Claude Code Plugins

Community-maintained marketplace

Feedback

security-scanner

@j0KZ/mcp-agents
0
0

Comprehensive security vulnerability scanning. Use when checking for OWASP vulnerabilities, scanning for secrets/API keys, auditing dependencies for CVEs, or running pre-commit security checks.

Install Skill

1Download skill
2Enable skills in Claude

Open claude.ai/settings/capabilities and find the "Skills" section

3Upload to Claude

Click "Upload skill" and select the downloaded ZIP file

Note: Please verify skill by going through its instructions before using it.

SKILL.md

name security-scanner
description Comprehensive security vulnerability scanning. Use when checking for OWASP vulnerabilities, scanning for secrets/API keys, auditing dependencies for CVEs, or running pre-commit security checks.

Security Scanner

Advanced security vulnerability detection and remediation for codebases

Quick Commands

# Quick security scan
npx @j0kz/security-scanner scan

# Check for secrets
npx secretlint "**/*"

# OWASP dependency check
npm audit fix

# Static analysis
npx eslint-plugin-security

Core Functionality

Key Features

  1. OWASP Top 10 Detection: SQL injection, XSS, CSRF, etc.
  2. Secret Scanning: API keys, passwords, tokens
  3. Dependency Vulnerabilities: Known CVEs in dependencies
  4. Code Patterns: Insecure coding practices
  5. Compliance Checking: GDPR, PCI-DSS, HIPAA patterns

Detailed Information

For comprehensive details, see:

cat .claude/skills/security-scanner/references/owasp-patterns.md

cat .claude/skills/security-scanner/references/secret-detection.md

cat .claude/skills/security-scanner/references/remediation-guide.md

Usage Examples

Example 1: Full Security Audit

import { SecurityScanner } from '@j0kz/security-scanner';

const scanner = new SecurityScanner({
  severity: 'high',
  includeDevDependencies: false
});

const results = await scanner.scan('./src');
console.log(`Found ${results.vulnerabilities.length} vulnerabilities`);

Example 2: Pre-commit Hook

#!/bin/sh
# .husky/pre-commit

npx @j0kz/security-scanner scan --staged --fail-on-high

Security Patterns Detected

  • SQL Injection risks
  • Cross-Site Scripting (XSS)
  • Command Injection
  • Path Traversal
  • Sensitive Data Exposure
  • XML External Entity (XXE)
  • Broken Authentication
  • Security Misconfiguration
  • Using Components with Known Vulnerabilities
  • Insufficient Logging

Configuration

{
  "security-scanner": {
    "rules": {
      "no-eval": "error",
      "no-implied-eval": "error",
      "no-hardcoded-secrets": "error",
      "sql-injection": "error"
    },
    "exclude": ["test/**", "*.test.js"],
    "secretPatterns": [
      "api[_-]?key",
      "secret",
      "password",
      "token"
    ]
  }
}

Notes

  • Integrates with GitHub Security Advisories
  • Supports custom rule definitions
  • Can generate security reports in SARIF format
  • Zero false positives mode available