Skills
skills/wojons/skills/security-scan

security-scan

SKILL.md

Security Scanning

Perform comprehensive security scanning across your entire stack including applications, infrastructure, containers, dependencies, and cloud environments. This skill integrates LLM-based security analysis with industry-standard tools to identify vulnerabilities, misconfigurations, and security weaknesses.

When to use me

Use this skill when:

  • You need a complete security assessment of your application and infrastructure
  • You want to integrate multiple security scanning tools into a unified workflow
  • You need LLM-powered analysis to identify complex security issues
  • You're preparing for security audits or compliance certifications
  • You want to establish baseline security scanning in CI/CD pipelines
  • You need to scan across multiple environments (cloud, containers, infrastructure)

What I do

  • LLM-based security analysis: Use AI to identify complex security patterns, business logic flaws, and novel vulnerabilities
  • Integrated tool ecosystem: Orchestrate OWASP ZAP, Snyk, Trivy, Nessus, and other security scanners
  • Multi-layer scanning: Application (SAST/DAST), infrastructure (IaC scanning), containers, dependencies, cloud configurations
  • Vulnerability correlation: Correlate findings across different scanning tools to prioritize critical issues
  • Compliance mapping: Map vulnerabilities to compliance frameworks (SOC 2, ISO 27001, HIPAA, GDPR)
  • Remediation guidance: Provide specific, actionable remediation steps for each finding
  • Risk scoring: Calculate risk scores based on CVSS, exploit availability, and business impact

Examples

# Run comprehensive security scan
./scripts/security-scan.sh --target https://app.example.com

# Scan Docker containers
./scripts/security-scan.sh --container myapp:latest

# Scan infrastructure as code
./scripts/security-scan.sh --iac terraform/

# Generate compliance report
./scripts/security-scan.sh --compliance soc2

# LLM-powered security analysis
./scripts/security-scan.sh --llm-analysis --context "Payment processing system"

Output format

Security Scan Report
─────────────────────────────────────
Scan Date: 2025-01-15T10:30:00Z
Target: https://app.example.com
Scan Duration: 2m 45s

CRITICAL FINDINGS (3):
────────────────────────
❌ SQL Injection in /api/users endpoint
   Risk: Critical (CVSS 9.8)
   Detection: OWASP ZAP + LLM analysis
   Remediation: Use parameterized queries, implement input validation
   Compliance Impact: PCI DSS 6.5.1, OWASP A1

❌ Hard-coded AWS credentials in config file
   Risk: Critical (CVSS 8.9)
   Detection: TruffleHog + LLM pattern matching
   Remediation: Move to AWS Secrets Manager, rotate credentials
   Compliance Impact: SOC 2 CC6.1, ISO 27001 A.9.4.1

❌ Unpatched vulnerability in nginx:1.18 (CVE-2021-23017)
   Risk: Critical (CVSS 9.1)
   Detection: Trivy container scan
   Remediation: Upgrade to nginx 1.20+, apply security patches
   Compliance Impact: PCI DSS 6.2, ISO 27001 A.12.6.1

HIGH FINDINGS (8):
───────────────────
⚠️ Missing Content Security Policy header
⚠️ Excessive permissions in IAM role (AdminAccess)
⚠️ Outdated OpenSSL library (CVE-2022-2068)
⚠️ Docker container running as root
⚠️ API endpoint without rate limiting
⚠️ Sensitive data in application logs
⚠️ Missing MFA for administrative access
⚠️ Unencrypted S3 bucket

MEDIUM/LOW FINDINGS (14):
──────────────────────────
ℹ️ Security headers missing (X-Frame-Options, X-Content-Type-Options)
ℹ️ Verbose error messages revealing system information
ℹ️ Session timeout too long (24 hours)
ℹ️ Cross-site request forgery (CSRF) protection missing

LLM SECURITY ANALYSIS:
──────────────────────
🔍 Business Logic Vulnerabilities:
   • Payment amount manipulation possible in checkout flow
   • Privilege escalation via IDOR in admin panel
   • Race condition in inventory reservation system

🔍 Architectural Security Issues:
   • Monolithic architecture increases attack surface
   • Lack of network segmentation between tiers
   • Insufficient logging for security events

🔍 Compliance Gaps:
   • Missing data retention policy implementation
   • Inadequate incident response procedures
   • Insufficient employee security training documentation

SUMMARY:
────────
Total Findings: 25
Critical: 3 | High: 8 | Medium: 9 | Low: 5
Risk Score: 78/100 (High Risk)
Compliance Status: 65% compliant with SOC 2

RECOMMENDATIONS:
────────────────
1. IMMEDIATE ACTION: Fix 3 critical vulnerabilities within 24 hours
2. PRIORITY: Address 8 high-risk issues within 7 days
3. IMPROVEMENTS: Implement security controls for medium/low issues
4. ARCHITECTURAL: Consider microservices segmentation, zero-trust network
5. PROCESS: Establish security training program, incident response plan

Notes

  • Integrates with existing CI/CD pipelines and security tools
  • LLM analysis requires careful validation to avoid false positives
  • Different scanning tools may have different licensing requirements
  • Some scanners require authentication tokens or API keys
  • Always validate findings before taking remediation actions
  • Consider running scans during off-peak hours to minimize performance impact
  • Regular scanning (daily/weekly) recommended for production systems
  • Keep scanning tools updated to detect latest vulnerabilities
Weekly Installs
16
Repository
wojons/skills
GitHub Stars
1
First Seen
Feb 28, 2026
Security Audits
Gen Agent Trust HubPass
SocketFail
SnykWarn
Installed on
github-copilot16
codex16
kimi-cli16
gemini-cli16
cursor16
amp16