Skip to main content
Securityfusengine

security-scan

Main security scanning orchestration. Detects language, runs OWASP Top 10 patterns, identifies vulnerabilities, generates structured reports. Use when scanning for XSS, SQL injection, command injection, secrets, or any security vulnerability.

Stars
13
Source
fusengine/agents
Updated
2026-05-17
Slug
fusengine--agents--security-scan
View on GitHubRaw SKILL.md

// install — copy + paste into any project

mkdir -p .claude/skills && curl -fsSL https://raw.githubusercontent.com/fusengine/agents/HEAD/plugins/security-expert/skills/security-scan/SKILL.md -o .claude/skills/security-scan.md

Drops the SKILL.md into .claude/skills/security-scan.md. Works with Claude Code, Cursor, and any agent that loads SKILL.md files from .claude/skills/.

Security Scan Skill

Overview

Orchestrates the full security scanning workflow across all supported languages.

Supported Languages

Language Marker Files Pattern Count
JavaScript/TypeScript package.json 25+
PHP composer.json 20+
Python requirements.txt, pyproject.toml 18+
Swift/iOS Package.swift, *.xcodeproj 15+
Go go.mod 12+
Rust Cargo.toml 10+

Workflow

  1. Detect language from project markers
  2. Load patterns from references/scan-patterns.md
  3. Run scripts/security-scan.sh for automated scanning
  4. Map findings to OWASP categories via references/owasp-top10.md
  5. Generate report using references/templates/scan-report.md

Pattern Categories

  • XSS (Cross-Site Scripting)
  • SQL Injection
  • Command Injection
  • Code Execution (eval, exec)
  • SSRF (Server-Side Request Forgery)
  • Weak Cryptography
  • Hardcoded Secrets
  • Insecure Deserialization
  • Path Traversal / LFI / RFI

Integration

After scanning, delegate fixes to sniper:

Agent(subagent_type="fuse-ai-pilot:sniper", prompt="Security fixes: [FILE:LINE] [VULN] [FIX]")

References