gemini-cli-security
Gemini CLI Security Skill
Overview
This skill adapts the Gemini CLI Security Extension's analysis methodology for the agent-studio framework. The original extension uses two MCP server patterns — a security analysis server and an OSV-Scanner integration — to provide dual-vector coverage. This skill implements equivalent analysis using native Claude Code tools (WebFetch for OSV.dev API, Grep/Bash for static analysis patterns).
Source repository: https://github.com/gemini-cli-extensions/security
License: Apache 2.0
Performance: 90% precision, 93% recall (OpenSSF CVE benchmark, TypeScript/JavaScript)
When to Use
- Before merging pull requests to detect introduced vulnerabilities
- During security reviews of new code changes
- For dependency auditing against known CVE databases
- For LLM-integrated applications requiring prompt injection defense review
- As part of CI/CD pipeline security gates
Iron Law
NO PRODUCTION CODE WITHOUT SECURITY ANALYSIS FOR AUTH/SECRETS/EXTERNAL-INPUT HANDLERS
All code paths handling authentication, hardcoded values, external input, or AI model outputs MUST be analyzed before production deployment.
Vulnerability Coverage
Category 1: Secrets Management
| Pattern | Detection Method |
|---|---|
| Hardcoded API keys | Grep for key patterns + entropy analysis |
| Hardcoded passwords | Credential keyword detection |
| Private keys in source | PEM block / base64 key detection |
| Encryption keys | Symmetric key constant patterns |
Category 2: Injection Attacks
| Attack Type | Examples |
|---|---|
| SQL injection | String concatenation in queries |
| XSS | Unescaped user content in HTML/JS output |
| Command injection | Shell exec with user-controlled args |
| SSRF | User-controlled URLs in server requests |
| Template injection | Unsanitized user input in template engines |
Category 3: Authentication Flaws
| Flaw | Detection |
|---|---|
| Session bypass | Missing auth middleware |
| Weak tokens | Predictable token generation |
| Insecure password reset | Token-less or email-only resets |
| Missing MFA enforcement | Auth flows without 2FA checks |
Category 4: Data Handling
| Issue | Detection |
|---|---|
| Weak cryptography | MD5/SHA1 for secrets; DES/RC4 usage |
| Sensitive data in logs | PII/credential patterns in log statements |
| PII violations | Unencrypted PII storage or transmission |
| Insecure deserialization | Unsafe pickle/eval/deserialize calls |
Category 5: LLM Safety (Novel)
| Risk | Detection |
|---|---|
| Prompt injection | User content injected into LLM prompts without sanitization |
| Unsafe output handling | LLM output used in exec/eval/shell without validation |
| Insecure tool integration | Tool calls with unchecked LLM-provided parameters |
Usage
Invocation
// From an agent
Skill({ skill: 'gemini-cli-security' });
// With arguments via Bash integration
Skill({ skill: 'gemini-cli-security', args: 'src/ --scan-deps' });
Workflow Execution
# Analyze code in a directory
node .claude/skills/gemini-cli-security/scripts/main.cjs --target src/
# Scan dependencies for CVEs
node .claude/skills/gemini-cli-security/scripts/main.cjs --scan-deps
# JSON output for CI integration
node .claude/skills/gemini-cli-security/scripts/main.cjs --target . --json
# Scoped analysis with natural language
node .claude/skills/gemini-cli-security/scripts/main.cjs --target src/auth/ --scope "focus on token handling and session management"
Output Format
Default output (markdown report):
## Security Analysis Report
### CRITICAL
- [AUTH-001] Hardcoded API key found in src/config.ts:42
Pattern: `const API_KEY = "sk-..."`
Remediation: Move to environment variable
### HIGH
- [INJ-002] SQL injection risk in src/db/users.ts:87
Pattern: String concatenation in query builder
Remediation: Use parameterized queries
### Dependencies
- lodash@4.17.15 → CVE-2021-23337 (HIGH) - Prototype pollution
Fix: Upgrade to lodash@4.17.21+
JSON output (--json flag):
{
"findings": [
{
"id": "AUTH-001",
"severity": "CRITICAL",
"category": "secrets",
"file": "src/config.ts",
"line": 42,
"description": "Hardcoded API key",
"remediation": "Move to environment variable"
}
],
"dependencies": [
{
"package": "lodash",
"version": "4.17.15",
"cve": "CVE-2021-23337",
"severity": "HIGH",
"fix": "4.17.21"
}
],
"summary": {
"critical": 1,
"high": 2,
"medium": 3,
"low": 0,
"precision": 0.9,
"recall": 0.93
}
}
OSV.dev Dependency Scanning
The skill integrates with the OSV.dev API (no authentication required) to check dependencies:
// OSV.dev batch query endpoint
WebFetch({
url: 'https://api.osv.dev/v1/querybatch',
prompt: 'Extract vulnerability IDs, severity, and affected versions for these packages',
});
Supported ecosystems: npm, PyPI, RubyGems, Maven, Go, Cargo, NuGet, Packagist
GitHub Actions Integration
The original extension supports PR analysis via GitHub Actions. This skill includes an equivalent workflow template:
# .github/workflows/security.yml
name: Security Analysis
on: [pull_request]
jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run security analysis
run: node .claude/skills/gemini-cli-security/scripts/main.cjs --target . --json
Implementation Notes
Why native tools over MCP servers: The original extension uses two MCP servers (security analysis server + OSV-Scanner binary). This skill uses native Claude Code tools instead:
- WebFetch replaces OSV-Scanner for dependency CVE lookups (OSV.dev has a public REST API)
- Grep/Bash replace the security analysis server for pattern-based detection
- This approach works immediately without binary installation or session restart
Deviation from source: The original uses Gemini AI for code analysis; this skill uses the pattern-based detection methodology documented in the extension's benchmarking. The AI analysis component can be provided by the invoking agent (security-architect) rather than an embedded AI call.
Assigned Agents
| Agent | Role |
|---|---|
security-architect |
Primary: comprehensive security audits |
developer |
Supporting: pre-commit security checks |
code-reviewer |
Supporting: PR review security layer |
Memory Protocol (MANDATORY)
Before starting:
Read .claude/context/memory/learnings.md
After completing:
- New vulnerability pattern found ->
.claude/context/memory/learnings.md - Issue with scanning ->
.claude/context/memory/issues.md - Decision about scope ->
.claude/context/memory/decisions.md
ASSUME INTERRUPTION: If it's not in memory, it didn't happen.