[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"extension-skill-jwynia-security-scan-tr":3,"guides-for-jwynia-security-scan":222,"similar-k17b5tzf5982vcjjxkb4k36qp9867w4x":223},{"_creationTime":4,"_id":5,"children":6,"community":7,"display":9,"evaluation":21,"identity":188,"isFallback":193,"parentExtension":194,"providers":195,"relations":199,"repo":201,"workflow":219},1778053622473.6746,"k17b5tzf5982vcjjxkb4k36qp9867w4x",[],{"reviewCount":8},0,{"description":10,"installMethods":11,"name":12,"sourceUrl":13,"tags":14},"Scan code for security vulnerabilities including OWASP Top 10, secrets, and misconfigurations. Use when you need comprehensive security analysis of a codebase.",{},"Security Scan","https://github.com/jwynia/agent-skills/tree/HEAD/skills/tech/security/security-scan",[15,16,17,18,19,20],"security","code-analysis","vulnerability-scanning","owasp","secrets","compliance",{"_creationTime":22,"_id":23,"extensionId":5,"locale":24,"result":25,"trustSignals":176,"workflow":186},1778054012697.0547,"kn7f176brcjdw6krmpckdjfkh58661e5","en",{"checks":26,"evaluatedAt":166,"extensionSummary":167,"promptVersionExtension":168,"promptVersionScoring":169,"rationale":170,"score":171,"summary":172,"tags":173,"targetMarket":174,"tier":175},[27,32,35,38,42,45,49,53,56,59,63,68,71,75,78,81,84,87,90,93,96,100,104,108,112,115,118,121,125,128,131,134,137,140,144,147,150,153,156,159,163],{"category":28,"check":29,"severity":30,"summary":31},"Practical Utility","Problem relevance","pass","The description clearly states the problem of scanning code for security vulnerabilities and lists specific areas like OWASP Top 10, secrets, and misconfigurations, and provides a clear use case.",{"category":28,"check":33,"severity":30,"summary":34},"Unique selling proposition","The skill offers a comprehensive security analysis by covering multiple categories and providing different scan modes (full, quick, focused), which goes beyond a simple prompt and offers value.",{"category":28,"check":36,"severity":30,"summary":37},"Production readiness","The skill is production-ready, offering multiple scan modes, detailed output formats, configuration options, and clear command references. It appears to cover the complete lifecycle of a security scan.",{"category":39,"check":40,"severity":30,"summary":41},"Scope","Single responsibility principle","The skill focuses specifically on security scanning and does not extend into unrelated domains like deployment or general code review.",{"category":39,"check":43,"severity":30,"summary":44},"Description quality","The description accurately reflects the skill's capabilities, is concise, readable, and covers the core function of security scanning.",{"category":46,"check":47,"severity":30,"summary":48},"Invocation","Scoped tools","The skill uses scoped commands like `/security-scan`, `/security-scan --quick`, and `/security-scan --focus \u003Ccategory>`, which are specific and well-defined.",{"category":50,"check":51,"severity":30,"summary":52},"Documentation","Configuration & parameter reference","All options, parameters, scan modes, and categories are well-documented in the SKILL.md file, including default behaviors.",{"category":39,"check":54,"severity":30,"summary":55},"Tool naming","The primary command `/security-scan` and its flags are descriptive and relevant to the skill's security scanning purpose.",{"category":39,"check":57,"severity":30,"summary":58},"Minimal I/O surface","The skill's inputs (scope, modes, focus) are specific and well-defined, and the output format is structured and clear, avoiding unnecessary diagnostic dumps.",{"category":60,"check":61,"severity":30,"summary":62},"License","License usability","The license is MIT, a standard permissive open-source license, and is correctly declared in the SKILL.md frontmatter.",{"category":64,"check":65,"severity":66,"summary":67},"Maintenance","Commit recency","not_applicable","The repository is missing commit information for the default branch, so commit recency cannot be evaluated.",{"category":64,"check":69,"severity":66,"summary":70},"Dependency Management","The skill itself does not appear to introduce external dependencies that require explicit management for updates or vulnerability checks.",{"category":72,"check":73,"severity":30,"summary":74},"Security","Secret Management","The skill's purpose is to detect secrets, and it does not appear to handle or echo resolved secrets into its output. Remediation guidance suggests using environment variables and secrets managers.",{"category":72,"check":76,"severity":30,"summary":77},"Injection","The skill's documentation and references provide detailed patterns for detecting various injection vulnerabilities and include remediation guidance, indicating a strong focus on this area.",{"category":72,"check":79,"severity":30,"summary":80},"Transitive Supply-Chain Grenades","The skill appears to be self-contained and does not fetch remote code or data at runtime, nor does it rely on external scripts or symlinks outside its bundle.",{"category":72,"check":82,"severity":30,"summary":83},"Sandbox Isolation","The skill's documentation and nature suggest it operates within the provided scope and does not modify files outside the project folder. It focuses on analysis rather than destructive operations.",{"category":72,"check":85,"severity":30,"summary":86},"Sandbox escape primitives","No evidence of sandbox escape primitives like detached processes or retry loops around denied tool calls was found in the documentation or provided code.",{"category":72,"check":88,"severity":30,"summary":89},"Data Exfiltration","The skill's primary function is to find secrets and vulnerabilities; there's no indication it exfiltrates confidential data. Its outbound calls (if any) would be for vulnerability database lookups, which are expected and documented as part of its function.",{"category":72,"check":91,"severity":30,"summary":92},"Hidden Text Tricks","The bundled files and markdown do not contain hidden text tricks, invisible characters, or obfuscated instructions designed to steer the model covertly.",{"category":72,"check":94,"severity":30,"summary":95},"Opaque code execution","The skill's logic is presented in readable markdown and does not appear to use obfuscated code, base64 payloads, or runtime script fetching.",{"category":97,"check":98,"severity":30,"summary":99},"Portability","Structural Assumption","The skill provides configuration options like `--scope` and `.security-scan.yaml` to adapt to different project structures, rather than making rigid assumptions.",{"category":101,"check":102,"severity":66,"summary":103},"Trust","Issues Attention","No issue data is available for this repository.",{"category":105,"check":106,"severity":30,"summary":107},"Versioning","Release Management","A version ('1.0') is declared in the SKILL.md frontmatter, fulfilling the requirement for versioning.",{"category":109,"check":110,"severity":30,"summary":111},"Code Execution","Validation","While explicit schema validation libraries aren't shown, the skill's parameters are clearly defined and constrained via commands and configuration files, and the reference documents detail input validation for detected patterns.",{"category":72,"check":113,"severity":30,"summary":114},"Unguarded Destructive Operations","The skill is analytical and read-only, focusing on detection rather than performing destructive operations. There are no destructive primitives present.",{"category":109,"check":116,"severity":30,"summary":117},"Error Handling","The skill's output format includes severity levels and remediation guidance, suggesting that errors and findings are handled and reported meaningfully. The documentation implies a structured reporting process.",{"category":109,"check":119,"severity":66,"summary":120},"Logging","The skill is analytical and read-only, so local audit logging of destructive actions is not applicable.",{"category":122,"check":123,"severity":30,"summary":124},"Compliance","GDPR","The skill focuses on code analysis and does not inherently operate on personal data without sanitization. Its purpose is to find secrets and vulnerabilities within code files.",{"category":122,"check":126,"severity":30,"summary":127},"Target market","The skill is a general security scanning tool applicable to any codebase, with no specific regional or jurisdictional limitations detected. Target market is global.",{"category":97,"check":129,"severity":30,"summary":130},"Runtime stability","The skill's documentation does not indicate assumptions about specific editors, shells, or OS, and its use of standard command-line arguments suggests good portability.",{"category":46,"check":132,"severity":30,"summary":133},"Precise Purpose","The description and frontmatter clearly state the skill's purpose: scanning code for security vulnerabilities, including OWASP Top 10, secrets, and misconfigurations, and specifies when to use it.",{"category":46,"check":135,"severity":30,"summary":136},"Concise Frontmatter","The frontmatter is concise and provides a clear summary of the skill's core capability and usage examples.",{"category":50,"check":138,"severity":30,"summary":139},"Concise Body","The skill's markdown body is well-organized, uses progressive disclosure for detailed information, and stays within a reasonable length.",{"category":141,"check":142,"severity":30,"summary":143},"Context","Progressive Disclosure","Detailed information such as OWASP coverage, detection patterns, and remediation guidance is provided in separate reference files, linked from the main SKILL.md.",{"category":141,"check":145,"severity":66,"summary":146},"Forked exploration","This skill is a scanner and does not perform deep exploration that would require forked context.",{"category":28,"check":148,"severity":30,"summary":149},"Usage examples","The documentation provides clear, ready-to-use examples for various commands and scan modes, demonstrating input and expected usage.",{"category":28,"check":151,"severity":30,"summary":152},"Edge cases","The documentation covers different scan modes (full, quick, focused), output formats, configuration options, and ignore patterns, addressing various scenarios and potential limitations.",{"category":109,"check":154,"severity":66,"summary":155},"Tool Fallback","The skill does not appear to rely on external tools like MCP servers, so fallback mechanisms are not applicable.",{"category":97,"check":157,"severity":30,"summary":158},"Stack assumptions","The skill is designed to be run from a command line with standard arguments, and its documentation does not imply specific language runtimes or framework dependencies beyond those it analyzes.",{"category":160,"check":161,"severity":30,"summary":162},"Safety","Halt on unexpected state","The skill provides clear output formats and severity levels, implying that it halts or reports findings meaningfully on unexpected states rather than proceeding silently.",{"category":97,"check":164,"severity":30,"summary":165},"Cross-skill coupling","The skill is self-contained for security scanning and explicitly lists related skills like `/secrets-scan` and `/dependency-scan` for complementary functions, rather than implicitly relying on them.",1778053954177,"This skill performs in-depth security analysis across multiple categories including OWASP Top 10, secrets detection, injection flaws, and misconfigurations. It supports various scan modes (full, quick, focused) and provides detailed output with severity levels and remediation guidance, integrating with related scanning skills for a complete security overview.","2.0.0","3.4.0","The security-scan skill is exceptionally well-documented and robust, covering a wide range of security concerns with clear usage instructions, detailed remediation guidance, and excellent use of progressive disclosure. The only check not fully applicable was 'Commit recency' due to missing metadata, and 'Dependency Management' and 'Tool Fallback' not being applicable as the skill is self-contained and analytical.",95,"A comprehensive and well-documented security scanning skill for codebases.",[15,16,17,18,19,20],"global","verified",{"codeQuality":177,"collectedAt":178,"documentation":179,"maintenance":181,"security":182,"testCoverage":185},{},1778053938514,{"descriptionLength":180,"readmeSize":8},159,{},{"hasNpmPackage":183,"license":184,"smitheryVerified":183},false,"MIT",{"hasCi":183,"hasTests":183},{"updatedAt":187},1778054012696,{"githubOwner":189,"githubRepo":190,"locale":24,"slug":191,"type":192},"jwynia","agent-skills","security-scan","skill",true,null,{"extract":196,"llm":198},{"commitSha":197,"license":184},"e02ec7e226a6e4f8419fd3b88a1d8e472d421b32",{"promptVersionExtension":168,"promptVersionScoring":169,"score":171,"targetMarket":174,"tier":175},{"repoId":200},"kd7efn3mprpa8rd8vm5hw5ebzx864fph",{"_creationTime":202,"_id":200,"identity":203,"providers":205,"workflow":216},1777995558409.897,{"githubOwner":189,"githubRepo":190,"sourceUrl":204},"https://github.com/jwynia/agent-skills",{"discover":206,"github":209},{"sources":207},[208],"skills-sh",{"closedIssues90d":8,"forks":210,"openIssues90d":211,"pushedAt":212,"readmeSize":213,"stars":214,"topics":215},10,2,1771900514000,11924,70,[],{"discoverAt":217,"extractAt":218,"githubAt":218,"updatedAt":218},1777995558409,1778053628601,{"anyEnrichmentAt":220,"extractAt":221,"githubAt":220,"llmAt":187,"updatedAt":187},1778053625386,1778053622473,[],[224,243,273,297,326],{"_creationTime":225,"_id":226,"community":227,"display":228,"identity":235,"providers":237,"relations":241,"workflow":242},1778053622473.674,"k17dd4qv51q8jrhw8tccjdhr3s867v72",{"reviewCount":8},{"description":229,"installMethods":230,"name":231,"sourceUrl":232,"tags":233},"Detect API keys, passwords, tokens, and other secrets in code. Use when you need to find hardcoded credentials and sensitive data in source code.",{},"Secrets Scan","https://github.com/jwynia/agent-skills/tree/HEAD/skills/tech/security/secrets-scan",[15,19,16,234],"developer-tools",{"githubOwner":189,"githubRepo":190,"locale":24,"slug":236,"type":192},"secrets-scan",{"extract":238,"llm":239},{"commitSha":197,"license":184},{"promptVersionExtension":168,"promptVersionScoring":169,"score":240,"targetMarket":174,"tier":175},98,{"repoId":200},{"anyEnrichmentAt":220,"extractAt":221,"githubAt":220,"llmAt":187,"updatedAt":187},{"_creationTime":244,"_id":245,"community":246,"display":247,"identity":259,"providers":262,"relations":267,"workflow":269},1778054070894.8628,"k17antgkdftwdz7cf6tkh5kq65867wht",{"reviewCount":8},{"description":248,"installMethods":249,"name":250,"sourceUrl":251,"tags":252},"Autonomous AI pentester for web apps and APIs. Run white-box security assessments with Shannon — analyzes source code, identifies attack vectors, and executes real exploits to prove vulnerabilities. Triggered by 'shannon', 'pentest', 'security audit', 'vuln scan'.",{},"Shannon Skill","https://github.com/unicodeveloper/shannon",[15,253,254,255,256,257,18,258],"pentesting","automation","api","web","exploit","docker",{"githubOwner":260,"githubRepo":261,"locale":24,"slug":261,"type":192},"unicodeveloper","shannon",{"extract":263,"llm":266},{"commitSha":264,"license":265},"6a97124bee816c7cc76c6e17bb2b0fe8c0eae032","AGPL-3.0",{"promptVersionExtension":168,"promptVersionScoring":169,"score":240,"targetMarket":174,"tier":175},{"repoId":268},"kd7dk33pc652m4w5wrxaga9qn5865x26",{"anyEnrichmentAt":270,"extractAt":271,"githubAt":270,"llmAt":272,"updatedAt":272},1778054071281,1778054070894,1778054087802,{"_creationTime":274,"_id":275,"community":276,"display":277,"identity":290,"providers":292,"relations":295,"workflow":296},1778053622473.6736,"k17cr3mkj0ckymz10rb2a9rmf986667y",{"reviewCount":8},{"description":278,"installMethods":279,"name":280,"sourceUrl":281,"tags":282},"Detect CVEs and security issues in project dependencies. Use when you need to analyze packages for known vulnerabilities across npm, pip, cargo, and other ecosystems.",{},"Dependency Scan","https://github.com/jwynia/agent-skills/tree/HEAD/skills/tech/security/dependency-scan",[15,283,284,285,286,287,288,289],"dependencies","cve","npm","pip","cargo","scanning","vulnerability",{"githubOwner":189,"githubRepo":190,"locale":24,"slug":291,"type":192},"dependency-scan",{"extract":293,"llm":294},{"commitSha":197,"license":184},{"promptVersionExtension":168,"promptVersionScoring":169,"score":240,"targetMarket":174,"tier":175},{"repoId":200},{"anyEnrichmentAt":220,"extractAt":221,"githubAt":220,"llmAt":187,"updatedAt":187},{"_creationTime":298,"_id":299,"community":300,"display":301,"identity":312,"providers":316,"relations":320,"workflow":322},1778053380851.3125,"k173xg04zamyvse0m6rer184bd866waj",{"reviewCount":8},{"description":302,"installMethods":303,"name":304,"sourceUrl":305,"tags":306},"Extension from millionco/react-doctor",{},"React Doctor","https://github.com/millionco/react-doctor/tree/HEAD/packages/website",[307,16,308,309,310,311,234],"react","cli","diagnostics","typescript","next-js",{"githubOwner":313,"githubRepo":314,"locale":24,"slug":315,"type":192},"millionco","react-doctor","website",{"extract":317,"llm":319},{"commitSha":318,"license":184},"0053faa0a85dda7d57bc09764ab600655829a4c0",{"promptVersionExtension":168,"promptVersionScoring":169,"score":240,"targetMarket":174,"tier":175},{"repoId":321},"kd7c7y7mgbqtgjw8q3h5pevtgh864s4d",{"anyEnrichmentAt":323,"extractAt":324,"githubAt":323,"llmAt":325,"updatedAt":325},1778053381509,1778053380851,1778053395404,{"_creationTime":327,"_id":328,"community":329,"display":330,"identity":340,"providers":343,"relations":347,"workflow":350},1778053197391.3792,"k170044xvvc7bx38n1fys0pzr1867rdb",{"reviewCount":8},{"description":331,"installMethods":332,"name":333,"sourceUrl":334,"tags":335},"使用 1Password CLI (op) 管理密码和 API credentials。保存、查询、读取 API key/token，注入环境变量到脚本。当用户提到保存密码、保存 API key、查询密码、1password、op CLI、secret 管理时使用此 skill。",{},"1Password CLI","https://github.com/iamzhihuix/happy-claude-skills/tree/HEAD/skills/1password",[336,308,19,337,338,339],"1password","credentials","api-keys","devops",{"githubOwner":341,"githubRepo":342,"locale":24,"slug":336,"type":192},"iamzhihuix","happy-claude-skills",{"extract":344,"llm":346},{"commitSha":345,"license":184},"f49e7782a551759c9f9e0a4d4417ff053f0a86fd",{"promptVersionExtension":168,"promptVersionScoring":169,"score":240,"targetMarket":174,"tier":175},{"parentExtensionId":348,"repoId":349},"k173w1behtbrx0ftmyyt34368x867ene","kd7dbbtdq95nkcs3k7fg9w6fdn864j0b",{"anyEnrichmentAt":351,"extractAt":352,"githubAt":351,"llmAt":353,"updatedAt":353},1778053199195,1778053197391,1778053284450]