package-path
Security Scanning
Run Go security scanners to find vulnerabilities in code and dependencies.
Usage
/security-scan- Full scan (gosec + govulncheck)/security-scan ./internal/api/...- Scan specific package with gosec
Steps
-
Run gosec (static analysis)
gosec -exclude-generated -exclude-dir=internal/codesearch $ARGUMENTS 2>&1If no arguments provided:
gosec -exclude-generated -exclude-dir=internal/codesearch ./... 2>&1If gosec is not installed:
go install github.com/securego/gosec/v2/cmd/gosec@latest -
Run govulncheck (dependency vulnerabilities)
govulncheck ./... 2>&1If govulncheck is not installed:
go install golang.org/x/vuln/cmd/govulncheck@latest -
Report findings
## Security Scan Results ### gosec (Code Analysis) | Severity | File | Line | Issue | |----------|------|------|-------| ### govulncheck (Dependencies) | Module | Vulnerability | Severity | Fixed In | |--------|--------------|----------|----------| ### Summary - Code issues: N (high: N, medium: N, low: N) - Vulnerable dependencies: N -
For each finding, suggest a specific fix or mitigation.
CI Alignment
The CI pipeline runs:
gosec -exclude-generated -exclude-dir=internal/codesearch ./...
A separate vulnerability.yml workflow checks for dependency vulnerabilities.
Running /security-scan locally catches both before pushing.
Common gosec Rules
| Rule | Description | Common Fix | |------|-------------|------------| | G101 | Hardcoded credentials | Use env vars | | G104 | Unhandled errors | Add error checks | | G304 | File path from variable | Validate/sanitize path | | G401 | Weak crypto (MD5/SHA1) | Use SHA-256+ | | G501 | Insecure TLS | Use TLS 1.2+ |
Related Skills
PeterBooker/test
development
VerifiedTrustedCommunity
Run Go unit tests. Use after code changes to verify correctness.
17SKILL.mdUpdated Apr 16, 2026
PeterBooker/reindex
tools
VerifiedTrustedCommunity
Trigger reindexing of a specific WordPress extension. Use to rebuild the search index for a plugin, theme, or core version.
17SKILL.mdUpdated Apr 16, 2026
PeterBooker/race-check
development
VerifiedTrustedCommunity
Run Go race detector to find data races in concurrent code. Use after any change to mutexes, goroutines, or channels.
17SKILL.mdUpdated Apr 16, 2026
PeterBooker/profile
tools
VerifiedTrustedCommunity
Run CPU and memory profiling with pprof to identify performance hotspots. Use when investigating high resource usage.
17SKILL.mdUpdated Apr 16, 2026