Security Scan Skill

When to use this skill

Activate this skill when asked to:

• Run a security scan or security audit on a project
• Find vulnerabilities, hardcoded secrets, or security misconfigurations
• Check for insecure dependencies (CVEs in npm, NuGet, pip, Maven, etc.)
• Generate a security report for the team or a code review
• Check if external tools like Semgrep, Trivy, or Gitleaks are installed
• Scan a specific category (e.g. "only check for secrets" or "check XSS only")

Quick start

node .github/skills/security-scan/scripts/scan.mjs