security-scan

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Security Scan

安全扫描

Comprehensive security vulnerability detection for codebases.

针对代码库的全面安全漏洞检测。

Quick Start

快速开始

/security-scan                    # Full scan of current directory
/security-scan --scope src/       # Scan specific directory
/security-scan --quick            # Fast scan (critical issues only)
/security-scan --focus injection  # Focus on specific category

/security-scan                    # 扫描当前目录的全部内容
/security-scan --scope src/       # 扫描指定目录
/security-scan --quick            # 快速扫描（仅检测关键问题）
/security-scan --focus injection  # 聚焦特定漏洞类别

What This Skill Does

该工具的功能

Analyzes code for security vulnerabilities across multiple categories:

OWASP Top 10 - Industry-standard web vulnerability categories
Secrets Detection - Hardcoded credentials, API keys, tokens
Injection Flaws - SQL, XSS, command injection patterns
Cryptographic Issues - Weak algorithms, insecure implementations
Configuration Problems - Insecure defaults, misconfigurations

从多个类别分析代码中的安全漏洞：

OWASP Top 10 - 行业标准的Web漏洞类别
密钥检测 - 硬编码凭证、API密钥、令牌
注入漏洞 - SQL、XSS、命令注入模式
加密问题 - 弱算法、不安全的实现方式
配置问题 - 不安全的默认设置、配置错误

Scan Modes

扫描模式

Full Scan (Default)

全面扫描（默认）

Comprehensive analysis of all security categories.

/security-scan

Checks performed:

All OWASP Top 10 categories
Secrets and credential detection
Dependency vulnerabilities (if package files exist)
Configuration file review

Duration: 2-5 minutes depending on codebase size

对所有安全类别进行综合分析。

/security-scan

执行的检测项：

所有OWASP Top 10类别
密钥和凭证检测
依赖项漏洞检测（如果存在包文件）
配置文件审查

耗时： 根据代码库大小，耗时2-5分钟

Quick Scan

快速扫描

Fast check for critical and high-severity issues only.

/security-scan --quick

Checks performed:

Critical injection patterns
Exposed secrets
Known dangerous functions

Duration: Under 1 minute

仅快速检查关键和高严重性问题。

/security-scan --quick

执行的检测项：

关键注入模式
暴露的密钥
已知危险函数

耗时： 1分钟以内

Focused Scan

聚焦扫描

Target specific vulnerability category.

/security-scan --focus <category>

Categories:

```
injection
```
- SQL, XSS, command injection
```
secrets
```
- Credentials, API keys, tokens
```
crypto
```
- Cryptographic weaknesses
```
auth
```
- Authentication/authorization issues
```
config
```
- Configuration security

针对特定漏洞类别进行扫描。

/security-scan --focus <category>

支持的类别：

```
injection
```
- SQL、XSS、命令注入
```
secrets
```
- 凭证、API密钥、令牌
```
crypto
```
- 加密弱点
```
auth
```
- 认证/授权问题
```
config
```
- 配置安全

Output Format

输出格式

Severity Levels

严重程度等级

Level	Icon	Meaning	Action Required
CRITICAL	`[!]`	Exploitable vulnerability	Immediate fix
HIGH	`[H]`	Serious security risk	Fix before deploy
MEDIUM	`[M]`	Potential vulnerability	Plan to address
LOW	`[L]`	Minor issue or hardening	Consider fixing
INFO	`[i]`	Informational finding	Awareness only

等级	图标	含义	处理要求
CRITICAL	`[!]`	可被利用的漏洞	立即修复
HIGH	`[H]`	严重安全风险	部署前修复
MEDIUM	`[M]`	潜在漏洞	计划修复
LOW	`[L]`	次要问题或加固项	考虑修复
INFO	`[i]`	信息性发现	仅需知晓

Finding Format

检测结果格式

[SEVERITY] CATEGORY: Brief description
  File: path/to/file.ext:line
  Pattern: What was detected
  Risk: Why this is dangerous
  Fix: How to remediate

[严重程度] 类别: 简要描述
  文件: path/to/file.ext:行号
  检测模式: 检测到的内容
  风险: 该漏洞的危险性
  修复方案: 如何整改

Summary Report

汇总报告

SECURITY SCAN RESULTS
=====================

Scope: src/
Files scanned: 127
Duration: 45 seconds

FINDINGS BY SEVERITY
  Critical: 2
  High: 5
  Medium: 12
  Low: 8

TOP ISSUES
1. [!] SQL Injection in src/api/users.ts:45
2. [!] Hardcoded AWS key in src/config.ts:12
3. [H] XSS vulnerability in src/components/Comment.tsx:89
...

Run `/security-scan --details` for full report.

安全扫描结果
=====================

扫描范围: src/
已扫描文件数: 127
耗时: 45秒

按严重程度分类的检测结果
  关键: 2
  高风险: 5
  中风险: 12
  低风险: 8

主要问题
1. [!] SQL注入位于 src/api/users.ts:45
2. [!] 硬编码AWS密钥位于 src/config.ts:12
3. [H] XSS漏洞位于 src/components/Comment.tsx:89
...

运行 `/security-scan --details` 查看完整报告。

OWASP Top 10 Coverage

OWASP Top 10 覆盖情况

#	Category	Detection Approach
A01	Broken Access Control	Authorization pattern analysis
A02	Cryptographic Failures	Weak crypto detection
A03	Injection	Pattern matching + data flow
A04	Insecure Design	Security control gaps
A05	Security Misconfiguration	Config file analysis
A06	Vulnerable Components	Dependency scanning
A07	Auth Failures	Auth pattern review
A08	Data Integrity Failures	Deserialization checks
A09	Logging Failures	Audit log analysis
A10	SSRF	Request pattern detection

See

references/owasp/

for detailed detection rules per category.

编号	类别	检测方式
A01	访问控制失效	授权模式分析
A02	加密失败	弱加密检测
A03	注入	模式匹配 + 数据流分析
A04	不安全设计	安全控制缺口检测
A05	安全配置错误	配置文件分析
A06	易受攻击的组件	依赖项扫描
A07	认证失败	认证模式审查
A08	数据完整性失败	反序列化检查
A09	日志记录失败	审计日志分析
A10	SSRF	请求模式检测

查看

references/owasp/

获取各漏洞类别的详细检测规则。

Detection Patterns

检测模式

Injection Detection

注入检测

SQL Injection:

- String concatenation in queries
- Unsanitized user input in database calls
- Dynamic query construction

Cross-Site Scripting (XSS):

- innerHTML assignments with user data
- document.write() with dynamic content
- Unescaped template interpolation

Command Injection:

- exec(), system(), popen() with user input
- Shell command string construction
- Unsanitized subprocess arguments

See

references/patterns/

for language-specific patterns.

SQL注入：

- 查询语句中的字符串拼接
- 数据库调用中未经过滤的用户输入
- 动态查询构造

跨站脚本攻击（XSS）：

- 使用用户数据赋值给innerHTML
- 使用document.write()输出动态内容
- 未转义的模板插值

命令注入：

- 使用用户输入调用exec()、system()、popen()
- Shell命令字符串构造
- 未经过滤的子进程参数

查看

references/patterns/

获取语言特定的检测模式。

Secrets Detection

密钥检测

High-Confidence Patterns:

AWS Access Key:     AKIA[0-9A-Z]{16}
AWS Secret Key:     [A-Za-z0-9/+=]{40}
GitHub Token:       gh[pousr]_[A-Za-z0-9]{36,}
Stripe Key:         sk_live_[A-Za-z0-9]{24,}
Private Key:        -----BEGIN (RSA |EC )?PRIVATE KEY-----

Medium-Confidence Patterns:

Generic API Key:    api[_-]?key.*[=:]\s*['"][a-zA-Z0-9]{16,}
Password in Code:   password\s*[=:]\s*['"][^'"]+['"]
Connection String:  (mysql|postgres|mongodb)://[^:]+:[^@]+@

高可信度模式：

AWS Access Key:     AKIA[0-9A-Z]{16}
AWS Secret Key:     [A-Za-z0-9/+=]{40}
GitHub Token:       gh[pousr]_[A-Za-z0-9]{36,}
Stripe Key:         sk_live_[A-Za-z0-9]{24,}
私钥:        -----BEGIN (RSA |EC )?PRIVATE KEY-----

中可信度模式：

通用API密钥:    api[_-]?key.*[=:]\s*['"][a-zA-Z0-9]{16,}
代码中的密码:   password\s*[=:]\s*['"][^'"]+['"]
连接字符串:  (mysql|postgres|mongodb)://[^:]+:[^@]+@

Cryptographic Weaknesses

加密弱点

Weak Algorithms:

- MD5 for password hashing
- SHA1 for security purposes
- DES/3DES encryption
- RC4 stream cipher

Implementation Issues:

- Hardcoded encryption keys
- Weak random number generation
- Missing salt in password hashing
- ECB mode encryption

弱算法：

- 使用MD5进行密码哈希
- 使用SHA1用于安全场景
- DES/3DES加密
- RC4流密码

实现问题：

- 硬编码加密密钥
- 弱随机数生成
- 密码哈希缺少盐值
- ECB模式加密

Integration with Other Skills

与其他工具的集成

With

/secrets-scan

与

/secrets-scan

集成

Focused deep-dive on credential detection:

/secrets-scan              # Dedicated secrets analysis
/secrets-scan --entropy    # High-entropy string detection

专注于凭证检测的深度分析：

/secrets-scan              # 专门的密钥分析
/secrets-scan --entropy    # 高熵字符串检测

With

/dependency-scan

与

/dependency-scan

集成

Package vulnerability analysis:

/dependency-scan           # Check all dependencies
/dependency-scan --fix     # Auto-fix where possible

包漏洞分析：

/dependency-scan           # 检查所有依赖项
/dependency-scan --fix     # 自动修复（如果支持）

With

/config-scan

与

/config-scan

集成

Infrastructure and configuration review:

/config-scan               # All config files
/config-scan --docker      # Container security
/config-scan --iac         # Infrastructure as Code

基础设施和配置审查：

/config-scan               # 扫描所有配置文件
/config-scan --docker      # 容器安全检测
/config-scan --iac         # 基础设施即代码安全检测

Scan Execution Protocol

扫描执行流程

Phase 1: Discovery

阶段1：发现

1. Identify project type (languages, frameworks)
2. Locate relevant files (source, config, dependencies)
3. Determine applicable security rules

1. 识别项目类型（语言、框架）
2. 定位相关文件（源代码、配置、依赖项）
3. 确定适用的安全规则

Phase 2: Static Analysis

阶段2：静态分析

1. Pattern matching for known vulnerabilities
2. Data flow analysis for injection paths
3. Configuration review

1. 对已知漏洞进行模式匹配
2. 对注入路径进行数据流分析
3. 配置审查

Phase 3: Secrets Scanning

阶段3：密钥扫描

1. High-confidence pattern matching
2. Entropy analysis for potential secrets
3. Git history check (optional)

1. 高可信度模式匹配
2. 潜在密钥的熵分析
3. Git历史检查（可选）

Phase 4: Dependency Analysis

阶段4：依赖项分析

1. Parse package manifests
2. Check against vulnerability databases
3. Identify outdated packages

1. 解析包清单
2. 对照漏洞数据库进行检查
3. 识别过时的包

Phase 5: Reporting

阶段5：报告生成

1. Deduplicate findings
2. Assign severity scores
3. Generate actionable report
4. Provide remediation guidance

1. 去重检测结果
2. 分配严重程度评分
3. 生成可执行的报告
4. 提供整改指导

Configuration

配置

Project-Level Config

项目级配置

Create

.security-scan.yaml

in project root:

yaml

undefined

在项目根目录创建

.security-scan.yaml

文件：

yaml

undefined

Scan configuration

扫描配置

scan: exclude: - "node_modules/" - "vendor/" - "/*.test.ts" - "/mocks/**"

Severity thresholds

严重程度阈值

thresholds: fail_on: critical # critical, high, medium, low warn_on: medium

Category toggles

类别开关

categories: injection: true secrets: true crypto: true auth: true config: true dependencies: true

Custom patterns

自定义模式

patterns: secrets: - name: "Internal API Key" pattern: "INTERNAL_[A-Z]{3}KEY[a-zA-Z0-9]{32}" severity: high

undefined

patterns: secrets: - name: "内部API密钥" pattern: "INTERNAL_[A-Z]{3}KEY[a-zA-Z0-9]{32}" severity: high

undefined

Ignore Patterns

忽略规则

Create

.security-scan-ignore

for false positives:

undefined

创建

.security-scan-ignore

文件来标记误报：

undefined

Ignore specific files

忽略特定文件

src/test/fixtures/mock-credentials.ts

Ignore specific lines (use inline comment)

忽略特定行（使用行内注释）

security-scan-ignore: test fixture

security-scan-ignore: 测试用例

const mockApiKey = "sk_test_fake123";

undefined

const mockApiKey = "sk_test_fake123";

undefined

Command Reference

命令参考

Command	Description
`/security-scan`	Full security scan
`/security-scan --quick`	Critical issues only
`/security-scan --scope <path>`	Scan specific path
`/security-scan --focus <cat>`	Single category
`/security-scan --details`	Verbose output
`/security-scan --json`	JSON output
`/security-scan --fix`	Auto-fix where possible

命令	描述
`/security-scan`	全面安全扫描
`/security-scan --quick`	仅检测关键问题
`/security-scan --scope <path>`	扫描指定路径
`/security-scan --focus <cat>`	扫描单一类别
`/security-scan --details`	详细输出
`/security-scan --json`	JSON格式输出
`/security-scan --fix`	自动修复（如果支持）

security-scan

Original

Translation

Security Scan

安全扫描

Quick Start

快速开始

What This Skill Does

该工具的功能

Scan Modes

扫描模式

Full Scan (Default)

全面扫描（默认）

Quick Scan

快速扫描

Focused Scan

聚焦扫描

Output Format

输出格式

Severity Levels

严重程度等级

Finding Format

检测结果格式

Summary Report

汇总报告

OWASP Top 10 Coverage

OWASP Top 10 覆盖情况

Detection Patterns

检测模式

Injection Detection

注入检测

Secrets Detection

密钥检测

Cryptographic Weaknesses

加密弱点

Integration with Other Skills

与其他工具的集成

With /secrets-scan

与 /secrets-scan 集成

With /dependency-scan

与 /dependency-scan 集成

With /config-scan

与 /config-scan 集成

Scan Execution Protocol

扫描执行流程

Phase 1: Discovery

阶段1：发现

Phase 2: Static Analysis

阶段2：静态分析

Phase 3: Secrets Scanning

阶段3：密钥扫描

Phase 4: Dependency Analysis

阶段4：依赖项分析

Phase 5: Reporting

阶段5：报告生成

Configuration

配置

Project-Level Config

项目级配置

Scan configuration

扫描配置

Severity thresholds

严重程度阈值

Category toggles

类别开关

Custom patterns

自定义模式

Ignore Patterns

忽略规则

Ignore specific files

忽略特定文件

Ignore specific lines (use inline comment)

忽略特定行（使用行内注释）

security-scan-ignore: test fixture

security-scan-ignore: 测试用例

Command Reference

命令参考

Related Skills

相关工具

References

With
`/secrets-scan`

与
`/secrets-scan`
集成

With
`/dependency-scan`

与
`/dependency-scan`
集成

With
`/config-scan`

与
`/config-scan`
集成