Security Scan

Overview

Comprehensive security vulnerability scanner that checks for secrets, dependency vulnerabilities, OWASP code patterns, and file permission issues. This skill can be invoked explicitly via /security-scan or activates autonomously when the security-auditor agent detects security-sensitive code.

When This Skill Activates

Explicit invocation: /security-scan [path]

Autonomous activation (via security-auditor agent) when code touches:

• Authentication or authorization logic
• Cryptographic operations
• User input handling or validation
• SQL queries or database access
• File upload handling
• HTTP security headers
• Session management
• API key or secret management