security-scanning
The security-scanning skill performs comprehensive security auditing using the AgentShield methodology across five analysis categories: secrets detection (14 pattern types including API keys and private credentials), permission auditing (file system and network scope), hook injection analysis (git and npm lifecycle scripts), MCP risk profiling (tool permissions and data exposure), and agent config review (prompt injection resistance and sanitization). Use this skill before deployment, when introducing new dependencies, or when modifying hooks and agent configurations.
git clone --depth 1 https://github.com/a5c-ai/babysitter /tmp/security-scanning && cp -r /tmp/security-scanning/library/methodologies/everything-claude-code/skills/security-scanning ~/.claude/skills/security-scanningSKILL.md
# Security Scanning ## Overview AgentShield security audit methodology adapted from the Everything Claude Code project. Scans across 5 categories with 102 static analysis rules. ## Scanning Categories ### 1. Secrets Detection (14 Pattern Categories) - AWS access keys (AKIA pattern) - GitHub tokens (ghp_, gho_, ghs_, ghr_) - Generic API keys and bearer tokens - Database connection strings with credentials - Private keys (RSA, EC, SSH) - JWT secrets and signing keys - OAuth client secrets - Slack tokens and webhooks - Cloud provider credentials (GCP, Azure) ### 2. Permission Auditing - File system read/write scope - Network calls and protocols - Process execution (child_process) - File permissions (777, world-writable) - CORS and CSP headers - Docker privilege escalation ### 3. Hook Injection Analysis - Git hooks for command injection - npm lifecycle scripts (preinstall, postinstall) - Claude Code hooks for unsafe patterns - eval()/Function()/dynamic code execution - Unvalidated user input in shell commands ### 4. MCP Risk Profiling - Tool permission inventory - Data exposure risk mapping - Transport security (stdio vs SSE vs HTTP) - Prompt injection via tool descriptions - Rate limiting verification ### 5. Agent Config Review - Model settings integrity - Prompt injection resistance - Tool allowlist scoping - Output validation and sanitization - Information leakage in error messages ## Optional: Red Team Simulation - Attack simulation against found vulnerabilities - Exploitability rating: trivial, moderate, difficult, theoretical - Blue-team defense recommendations ## When to Use - Pre-deployment security review - New dependency introduction - Hook or plugin configuration changes - Agent or MCP server setup ## Agents Used - `security-reviewer` (primary consumer)
Review TypeScript code changes for consistency, type safety, and monorepo patterns across babysitter packages
Generate and validate documentation for @a5c-ai/babysitter-sdk CLI commands and exported APIs
Scaffold new babysitter process definitions following SDK patterns, proper structure, and best practices. Guides the 3-phase workflow from research to implementation.
Architect code review with DRY, YAGNI, abstraction, and test coverage principle enforcement