abzhaw/security-scanning
.agent/skills/security-scanning/SKILL.md
Dependency audits, SAST, credential leak detection, and daily scans. Use when building or running Julia's security sentinel or setting up automated security checks.
development
Updated Mar 27, 2026
$ install --global
skillsauthnpx skillsauth add abzhaw/juliaz_agents security-scanningInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 30, 2026, 12:13 PM58.4s1 file scanned
SKILL.md
- name:
- security-scanning
- description:
- Dependency audits, SAST, credential leak detection, and daily scans. Use when building or running Julia's security sentinel or setting up automated security checks.
Security Scanning
Daily Scan Script Pattern
#!/bin/bash
LOG="$PROJECT_DIR/security-agent/memory/daily-report.log"
FINDINGS=0
log() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] $*" | tee -a "$LOG"; }
# 1. Dependency audit
log "=== npm audit ==="
for dir in backend bridge frontend orchestrator cowork-mcp; do
result=$(cd "$PROJECT_DIR/$dir" && npm audit --json 2>/dev/null)
critical=$(echo "$result" | jq '.metadata.vulnerabilities.critical // 0')
high=$(echo "$result" | jq '.metadata.vulnerabilities.high // 0')
[ "$critical" -gt 0 ] && { log "🔴 CRITICAL in $dir: $critical"; FINDINGS=$((FINDINGS+1)); }
[ "$high" -gt 0 ] && log "🟡 HIGH in $dir: $high"
done
# 2. Exposed secrets scan (git history)
log "=== Secret scan ==="
if git -C "$PROJECT_DIR" log --all --oneline -100 | xargs git show | grep -qE '(sk-[a-zA-Z0-9]{20,}|AIza[a-z0-9_-]{35})'; then
log "🔴 Possible secret in git history!"; FINDINGS=$((FINDINGS+1))
fi
# 3. Open ports check
log "=== Open ports ==="
unexpected=$(netstat -an | grep LISTEN | grep -vE ':(3000|3001|3002|3003|5432|22) ')
[ -n "$unexpected" ] && log "⚠️ Unexpected ports: $unexpected"
# 4. Report
[ "$FINDINGS" -gt 0 ] && notify_raphael "Security scan: $FINDINGS finding(s) — check logs"
log "=== Scan complete. Findings: $FINDINGS ==="
Tools
npm audit # Node.js dependency vulnerabilities
npm audit fix --force # Auto-fix (test after!)
npx snyk test # More detailed scan via Snyk
grep -r "sk-" --include="*.ts" # Quick secret leak check in source
git log --all -S "sk-" # Check git history for secrets
Related Skills
abzhaw/thesis-tracker
development
VerifiedTrustedCommunity
Fortschrittsverfolgung der Masterarbeit. Wortanzahl pro Kapitel, Fertigstellungsgrad, fehlende Elemente, Deadlines. Haelt den Ueberblick.
SKILL.mdUpdated Mar 27, 2026
abzhaw/thesis-structure
development
VerifiedTrustedCommunity
Kapitelarchitektur und Gliederung der Masterarbeit. Verwaltet die Struktur, schlaegt vor wo Inhalte hingehoeren, validiert den logischen Fluss zwischen Kapiteln.
SKILL.mdUpdated Mar 27, 2026
abzhaw/session-synthesizer
tools
VerifiedTrustedCommunity
Konvertiert Protokolleinträge und Session-Logs in thesis-fähiges deutsches Narrativ. Transformiert Entwicklungsdokumentation in akademische Prosa.
SKILL.mdUpdated Mar 27, 2026
abzhaw/research-scout
research
VerifiedTrustedCommunity
Sucht und analysiert akademische Literatur. Findet relevante Papers, erstellt strukturierte Zusammenfassungen. Zitiert NIEMALS — schlaegt nur vor.
SKILL.mdUpdated Mar 27, 2026