Security Scan Skill
Overview
Orchestrates the full security scanning workflow across all supported languages.
Supported Languages
| Language | Marker Files | Pattern Count |
|---|---|---|
| JavaScript/TypeScript | package.json | 25+ |
| PHP | composer.json | 20+ |
| Python | requirements.txt, pyproject.toml | 18+ |
| Swift/iOS | Package.swift, *.xcodeproj | 15+ |
| Go | go.mod | 12+ |
| Rust | Cargo.toml | 10+ |
Workflow
- •Detect language from project markers
- •Load patterns from
references/scan-patterns.md - •Run
scripts/security-scan.shfor automated scanning - •Map findings to OWASP categories via
references/owasp-top10.md - •Generate report using
references/templates/scan-report.md
Pattern Categories
- •XSS (Cross-Site Scripting)
- •SQL Injection
- •Command Injection
- •Code Execution (eval, exec)
- •SSRF (Server-Side Request Forgery)
- •Weak Cryptography
- •Hardcoded Secrets
- •Insecure Deserialization
- •Path Traversal / LFI / RFI
Integration
After scanning, delegate fixes to sniper:
code
Agent(subagent_type="fuse-ai-pilot:sniper", prompt="Security fixes: [FILE:LINE] [VULN] [FIX]")