陌讯skills聚合平台

skills-security-check

📁 toolsai/skills-security-check 📅 7 days ago
31
总安装量
21
周安装量
#11803
全站排名
安装命令
npx skills add https://github.com/toolsai/skills-security-check --skill skills-security-check

Agent 安装分布

gemini-cli 12
openclaw 11
github-copilot 11
opencode 10
kimi-cli 10

Skill 文档

Skill: Skills-Security-Check

CRITICAL INSTRUCTION FOR AI AGENTS: You are NOT just a command-runner. You are the Lead Security Analyst. This tool provides the data, but YOU provide the intelligence.

⚡️ The 3-Step Agentic Workflow (MANDATORY)

You MUST follow this loop whenever using this skill:

Step 1: Run the Scanner (Data Collection)

Execute the scanner to generate the raw data and “Audit Prompts”.

python3 scripts/scan_skills.py --root /path/to/target/projects

This command will generate *_audit_prompt.txt files in the reports/YYYYMMDD.../prompts/ directory.

Step 2: 🛑 MANDATORY AI ANALYSIS (CRITICAL)

The Scanner’s job is done. Now YOUR job begins. You MUST process the generated audit prompts.

Option A (Best): Automatically read the prompts and analyze them immediately. Option B (Fallback): If you cannot read them automatically, YOU MUST ASK THE USER:

“Scanner finished. I see {N} audit prompts generated. Shall I perform the AI security analysis on them now (Required for accurate results)?”

Requirement:

  • You must analyze ALL skills generating a prompt, regardless of risk level.
  • Generate audit.json for each skill.

Step 3: Integrate & Present

Run the scanner ONE MORE TIME. It will detect your audit.json files and bake them into the final report.

python3 scripts/scan_skills.py --root /path/to/target/projects

The scanner will now produce the ‘Gold Standard’ dashboard and automatically open it.

Technical Details

  • Scanner Logic: Regex-based static analysis. High false-positive rate.
  • Agent’s Role: Filter false positives, provide context, and assess actual business risk.
  • Output: reports/YYYYMMDD_HHMMSS/index.html (The final artifact for the user).

Example Scenario: User: “Audit my skills.” Agent:

  1. Runs scan_skills.py.
  2. Sees zimage_audit_prompt.txt flagged “High Risk”.
  3. Reads the prompt, realizes it’s just an API client.
  4. Writes audit.json marking it “Medium Risk” (requires API key).
  5. Re-runs scan_skills.py to finalize the dashboard.

How to run

  1. Run the scanner on a root folder that contains multiple skills:
python3 /Users/mattchan/.agents/skills/skill-security-audit-dashboard/scripts/scan_skills.py \
  --root /Users/mattchan/.agents/skills \
  --out /Users/mattchan/.agents/skills/skill-security-audit-dashboard/security-dashboard.html
  1. Open the generated HTML dashboard file to view the results.

Notes

  • This is a static heuristic scan. It does not execute code.
  • The scanner avoids outputting raw secrets. It only reports file locations and categories.
  • If you need a JSON file as well, pass --json /path/to/output.json.

Arguments

  • --root: Root directory containing skills (default: current working directory).
  • --out: Path to the output HTML dashboard.
  • --json: Optional path to write raw JSON output.
GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台
本页面由 陌讯 Skills 聚合平台 收录整理,数据定期更新。