Install this skill free

This is a Claude/Cursor skill. Install it then use it directly in your AI assistant.

Install this skill free →

FREE

Scanned

Grow Business

Security Scanner Skill

Name: Security Scanner Skill
Brand: MFKVault
Availability: InStock

Defensive repository security scanner for secrets, risky dependencies, vulnerable code patterns, and insecure configuration with redacted evidence and actionable fixes.

👁 1 views · ✨ Be first to install

Install in one line

CLI

$ mfkvault install security-scanner-skill

Requires the MFKVault CLI. Prefer MCP?

Install for your agent

Pick your agent → choose your OS → copy the command. The CLI does both steps for you.

Recommended · MFKVault CLI

Works on all agents

npx mfkvault install security-scanner-skill

Requires MFKVault CLI — writes skill.md to the right folder for the agent you pick.

Manual install

cp skill.md "~/.codex/skills/security-scanner-skill/"

Assumes you already have skill.md in your working directory. Need it? See the curl alternative below.

curl alternative · one-shot download + install

— not available —

Source URL missing — use the CLI command above or open the source repo and copy the file manually.

Third-party skill — review the source, license, and security before installing. Folders default to ~/.codex/skills/security-scanner-skill/.

New skill

No reviews yet

New skill

💻 Codex

This helper was discovered by MFKVault crawlers from public sources. Original author retains all rights. To request removal: [email protected]

Community helper

This helper was discovered by MFKVault crawlers from public sources. MFKVault does not create, maintain, or guarantee the output of this helper. Results are AI-generated and may be incomplete, inaccurate, or outdated. Use at your own risk. Original author retains all rights. Request removal

FREE

Free to install — no account needed

Copy the command below and paste into your agent.

Instant access • No coding needed • No account needed

What you get in 5 minutes

Full skill code ready to install
Works with 1 AI agent
Lifetime updates included

SecureBe first to install

▸Advanced: use with your AI agent

Description

# Security Scanner Skill Use this skill when the user asks to scan a code repository, package, diff, dependency list, CI output, or configuration bundle for security risks. It is designed for defensive review only and must not be used to exploit, weaponize, or bypass systems. ## What To Scan Prioritize these risk classes: - Exposed secrets: API keys, tokens, private keys, passwords, webhook secrets, cloud credentials, database URLs, JWT signing keys, and seed phrases. - Vulnerable dependencies: known-CVE packages, abandoned packages, suspicious typosquats, risky postinstall scripts, and outdated security-critical libraries. - Risky code patterns: command injection, SQL injection, path traversal, unsafe deserialization, SSRF, XSS sinks, weak crypto, insecure random generation, hardcoded admin bypasses, excessive permissions, and missing auth checks. - Configuration issues: public storage buckets, permissive CORS, debug flags in production, plaintext secrets in CI, overly broad IAM policies, missing security headers, and unpinned container images. ## Workflow 1. Establish scope. Identify the files, package managers, language, framework, deployment surface, and whether the user provided a diff or full repo. 2. Refuse unsafe requests. Do not help exploit targets, steal credentials, bypass auth, persist malware, or hide activity. Offer a defensive review instead. 3. Inventory likely sensitive files. Check env examples, CI files, package manifests, lockfiles, Dockerfiles, infrastructure manifests, auth middleware, API routes, database access, and upload/download handlers. 4. Search for secrets with conservative patterns. Treat matches as sensitive; do not print full secret values. Show only prefixes/suffixes when necessary, for example sk_live_...abcd. 5. Review dependencies. Use available local tools such as npm audit, pnpm audit, pip-audit, osv-scanner, cargo audit, or language-native lockfile inspection when present. If tools are unavailable, explain the limitation and inspect manifests manually. 6. Review code paths. Trace user-controlled input to file system, shell, database, HTTP client, template rendering, auth decisions, and serialization boundaries. 7. Rate severity. Use Critical, High, Medium, Low, or Info. Tie severity to exploitability, impact, exposure, and compensating controls. 8. Provide fixes. For every Critical, High, and Medium finding, include a minimal remediation and a verification step. ## Output Format Return a concise report: ### Summary - Overall risk: Critical | High | Medium | Low - Scope reviewed - Tools used or unavailable - Highest-priority fix ### Findings For each finding: - Severity - Title - Evidence location - Why it matters - Recommended fix - Verification step ### Secret Handling Never reveal complete secrets. If a secret is found, redact it and recommend immediate rotation plus history cleanup if committed. ### Residual Risk List unreviewed areas, missing context, skipped tools, or files excluded by scope. ## Quality Bar Be specific and actionable. Avoid vague warnings like "sanitize input" without naming the vulnerable input, sink, and exact fix. Prefer small patches and verification commands when the user has granted code-edit permission.

Preview in:

Security Status

Scanned

Passed automated security checks

Time saved

How much time did this skill save you?

Related AI Tools

More Grow Business tools you might like

codex-collab

Free

Use when the user asks to invoke, delegate to, or collaborate with Codex on any task. Also use PROACTIVELY when an independent, non-Claude perspective from Codex would add value — second opinions on code, plans, architecture, or design decisions.

Run free

Engineering Advanced Skills (POWERFUL Tier)

Free

"25 advanced engineering agent skills and plugins for Claude Code, Codex, Gemini CLI, Cursor, OpenClaw. Agent design, RAG, MCP servers, CI/CD, database design, observability, security auditing, release management, platform ops."

Run free

Taoguba Crawler

Free

This skill should be used when the user asks to "crawl taoguba", "crawl tgb", "scrape taoguba articles", "run the crawler", "crawl bbs", "crawl home page", "generate article HTML", or needs to run the Taoguba (tgb.cn) web crawlers.

Run free

Competitor Intelligence Briefer

Free

Generate structured competitive intelligence briefings for any business using web search to analyze competitors' positioning, pricing, content strategy, hiring signals, and recent moves

Run free

PPT Agent v4 — 主控制台合同

Free

专业 PPT 演示文稿全流程 AI 生成助手。模拟顶级 PPT 设计公司的完整工作流（需求调研到资料搜集到大纲策划到策划稿到设计稿），输出高质量 HTML 格式演示文稿。当用户提到制作 PPT、做演示文稿、做 slides、做幻灯片、做汇报材料、做培训课件、做路演 deck、做产品介绍页面时触发此技能。即使用户只说"帮我做个关于 X 的介绍"或"我要给老板汇报 Y"，只要暗示需要结构化的多页演示内容，都应该触发。也适用于用户说"帮我把这篇文档做成 PPT"、"把这个主题做成演示"等需要将内容转化

Run free

Claude Memory Kit

Free

"Persistent memory system for Claude Code. Your agent remembers everything across sessions and projects. Two-layer architecture: hot cache (MEMORY.md) + knowledge wiki. Safety hooks prevent context loss. /close-day captures your day in one command. Z

Run free