shalin-rahman/skills/security-scanner
skills/security-scanner/SKILL.md
# Skill: Security Scanner # Usage: Use periodically to audit code for logic backdoors and security holes. ## Audit Protocol: - **Injection:** Check for `eval()`, `exec()`, or raw `os.system()` calls with un-sanitized user input. - **Secrets:** Scan for entropy-based secrets or well-known prefixes (`ghp_`, `sk_`). - **Data Privacy:** Ensure sensitive data is never logged or returned in error messages. - **Crypto:** Verify usage of SHA-256 for hashing and AES-GCM for encryption. - **Logic:** Sear
$ install --global
skillsauthnpx skillsauth add shalin-rahman/Synapticity skills/security-scannerInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 27, 2026, 9:21 PM139.7s1 file scanned
SKILL.md
Skill: Security Scanner
Usage: Use periodically to audit code for logic backdoors and security holes.
Audit Protocol:
- Injection: Check for
eval(),exec(), or rawos.system()calls with un-sanitized user input. - Secrets: Scan for entropy-based secrets or well-known prefixes (
ghp_,sk_). - Data Privacy: Ensure sensitive data is never logged or returned in error messages.
- Crypto: Verify usage of SHA-256 for hashing and AES-GCM for encryption.
- Logic: Search for "hidden" admin routes or hardcoded bypasses.
Success Verdict:
- Final code must follow a "Least Privilege" model.
- All external library imports must be verified for safety.
Related Skills
shalin-rahman/skills/zero-defect-engineering
tools
VerifiedTrustedCommunity
# Skill: Zero-Defect Software Engineering # Focus: Writing immortal, self-documenting, and resilient source code. ## Playbook Strategy: 1. **SOLID Foundations**: - **Single Responsibility**: Every class/function does ONE thing perfectly. - **Open/Closed**: Design for extension without modification. 2. **DRY (Don't Repeat Yourself)**: If logic appears twice, abstract it into a utility or base class. 3. **Defensive Programming**: - Validate every input. - Handle every exception specif
1SKILL.mdUpdated Apr 22, 2026
shalin-rahman/skills/typescript-clean
development
VerifiedTrustedCommunity
# Skill: TypeScript Clean Code (Staff Engineer) # Usage: Use for any TypeScript-based project to ensure enterprise-grade type safety and readability. ## Core Rules: - **Strict Typing:** Never use `any`. Use `unknown` with type guards if the type is truly uncertain. - **Interfaces vs Types:** Use `interface` for public APIs (extendability) and `type` for unions, intersections, and primitives. - **Functional Patterns:** Prioritize immutability. Use `readonly` for arrays and objects where possible
1SKILL.mdUpdated Apr 22, 2026
shalin-rahman/skills/testing-strategies
development
VerifiedTrustedCommunity
# Skill: Advanced Testing Strategies (TDD / BDD) # Usage: Use to enforce high code quality, prevent regressions, and ensure requirements are met implicitly. ## 🧪 The Testing Pyramid - **Unit Tests (70%)**: Fast, isolated tests for individual functions and classes. Mock all external dependencies. - **Integration Tests (20%)**: Test the interaction between several units or external systems (e.g., Database, APIs). - **End-to-End (E2E) Tests (10%)**: Slow, brittle tests that verify the system as a
1SKILL.mdUpdated Apr 22, 2026
shalin-rahman/skills/technical-writing-standards
development
VerifiedTrustedCommunity
# Skill: Technical Hand-off & Clarity # Focus: Professional documentation for human and machine consumption. ## Playbook Strategy: 1. **The "ReadMe First" Rule**: Use structured, hierarchical markdown. High-level summary first, deep-dive implementation second. 2. **Contextual Grounding**: Explain the "Why" and the "How" for every project. 3. **Semantic Clarity**: Use industry-standard terminology. Avoid jargon where simple language suffices. 4. **Machine-Readable Annotations**: Include clear co
1SKILL.mdUpdated Apr 22, 2026