AgentSkillsCN

security-scan

主要的安全扫描编排。检测语言、运行 OWASP Top 10 模式、识别漏洞并生成结构化报告。适用于扫描 XSS、SQL 注入、命令注入、敏感信息泄露或其他安全漏洞时。

SKILL.md
--- frontmatter
name: security-scan
description: Main security scanning orchestration. Detects language, runs OWASP Top 10 patterns, identifies vulnerabilities, generates structured reports. Use when scanning for XSS, SQL injection, command injection, secrets, or any security vulnerability.
argument-hint: "[--full] [path]"
user-invocable: true

Security Scan Skill

Overview

Orchestrates the full security scanning workflow across all supported languages.

Supported Languages

LanguageMarker FilesPattern Count
JavaScript/TypeScriptpackage.json25+
PHPcomposer.json20+
Pythonrequirements.txt, pyproject.toml18+
Swift/iOSPackage.swift, *.xcodeproj15+
Gogo.mod12+
RustCargo.toml10+

Workflow

  1. Detect language from project markers
  2. Load patterns from references/scan-patterns.md
  3. Run scripts/security-scan.sh for automated scanning
  4. Map findings to OWASP categories via references/owasp-top10.md
  5. Generate report using references/templates/scan-report.md

Pattern Categories

  • XSS (Cross-Site Scripting)
  • SQL Injection
  • Command Injection
  • Code Execution (eval, exec)
  • SSRF (Server-Side Request Forgery)
  • Weak Cryptography
  • Hardcoded Secrets
  • Insecure Deserialization
  • Path Traversal / LFI / RFI

Integration

After scanning, delegate fixes to sniper:

code
Agent(subagent_type="fuse-ai-pilot:sniper", prompt="Security fixes: [FILE:LINE] [VULN] [FIX]")

References