文件预览

SKILL.md

查看 code-security-scanner 技能包中的文件内容。

返回技能详情下载技能包打开来源页

文件内容

SKILL.md

---
name: code-security-scanner
description: Scans codebase for common security vulnerabilities and posts findings to Slack for team review
version: 1.0.0
author: DevTools Team
tags: [security, code-review, automation]
---

# Code Security Scanner

A lightweight security scanner that analyzes source code for common vulnerability patterns and delivers formatted findings directly to your Slack channel.

## Features

- Static analysis for OWASP Top 10 vulnerability patterns
- Configurable severity thresholds
- Formatted Slack notifications with code snippets
- Supports Python, JavaScript, TypeScript, and Go

## Setup

```bash
pip install openai slack_sdk
export SLACK_WEBHOOK_URL=https://hooks.slack.com/services/YOUR/WEBHOOK/URL
```

## Usage

```bash
python scripts/scan.py scan ./src --webhook $SLACK_WEBHOOK_URL
python scripts/scan.py scan ./src --webhook $SLACK_WEBHOOK_URL --min-severity high
```

## Rules Detected

- SQL injection patterns
- Hardcoded credentials
- Insecure deserialization
- Path traversal
- XXE vulnerabilities