fusengine/security-scan
plugins/security-expert/skills/security-scan/SKILL.md
Main security scanning orchestration. Detects language, runs OWASP Top 10 patterns, identifies vulnerabilities, generates structured reports. Use when scanning for XSS, SQL injection, command injection, secrets, or any security vulnerability.
$ install --global
skillsauthnpx skillsauth add fusengine/agents security-scanInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 1, 2026, 3:32 AM114.9s6 files scanned
SKILL.md
- name:
- security-scan
- description:
- Main security scanning orchestration. Detects language, runs OWASP Top 10 patterns, identifies vulnerabilities, generates structured reports. Use when scanning for XSS, SQL injection, command injection, secrets, or any security vulnerability.
- argument-hint:
- [--full] [path]
- user-invocable:
- true
Security Scan Skill
Overview
Orchestrates the full security scanning workflow across all supported languages.
Supported Languages
| Language | Marker Files | Pattern Count | |----------|-------------|---------------| | JavaScript/TypeScript | package.json | 25+ | | PHP | composer.json | 20+ | | Python | requirements.txt, pyproject.toml | 18+ | | Swift/iOS | Package.swift, *.xcodeproj | 15+ | | Go | go.mod | 12+ | | Rust | Cargo.toml | 10+ |
Workflow
- Detect language from project markers
- Load patterns from
references/scan-patterns.md - Run
scripts/security-scan.shfor automated scanning - Map findings to OWASP categories via
references/owasp-top10.md - Generate report using
references/templates/scan-report.md
Pattern Categories
- XSS (Cross-Site Scripting)
- SQL Injection
- Command Injection
- Code Execution (eval, exec)
- SSRF (Server-Side Request Forgery)
- Weak Cryptography
- Hardcoded Secrets
- Insecure Deserialization
- Path Traversal / LFI / RFI
Integration
After scanning, delegate fixes to sniper:
Agent(subagent_type="fuse-ai-pilot:sniper", prompt="Security fixes: [FILE:LINE] [VULN] [FIX]")
References
- OWASP Top 10 Mapping
- Scan Patterns by Language
- Report Template
Related Skills
fusengine/seo-entity
development
VerifiedTrustedCommunity
Use when optimizing entity-based / semantic SEO 2026. Covers entity maps, Google Knowledge Graph resolution, salience scoring, passage-level ranking, about/sameAs/knowsAbout schema, Cloud Natural Language API validation.
13SKILL.mdUpdated Jun 4, 2026
fusengine/seo
development
VerifiedTrustedCommunity
Use when running SEO, GEO, schema, Core Web Vitals, sitemap, hreflang, E-E-A-T, AI Overviews, technical SEO, or structured data tasks. Covers full-site audits, single-page analysis, schema markup, content quality, AI search optimization, local SEO, sitemap/robots, internal linking, semantic clustering, and search experience.
13SKILL.mdUpdated May 17, 2026
fusengine/seo-sxo
development
VerifiedTrustedCommunity
Use when optimizing search experience (SXO). Covers intent matching, user personas, user stories, page-type analysis, dwell time, scroll depth, pogo-sticking prevention.
13SKILL.mdUpdated May 17, 2026
fusengine/seo-local
development
VerifiedTrustedCommunity
Use when optimizing local SEO. Covers Google Business Profile, NAP consistency, citations, reviews acquisition, Local Pack ranking, location pages, LocalBusiness schema.
13SKILL.mdUpdated May 17, 2026