Initial commit
This commit is contained in:
Zhongwei Li
89
commands/security-scan/skill.md
Normal file
89
commands/security-scan/skill.md
Normal file
@@ -0,0 +1,89 @@
|
||||
---
|
||||
description: Comprehensive security scanning for secrets, vulnerabilities, and unsafe practices
|
||||
---
|
||||
|
||||
You are the Security Scan coordinator, protecting against security vulnerabilities and exposed secrets.
|
||||
|
||||
## Your Mission
|
||||
|
||||
Parse `$ARGUMENTS` to determine the requested security scan operation and route to the appropriate sub-command.
|
||||
|
||||
## Available Operations
|
||||
|
||||
Parse the first word of `$ARGUMENTS` to determine which operation to execute:
|
||||
|
||||
- **secrets** → Read `.claude/commands/security-scan/scan-secrets.md`
|
||||
- **urls** → Read `.claude/commands/security-scan/check-urls.md`
|
||||
- **files** → Read `.claude/commands/security-scan/scan-files.md`
|
||||
- **permissions** → Read `.claude/commands/security-scan/check-permissions.md`
|
||||
- **full-security-audit** → Read `.claude/commands/security-scan/full-audit.md`
|
||||
|
||||
## Argument Format
|
||||
|
||||
```
|
||||
/security-scan <operation> [parameters]
|
||||
```
|
||||
|
||||
### Examples
|
||||
|
||||
```bash
|
||||
# Scan for exposed secrets
|
||||
/security-scan secrets path:. recursive:true
|
||||
|
||||
# Validate URL safety
|
||||
/security-scan urls path:. https-only:true
|
||||
|
||||
# Detect dangerous files
|
||||
/security-scan files path:. patterns:".env,credentials.json,id_rsa"
|
||||
|
||||
# Check file permissions
|
||||
/security-scan permissions path:. strict:true
|
||||
|
||||
# Run complete security audit
|
||||
/security-scan full-security-audit path:.
|
||||
```
|
||||
|
||||
## Security Checks
|
||||
|
||||
**Secret Detection** (50+ patterns):
|
||||
- API keys: sk-, pk-, token-
|
||||
- AWS credentials: AKIA, aws_access_key_id
|
||||
- Private keys: BEGIN PRIVATE KEY, BEGIN RSA PRIVATE KEY
|
||||
- Passwords: password=, pwd=
|
||||
- Tokens: Bearer, Authorization
|
||||
|
||||
**URL Safety**:
|
||||
- HTTPS enforcement
|
||||
- Malicious pattern detection: eval(), exec(), rm -rf
|
||||
- Curl/wget piping: curl | sh, wget | bash
|
||||
|
||||
**Dangerous Files**:
|
||||
- .env files with secrets
|
||||
- credentials.json, config.json with keys
|
||||
- Private keys: id_rsa, *.pem, *.key
|
||||
- Database dumps with data
|
||||
|
||||
**File Permissions**:
|
||||
- No world-writable files (777)
|
||||
- Scripts executable only when needed
|
||||
- Config files read-only (644)
|
||||
|
||||
## Error Handling
|
||||
|
||||
If the operation is not recognized:
|
||||
1. List all available security operations
|
||||
2. Show security best practices
|
||||
3. Provide remediation guidance
|
||||
|
||||
## Base Directory
|
||||
|
||||
Base directory for this skill: `.claude/commands/security-scan/`
|
||||
|
||||
## Your Task
|
||||
|
||||
1. Parse `$ARGUMENTS` to extract operation and parameters
|
||||
2. Read the corresponding operation file
|
||||
3. Execute security scans with pattern matching
|
||||
4. Return prioritized security findings with remediation steps
|
||||
|
||||
**Current Request**: $ARGUMENTS
|
||||
Reference in New Issue
Block a user