Skills

security-scan

Installation
SKILL.md

Security Scan Skill

Overview

Orchestrates the full security scanning workflow across all supported languages.

Supported Languages

Language Marker Files Pattern Count
JavaScript/TypeScript package.json 25+
PHP composer.json 20+
Python requirements.txt, pyproject.toml 18+
Swift/iOS Package.swift, *.xcodeproj 15+
Go go.mod 12+
Rust Cargo.toml 10+

Workflow

  1. Detect language from project markers
  2. Load patterns from references/scan-patterns.md
  3. Run scripts/security-scan.sh for automated scanning
  4. Map findings to OWASP categories via references/owasp-top10.md
  5. Generate report using references/templates/scan-report.md

Pattern Categories

  • XSS (Cross-Site Scripting)
  • SQL Injection
  • Command Injection
  • Code Execution (eval, exec)
  • SSRF (Server-Side Request Forgery)
  • Weak Cryptography
  • Hardcoded Secrets
  • Insecure Deserialization
  • Path Traversal / LFI / RFI

Integration

After scanning, delegate fixes to sniper:

Agent(subagent_type="fuse-ai-pilot:sniper", prompt="Security fixes: [FILE:LINE] [VULN] [FIX]")

References

Related skills

More from fusengine/agents

Installs
23
Repository
fusengine/agents
GitHub Stars
11
First Seen
Feb 28, 2026