aaaaqwq/commands/security-scan
commands/security-scan/SKILL.md
# security-scan > Run security audit on codebase for vulnerabilities and secrets. ## Trigger `/skill security-scan` or "安全扫描" ## What It Does 1. Scan for hardcoded secrets (API keys, tokens, passwords) 2. Check dependency vulnerabilities (npm audit / pip audit) 3. Scan for common vulnerability patterns (OWASP Top 10) 4. Check file permissions and .gitignore coverage 5. Generate security report with severity ratings ## Scan Categories | Category | Tool/Method | |----------|------------| |
$ install --global
skillsauthnpx skillsauth add aaaaqwq/agi-super-team commands/security-scanInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 11, 2026, 3:45 AM4.5s1 file scanned
SKILL.md
security-scan
Run security audit on codebase for vulnerabilities and secrets.
Trigger
/skill security-scan or "安全扫描"
What It Does
- Scan for hardcoded secrets (API keys, tokens, passwords)
- Check dependency vulnerabilities (npm audit / pip audit)
- Scan for common vulnerability patterns (OWASP Top 10)
- Check file permissions and .gitignore coverage
- Generate security report with severity ratings
Scan Categories
| Category | Tool/Method |
|----------|------------|
| Secret detection | Regex patterns + git history |
| Dependencies | npm audit / pip audit |
| OWASP Top 10 | Static analysis |
| File permissions | .env exposure, .gitignore gaps |
| License compliance | License checker |
Output
🔒 Security Scan Report
🔴 P0: 2 hardcoded secrets found
- config.py:42 — API key exposed
- .env — committed to git history
🟡 P1: 3 vulnerable dependencies
- [email protected] (prototype pollution)
- [email protected] (DoS)
🟢 P2: .gitignore missing coverage for *.pem files
Related Skills
aaaaqwq/code-exemplars-blueprint-generator
development
VerifiedTrustedCommunity
Technology-agnostic prompt generator that creates customizable AI prompts for scanning codebases and identifying high-quality code exemplars. Supports multiple programming languages (.NET, Java, JavaScript, TypeScript, React, Angular, Python) with configurable analysis depth, categorization methods, and documentation formats to establish coding standards and maintain consistency across development teams.
37SKILL.mdUpdated Apr 11, 2026
aaaaqwq/chrome-devtools
tools
VerifiedTrustedCommunity
Expert-level browser automation, debugging, and performance analysis using Chrome DevTools MCP. Use for interacting with web pages, capturing screenshots, analyzing network traffic, and profiling performance.
37SKILL.mdUpdated Apr 11, 2026
aaaaqwq/breakdown-feature-implementation
data-ai
VerifiedTrustedCommunity
Prompt for creating detailed feature implementation plans, following Epoch monorepo structure.
37SKILL.mdUpdated Apr 11, 2026
aaaaqwq/boost-prompt
tools
VerifiedTrustedCommunity
Interactive prompt refinement workflow: interrogates scope, deliverables, constraints; copies final markdown to clipboard; never writes code. Requires the Joyride extension.
37SKILL.mdUpdated Apr 11, 2026