security-scanner

Advanced security vulnerability detection and remediation for codebases

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "security-scanner" with this command: npx skills add j0kz/mcp-agents/j0kz-mcp-agents-security-scanner

Security Scanner

Advanced security vulnerability detection and remediation for codebases

Quick Commands

Quick security scan

npx @j0kz/security-scanner scan

Check for secrets

npx secretlint "**/*"

OWASP dependency check

npm audit fix

Static analysis

npx eslint-plugin-security

Core Functionality

Key Features

  • OWASP Top 10 Detection: SQL injection, XSS, CSRF, etc.

  • Secret Scanning: API keys, passwords, tokens

  • Dependency Vulnerabilities: Known CVEs in dependencies

  • Code Patterns: Insecure coding practices

  • Compliance Checking: GDPR, PCI-DSS, HIPAA patterns

Detailed Information

For comprehensive details, see:

cat .claude/skills/security-scanner/references/owasp-patterns.md

cat .claude/skills/security-scanner/references/secret-detection.md

cat .claude/skills/security-scanner/references/remediation-guide.md

Usage Examples

Example 1: Full Security Audit

import { SecurityScanner } from '@j0kz/security-scanner';

const scanner = new SecurityScanner({ severity: 'high', includeDevDependencies: false });

const results = await scanner.scan('./src'); console.log(Found ${results.vulnerabilities.length} vulnerabilities);

Example 2: Pre-commit Hook

#!/bin/sh

.husky/pre-commit

npx @j0kz/security-scanner scan --staged --fail-on-high

Security Patterns Detected

  • SQL Injection risks

  • Cross-Site Scripting (XSS)

  • Command Injection

  • Path Traversal

  • Sensitive Data Exposure

  • XML External Entity (XXE)

  • Broken Authentication

  • Security Misconfiguration

  • Using Components with Known Vulnerabilities

  • Insufficient Logging

Configuration

{ "security-scanner": { "rules": { "no-eval": "error", "no-implied-eval": "error", "no-hardcoded-secrets": "error", "sql-injection": "error" }, "exclude": ["test/**", "*.test.js"], "secretPatterns": [ "api[_-]?key", "secret", "password", "token" ] } }

Notes

  • Integrates with GitHub Security Advisories

  • Supports custom rule definitions

  • Can generate security reports in SARIF format

  • Zero false positives mode available

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

security-first

No summary provided by upstream source.

Repository SourceNeeds Review
-4
j0kz
Automation

api-integration

No summary provided by upstream source.

Repository SourceNeeds Review
-5
j0kz
Automation

dependency-doctor

No summary provided by upstream source.

Repository SourceNeeds Review
-4
j0kz