Security Scan Skill

Overview

Orchestrates the full security scanning workflow across all supported languages.

Supported Languages

Language Marker Files Pattern Count

JavaScript/TypeScript package.json 25+

PHP composer.json 20+

Python requirements.txt, pyproject.toml 18+

Swift/iOS Package.swift, *.xcodeproj 15+

Go go.mod 12+

Rust Cargo.toml 10+

Workflow

• Detect language from project markers

• Load patterns from references/scan-patterns.md

• Run scripts/security-scan.sh for automated scanning

• Map findings to OWASP categories via references/owasp-top10.md

• Generate report using references/templates/scan-report.md

Pattern Categories

• XSS (Cross-Site Scripting)

• SQL Injection

• Command Injection

• Code Execution (eval, exec)

• SSRF (Server-Side Request Forgery)

• Weak Cryptography

• Hardcoded Secrets

• Insecure Deserialization

• Path Traversal / LFI / RFI

Integration

After scanning, delegate fixes to sniper:

Task(subagent_type: "fuse-ai-pilot:sniper") Prompt: "Security fixes: [FILE:LINE] [VULN] [FIX]"

References

• OWASP Top 10 Mapping

• Scan Patterns by Language

• Report Template