Security Scan (The Hacker 🔐)
Merged: security-scan + secret-guard.
When to Activate
- •User mentions: "security", "vulnerability", "hack", "audit", "credentials".
Scan Scope
OWASP Top 10
- •Injection (SQL, NoSQL, OS Command)
- •Broken Authentication
- •Sensitive Data Exposure
- •XML External Entities (XXE)
- •Broken Access Control (IDOR)
- •Security Misconfiguration
- •Cross-Site Scripting (XSS)
- •Insecure Deserialization
- •Using Components with Known Vulnerabilities
- •Insufficient Logging & Monitoring
Secret Scanning (formerly secret-guard)
Proactively scan for leaked secrets:
- •API Keys:
sk_live_,AKIA,ghp_ - •Private Keys:
BEGIN RSA PRIVATE KEY, PEM files - •Database URLs:
postgres://,mysql://with credentials - •Tokens: JWT, Bearer tokens in source code
- •
.envfiles committed to version control
Rules
- •NEVER allow secrets in committed code.
- •Flag
.envfiles not in.gitignore. - •Check for hardcoded credentials in config files.
- •Recommend environment variable injection for all secrets.