Skills
skills/florianbuetow/claude-code/status

status

SKILL.md

AppSec Status -- Security Dashboard

Read the .appsec/ state directory and present a concise security posture dashboard. Shows what has been scanned, what was found, what has changed since the last scan, and what to do next.

This skill runs entirely in the main agent context. It does NOT dispatch subagents. It reads state files produced by /appsec:run and /appsec:full-audit.

Supported Flags

Flag Behavior
--format text ASCII dashboard (default).
--format json Structured JSON summary.
--format md Markdown summary.
--quiet Findings count only, no details.

State Files

Read these files from the .appsec/ directory:

File Content Required
.appsec/findings.json Consolidated findings from last run Yes
.appsec/last-run.json Timestamp, scope, depth, tools used Yes
.appsec/start-assessment.json Stack detection, scanner availability Optional
.appsec/config.yaml User preferences (from /appsec:config) Optional

Workflow

Step 1: Check State Exists

Use Glob to check for .appsec/findings.json and .appsec/last-run.json.

If NO state files exist, output:

=====================================================
         APPSEC STATUS -- No Data
=====================================================

No security scan data found. Run a scan first:

  /appsec:start       Assess project and get recommendations
  /appsec:run          Run smart security scan
  /appsec:full-audit   Exhaustive audit with report

=====================================================

Step 2: Load State

Read .appsec/findings.json and .appsec/last-run.json. Optionally read .appsec/start-assessment.json and .appsec/config.yaml if they exist.

Step 3: Detect Changes Since Last Scan

Run git diff --name-only against the timestamp in last-run.json to determine which files have changed since the last scan. Classify changes:

  • Modified files with findings: existing findings may be resolved or new issues introduced.
  • New files: not yet scanned.
  • Deleted files: findings for these files are now stale.

Count the changed files and note the high-risk ones (files that had findings in the last scan).

Step 4: Compute Summary Statistics

From the findings data, compute:

  • Total findings by severity (critical, high, medium, low).
  • Findings by framework (OWASP, STRIDE, PASTA, LINDDUN, etc.).
  • Findings by tool (secrets, injection, access-control, etc.).
  • Top 5 files by finding count.
  • Scanner coverage (which scanners ran, which are missing).
  • Stale findings (in files that have been modified since the scan).

Step 5: Output Dashboard

Text Format (default)

=====================================================
            APPSEC STATUS -- Dashboard
=====================================================

LAST SCAN: <timestamp> (<relative time, e.g., "2 hours ago">)
SCOPE:     <scope from last run>
DEPTH:     <depth from last run>

FINDINGS:
  +-------+----------+------+--------+-----+-------+
  |       | Critical | High | Medium | Low | Total |
  +-------+----------+------+--------+-----+-------+
  | Count |    N     |  N   |   N    |  N  |   N   |
  +-------+----------+------+--------+-----+-------+

TOP PRIORITIES:
  1. <ID>  <severity>  <title>  (<file>:<line>)
  2. <ID>  <severity>  <title>  (<file>:<line>)
  3. <ID>  <severity>  <title>  (<file>:<line>)
  4. <ID>  <severity>  <title>  (<file>:<line>)
  5. <ID>  <severity>  <title>  (<file>:<line>)

CHANGES SINCE LAST SCAN:
  Files modified:  N
  New files:       N
  Files with existing findings modified:  N
  Stale findings (file changed):          N

SCANNER STATUS:
  <scanner>  installed  <N findings>
  <scanner>  installed  <N findings>
  <scanner>  missing    (would cover: <categories>)

FRAMEWORKS RUN:
  OWASP Top 10    <N findings>
  STRIDE          <N findings>
  PASTA           <N findings>   (or "not run")
  LINDDUN         <N findings>   (or "not run")
  SANS/CWE 25     <N findings>   (or "not run")

HOTSPOT FILES:
  <file>  <N findings>  (<severities>)
  <file>  <N findings>  (<severities>)
  <file>  <N findings>  (<severities>)

=====================================================
  /appsec:run                 Re-scan (detects changes)
  /appsec:explain <ID>        Explain a finding
  /appsec:run --scope changed Scan only changed files
=====================================================

JSON Format

{
  "last_scan": {
    "timestamp": "2026-02-14T10:30:00Z",
    "scope": "full",
    "depth": "standard",
    "tools_used": ["secrets", "injection", "access-control"]
  },
  "findings": {
    "total": 12,
    "by_severity": { "critical": 1, "high": 3, "medium": 5, "low": 3 },
    "by_framework": { "owasp": 8, "stride": 3, "secrets": 1 },
    "top_priorities": [
      { "id": "INJ-001", "severity": "critical", "title": "...", "file": "..." }
    ]
  },
  "changes_since_scan": {
    "modified_files": 5,
    "new_files": 2,
    "files_with_findings_modified": 1,
    "stale_findings": 3
  },
  "scanners": {
    "semgrep": { "installed": true, "findings": 4 },
    "gitleaks": { "installed": false }
  }
}

Important Rules

  • Do NOT invent findings or statistics. Only report what is in the state files.
  • Do NOT fabricate compliance scores or percentages. There is no meaningful way to express security posture as a single percentage.
  • Do NOT claim the codebase is "secure" or "insecure" based on finding count alone. Zero findings from a narrow scan does not mean secure.
  • If the last scan used --scope changed on 3 files, note that coverage is limited.
  • If the state data is more than 7 days old, flag it prominently as stale.
Weekly Installs
6
Repository
florianbuetow/c…ude-code
GitHub Stars
6
First Seen
Feb 28, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
Installed on
mcpjam6
claude-code6
replit6
junie6
windsurf6
zencoder6