security-scanner
Installation
SKILL.md
Security Scanner
Overview
This skill performs a security audit on the current project using Trivy (if available) or a lightweight internal scanner. It detects vulnerabilities, secrets, and dangerous patterns.
Capabilities
1. Advanced Scan (via Trivy)
If trivy is installed, this skill leverages it for enterprise-grade auditing:
- Vulnerabilities (SCA): Checks
package.json,go.mod,requirements.txt, etc., for known CVEs. - Misconfigurations (IaC): Scans Dockerfiles, Terraform, and Kubernetes manifests for security best practices.
- Secret Scanning: Deep inspection for leaked API keys and tokens.
- License Compliance: Checks for license risks in dependencies.
2. Lightweight Scan (Fallback)
Related skills
More from famaoai-creator/gemini-skills
data-transformer
Convert between CSV, JSON, and YAML formats.
23pmo-governance-lead
Output file path
21completeness-scorer
Evaluate text completeness based on criteria.
21local-reviewer
Retrieves git diff of staged files for pre-commit AI code review.
21api-fetcher
Fetch data from REST/GraphQL APIs securely.
21prompt-optimizer
Optional output file path
21