Zum Hauptinhalt springen
Dieser Inhalt ist noch nicht in Ihrer Sprache verfügbar und wird auf Englisch angezeigt.

Security Scan

Skill Verifiziert Aktiv
Teil von:Ruflo Security Audit

Run full security scans on the codebase using Ruflo security tools

Zweck

To provide developers with a reliable and configurable tool for identifying security vulnerabilities and CVEs within their codebase, ensuring a more secure software development lifecycle.

Funktionen

  • Run full security scans
  • Select scan depth (quick, standard, full)
  • Check for known CVEs
  • Identify input validation and path traversal issues
  • Store scan findings via MCP

Anwendungsfälle

  • Integrate security scanning into CI/CD pipelines
  • Proactively identify and remediate vulnerabilities before deployment
  • Perform in-depth security audits of codebases
  • Ensure compliance with security best practices

Nicht-Ziele

  • Performing dynamic application security testing (DAST)
  • Acting as a runtime security monitor
  • Remediating vulnerabilities automatically

Workflow

  1. Specify scan depth (quick, standard, or full)
  2. Execute scan using `npx @claude-flow/cli@latest security scan --depth DEPTH`
  3. Optionally run specific checks like `security cve --check`
  4. Generate a markdown report using `security report --format markdown`
  5. Store findings via MCP using `memory_store`
  6. Train post-task hooks upon successful completion

Praktiken

  • Security Auditing
  • Vulnerability Management
  • Code Quality Assurance

Voraussetzungen

  • Node.js and npm/npx installed
  • Claude Code environment

Installation

Zuerst Marketplace hinzufügen

/plugin marketplace add ruvnet/ruflo
/plugin install ruflo-security-audit@ruflo

Qualitätspunktzahl

Verifiziert
99 /100
Analysiert about 21 hours ago

Vertrauenssignale

Letzter Commitabout 23 hours ago
GitHub-Inhaber ruvnet (opens in new tab)
Sterne50.2k
Downloads 68.3k (opens in new tab)
LizenzMIT
Websitecognitum.one(opens in new tab)
Status
Quellcode ansehen

Ähnliche Erweiterungen

Semgrep Rule Creator

100

Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.

Skill
trailofbits

Github

100

Use gh for GitHub issues, PR status, CI/logs, comments, reviews, releases, and API queries.

Skill
steipete

Cli Creator

100

Build a composable CLI for Codex from API docs, an OpenAPI spec, existing curl examples, an SDK, a web app, an admin tool, or a local script. Use when the user wants Codex to create a command-line tool that can run from any repo, expose composable read/write commands, return stable JSON, manage auth, and pair with a companion skill.

Skill
openai

Migrate Validate

100

Validate pending migrations for foreign key consistency, rollback safety, and best practices

Skill
ruvnet

Moyu (摸鱼)

100

자동으로 과잉 엔지니어링 패턴을 탐지합니다: (1) 사용자가 명시적으로 요청하지 않은 코드나 파일을 수정하는 경우 (2) 요청되지 않은 새로운 추상화 레이어(클래스, 인터페이스, 팩토리, 래퍼)를 생성하는 경우 (3) 요청되지 않은 주석, 문서, JSDoc, 타입 어노테이션을 추가하는 경우 (4) 요청되지 않은 새로운 종속성을 도입하는 경우 (5) 최소한의 편집 대신 파일 전체를 다시 작성하는 경우 (6) diff 범위가 사용자의 요청을 명백히 초과하는 경우 (7) 사용자가 "너무 많아", "거기는 건드리지 마", "X만 변경해", "간단하게", "그만"과 같은 신호를 보내는 경우 (8) 발생할 수 없는 시나리오에 대한 오류 처리, 유효성 검사, 방어적 코드 추가 (9) 요청되지 않은 테스트, 설정 스캐폴딩, 문서 생성

Skill
uucz

Safe Mode

100

Prevent destructive operations using Claude Code hooks. Three modes — cautious (warn on dangerous commands), lockdown (restrict edits to one directory), and clear (remove restrictions). Uses PreToolUse matchers for Bash, Edit, and Write.

Skill
rohitg00