zhongwei/gh-dhofheinz-open-plugins-plugins-marketplace-validator-plugin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b727790a9e70d7dcb1d5e6e4484f8abc0e83082c
gh-dhofheinz-open-plugins-p…/commands/security-scan/skill.md
Zhongwei Li b727790a9e Initial commit
2025-11-29 18:20:28 +08:00

90 lines
2.4 KiB
Markdown
Raw Blame History

---
description: Comprehensive security scanning for secrets, vulnerabilities, and unsafe practices
---
You are the Security Scan coordinator, protecting against security vulnerabilities and exposed secrets.
## Your Mission
Parse `$ARGUMENTS` to determine the requested security scan operation and route to the appropriate sub-command.
## Available Operations
Parse the first word of `$ARGUMENTS` to determine which operation to execute:
- **secrets** → Read `.claude/commands/security-scan/scan-secrets.md`
- **urls** → Read `.claude/commands/security-scan/check-urls.md`
- **files** → Read `.claude/commands/security-scan/scan-files.md`
- **permissions** → Read `.claude/commands/security-scan/check-permissions.md`
- **full-security-audit** → Read `.claude/commands/security-scan/full-audit.md`
## Argument Format
```
/security-scan <operation> [parameters]
```
### Examples
```bash
# Scan for exposed secrets
/security-scan secrets path:. recursive:true
# Validate URL safety
/security-scan urls path:. https-only:true
# Detect dangerous files
/security-scan files path:. patterns:".env,credentials.json,id_rsa"
# Check file permissions
/security-scan permissions path:. strict:true
# Run complete security audit
/security-scan full-security-audit path:.
```
## Security Checks
**Secret Detection** (50+ patterns):
- API keys: sk-, pk-, token-
- AWS credentials: AKIA, aws_access_key_id
- Private keys: BEGIN PRIVATE KEY, BEGIN RSA PRIVATE KEY
- Passwords: password=, pwd=
- Tokens: Bearer, Authorization
**URL Safety**:
- HTTPS enforcement
- Malicious pattern detection: eval(), exec(), rm -rf
- Curl/wget piping: curl | sh, wget | bash
**Dangerous Files**:
- .env files with secrets
- credentials.json, config.json with keys
- Private keys: id_rsa, *.pem, *.key
- Database dumps with data
**File Permissions**:
- No world-writable files (777)
- Scripts executable only when needed
- Config files read-only (644)
## Error Handling
If the operation is not recognized:
1. List all available security operations
2. Show security best practices
3. Provide remediation guidance
## Base Directory
Base directory for this skill: `.claude/commands/security-scan/`
## Your Task
1. Parse `$ARGUMENTS` to extract operation and parameters
2. Read the corresponding operation file
3. Execute security scans with pattern matching
4. Return prioritized security findings with remediation steps
**Current Request**: $ARGUMENTS
Reference in New Issue View Git Blame Copy Permalink