aaaaqwq/ghost-scan-code
skills/ghost-scan-code/SKILL.md
Ghost Security - SAST code scanner. Finds security vulnerabilities in source code by planning and executing targeted scans for issues like SQL injection, XSS, BOLA, BFLA, SSRF, and other OWASP categories. Supports applications (backend, frontend, mobile) and libraries (prototype pollution, unsafe deserialization, ReDoS, path traversal, zip slip). Use when the user asks for a code security audit, SAST scan, vulnerability scan of source code, or wants to find security flaws in a codebase or library.
$ install --global
skillsauthnpx skillsauth add aaaaqwq/agi-super-team ghost-scan-codeInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 24, 2026, 8:43 PM1.8s1 file scanned
SKILL.md
- name:
- ghost-scan-code
- description:
- Ghost Security - SAST code scanner. Finds security vulnerabilities in source code by planning and executing targeted scans for issues like SQL injection, XSS, BOLA, BFLA, SSRF, and other OWASP categories. Supports applications (backend, frontend, mobile) and libraries (prototype pollution, unsafe deserialization, ReDoS, path traversal, zip slip). Use when the user asks for a code security audit, SAST scan, vulnerability scan of source code, or wants to find security flaws in a codebase or library.
- allowed-tools:
- Read, Write, Edit, Glob, Grep, Bash
- argument-hint:
- [depth=quick]
- license:
- apache-2.0
- version:
- 1.1.0
Find Issues
You find security issues in a repository. This skill plans which vulnerability vectors to scan, then executes those scans against each project.
Inputs
- depth:
quick(default),balanced, orfull— override via$ARGUMENTS
$ARGUMENTS
Note: Arguments passed can be used to customize the scan workflow if provided. For example, if the user specifies a specific set of vectors, count of vectors, specific candidate files, areas to focus on, count of candidate files, etc., ensure the relevant details are passed to the relevant steps in the skill.
Supporting files
- Loop script: scripts/loop.sh
- Scan criteria: criteria/index.yaml
Step 1: Setup
Compute the repo-specific output directory:
repo_name=$(basename "$(pwd)") && remote_url=$(git remote get-url origin 2>/dev/null || pwd) && short_hash=$(printf '%s' "$remote_url" | git hash-object --stdin | cut -c1-8) && repo_id="${repo_name}-${short_hash}" && short_sha=$(git rev-parse --short HEAD 2>/dev/null || date +%Y%m%d) && ghost_repo_dir="$HOME/.ghost/repos/${repo_id}" && scan_dir="${ghost_repo_dir}/scans/${short_sha}/code" && cache_dir="${ghost_repo_dir}/cache" && mkdir -p "$scan_dir" && echo "scan_dir=$scan_dir cache_dir=$cache_dir"
- Read
$cache_dir/repo.md— if missing, run the repo-context skill first and then continue. - Read criteria/index.yaml to get the valid agent→vector mappings per project type
- Set
depthtoquickif not provided - If
depthisfull, warn the user that a full scan uses significantly more tokens and ask them to confirm before proceeding. If they decline, fall back tobalanced.
Step 2: Plan Scans
If $scan_dir/plan.md already exists, skip to the next step.
Otherwise, run the planner using scripts/loop.sh:
bash <path-to-loop.sh> $scan_dir planner.md "- depth: <depth>
- arguments: <relevant argument overrides if any, otherwise omit>" 1 $cache_dir
Use a 10-minute timeout. If the command times out, re-run it — the script resumes from where it left off. If it fails 3 times consecutively with the same error, stop and report the failure.
Verify: $scan_dir/plan.md exists and contains at least one ## Project: section before proceeding.
Step 3: Nominate Files
If $scan_dir/nominations.md does not exist, generate it by reading $scan_dir/plan.md and for each project section (## Project: <base_path> (<type>)), parse the Recommended Scans table. For each row, extract the Agent and Vector columns. Write $scan_dir/nominations.md - one line per (project, agent, vector) combination. Skip projects with empty scan tables.
# Nominations
- [ ] <base_path> (<type>) | <agent> | <vector>
- [ ] <base_path> (<type>) | <agent> | <vector>
...
If $scan_dir/nominations.md already exists, change every top level task - [x] to - [ ]. Keep all indented lines/subtasks beneath each item unchanged.
Run nomination script
Using scripts/loop.sh:
bash <path-to-loop.sh> $scan_dir nominator.md "- depth: <depth>
- arguments: <relevant argument overrides if any, otherwise omit>" 5 $cache_dir
Use a 10-minute timeout. If the command times out, re-run it — the script resumes from where it left off. If it fails 3 times consecutively with the same error, stop and report the failure.
Verify: $scan_dir/nominations.md contains at least one - [x] line before proceeding.
Step 4: Analyze Nominated Files
Read $scan_dir/nominations.md. For each candidate file under a checked - [x] line, append to $scan_dir/analyses.md (skip candidates already listed in analyses.md).
- [ ] <base_path> (<type>) | <agent> | <vector> | <candidate_file>
Create the findings directory:
mkdir -p $scan_dir/findings
Run analysis script
Using scripts/loop.sh:
bash <path-to-loop.sh> $scan_dir analyzer.md "" 5 $cache_dir
Use a 10-minute timeout. If the command times out, re-run it — the script resumes from where it left off. If it fails 3 times consecutively with the same error, stop and report the failure.
Verify: $scan_dir/analyses.md contains at least one - [x] line before proceeding.
Step 5: Verify Findings
List all .md files in $scan_dir/findings/. If none exist, write a no-findings.md summary and stop.
Using scripts/loop.sh:
bash <path-to-loop.sh> $scan_dir verifier.md "" 5 $cache_dir
Use a 10-minute timeout. If the command times out, re-run it — the script resumes from where it left off. If it fails 3 times consecutively with the same error, stop and report the failure.
Completion
After all steps complete, report the scan results:
- List all finding files in
$scan_dir/findings/ - Count verified vs rejected findings
- Present a summary to the user
Related Skills
aaaaqwq/code-exemplars-blueprint-generator
development
VerifiedTrustedCommunity
Technology-agnostic prompt generator that creates customizable AI prompts for scanning codebases and identifying high-quality code exemplars. Supports multiple programming languages (.NET, Java, JavaScript, TypeScript, React, Angular, Python) with configurable analysis depth, categorization methods, and documentation formats to establish coding standards and maintain consistency across development teams.
37SKILL.mdUpdated Apr 11, 2026
aaaaqwq/chrome-devtools
tools
VerifiedTrustedCommunity
Expert-level browser automation, debugging, and performance analysis using Chrome DevTools MCP. Use for interacting with web pages, capturing screenshots, analyzing network traffic, and profiling performance.
37SKILL.mdUpdated Apr 11, 2026
aaaaqwq/breakdown-feature-implementation
data-ai
VerifiedTrustedCommunity
Prompt for creating detailed feature implementation plans, following Epoch monorepo structure.
37SKILL.mdUpdated Apr 11, 2026
aaaaqwq/boost-prompt
tools
VerifiedTrustedCommunity
Interactive prompt refinement workflow: interrogates scope, deliverables, constraints; copies final markdown to clipboard; never writes code. Requires the Joyride extension.
37SKILL.mdUpdated Apr 11, 2026