a5c-ai/security-scanning
library/methodologies/everything-claude-code/skills/security-scanning/SKILL.md
AgentShield security audit with 5 scanning categories, 102 static analysis rules, and optional red-team simulation.
$ install --global
skillsauthnpx skillsauth add a5c-ai/babysitter security-scanningInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 1, 2026, 11:41 AM67.7s2 files scanned
SKILL.md
- name:
- security-scanning
- description:
- AgentShield security audit with 5 scanning categories, 102 static analysis rules, and optional red-team simulation.
- allowed-tools:
- Read, Bash, Grep, Glob
Security Scanning
Overview
AgentShield security audit methodology adapted from the Everything Claude Code project. Scans across 5 categories with 102 static analysis rules.
Scanning Categories
1. Secrets Detection (14 Pattern Categories)
- AWS access keys (AKIA pattern)
- GitHub tokens (ghp_, gho_, ghs_, ghr_)
- Generic API keys and bearer tokens
- Database connection strings with credentials
- Private keys (RSA, EC, SSH)
- JWT secrets and signing keys
- OAuth client secrets
- Slack tokens and webhooks
- Cloud provider credentials (GCP, Azure)
2. Permission Auditing
- File system read/write scope
- Network calls and protocols
- Process execution (child_process)
- File permissions (777, world-writable)
- CORS and CSP headers
- Docker privilege escalation
3. Hook Injection Analysis
- Git hooks for command injection
- npm lifecycle scripts (preinstall, postinstall)
- Claude Code hooks for unsafe patterns
- eval()/Function()/dynamic code execution
- Unvalidated user input in shell commands
4. MCP Risk Profiling
- Tool permission inventory
- Data exposure risk mapping
- Transport security (stdio vs SSE vs HTTP)
- Prompt injection via tool descriptions
- Rate limiting verification
5. Agent Config Review
- Model settings integrity
- Prompt injection resistance
- Tool allowlist scoping
- Output validation and sanitization
- Information leakage in error messages
Optional: Red Team Simulation
- Attack simulation against found vulnerabilities
- Exploitability rating: trivial, moderate, difficult, theoretical
- Blue-team defense recommendations
When to Use
- Pre-deployment security review
- New dependency introduction
- Hook or plugin configuration changes
- Agent or MCP server setup
Agents Used
security-reviewer(primary consumer)
Related Skills
a5c-ai/model-card-generator
development
VerifiedTrustedCommunity
Model documentation skill for generating model cards following Google's model card framework.
680SKILL.mdUpdated Apr 28, 2026
a5c-ai/mlflow-experiment-tracker
development
VerifiedTrustedCommunity
MLflow integration skill for experiment tracking, model registry, and artifact management. Enables LLMs to log experiments, compare runs, manage model lifecycle, and retrieve artifacts through the MLflow API.
680SKILL.mdUpdated Apr 28, 2026
a5c-ai/lime-explainer
data-ai
VerifiedTrustedCommunity
LIME-based local explanation skill for individual predictions across tabular, text, and image data.
680SKILL.mdUpdated Apr 28, 2026
a5c-ai/kubeflow-pipeline-executor
devops
VerifiedTrustedCommunity
Kubeflow Pipelines skill for ML workflow orchestration, component management, and Kubernetes-native ML.
680SKILL.mdUpdated Apr 28, 2026