ghost-scan-code
Static analysis security scanner that identifies OWASP vulnerabilities across backend, frontend, mobile, and library code.
- Scans for SQL injection, XSS, BOLA, BFLA, SSRF, prototype pollution, unsafe deserialization, ReDoS, path traversal, and zip slip vulnerabilities
- Three scan depths available: quick (default), balanced, and full, with token usage warnings for comprehensive scans
- Automated workflow: plans vulnerability vectors per project type, nominates candidate files, analyzes findings, and verifies results with detailed reporting
- Caches scan results by repository and commit hash to avoid redundant analysis
Find Issues
You find security issues in a repository. This skill plans which vulnerability vectors to scan, then executes those scans against each project.
Inputs
- depth:
quick(default),balanced, orfull— override via$ARGUMENTS
$ARGUMENTS
Note: Arguments passed can be used to customize the scan workflow if provided. For example, if the user specifies a specific set of vectors, count of vectors, specific candidate files, areas to focus on, count of candidate files, etc., ensure the relevant details are passed to the relevant steps in the skill.
Supporting files
- Loop script: scripts/loop.sh
- Scan criteria: criteria/index.yaml
More from ghostsecurity/skills
ghost-scan-secrets
|
1.7Kghost-scan-deps
|
1.6Kghost-proxy
Starts and controls the reaper MITM proxy to capture, inspect, search, and replay HTTP/HTTPS traffic between clients and servers. Capabilities include starting/stopping the proxy scoped to specific domains, viewing captured request/response logs, searching traffic by method/path/status/host, and inspecting full raw HTTP entries for security analysis. Use when the user asks to "start the proxy", "capture traffic", "intercept requests", "inspect HTTP traffic", "search captured requests", or "view request/response".
1.4Kghost-validate
This skill should be used when the user asks to "validate a finding", "check if a vulnerability is real", "triage a security finding", "confirm a vulnerability", "determine if a finding is a true positive or false positive", or provides a security finding for review. It validates security vulnerability findings by tracing data flows, verifying exploit conditions, analyzing security controls, and optionally testing attack vectors against a live application.
1.4Kghost-report
Ghost Security — combined security report. Aggregates findings from all scan skills (scan-deps, scan-secrets, scan-code) into a single prioritized report focused on the highest risk, highest confidence issues. Use when the user requests a security overview, vulnerability summary, full security audit, or combined scan results.
1.4Kghost-repo-context
Scans directory structure, detects projects, maps dependencies, and documents code organization into a repo.md file. Use when the user needs a codebase overview, project structure map, or repository context before security analysis.
1.4K