โ† Back to Skills

Ghost Report

๐ŸŒCommunity
by ghostsecurity ยท vlatest ยท Repository

Ghost Report analyzes network traffic for stealthy malicious activity, revealing hidden threats that traditional tools might miss โ€“ crucial for proactive security.

Install on your platform

We auto-selected Claude Code based on this skillโ€™s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add ghost-report npx -- -y @trustedskills/ghost-report
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "ghost-report": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/ghost-report"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

The Ghost Report skill aggregates findings from various security scans โ€“ dependency checks (scan-deps), secret detection (scan-secrets), and code analysis (scan-code) โ€“ into a single, prioritized report. It filters for high-confidence results and prioritizes them by severity level (high, medium, low) and scan type. The tool also caches reports at the commit level to avoid redundant scans and utilizes repository context information when available to inform risk assessment.

When to use it

  • To consolidate security findings from multiple scanning tools into a unified view.
  • When needing a prioritized list of vulnerabilities based on severity and scan type.
  • For teams wanting to track security reports at the commit level, avoiding repeated scans.

Key capabilities

  • Aggregation: Combines results from scan-deps, scan-secrets, and scan-code.
  • Prioritization: Orders findings by severity (high, medium, low) and scan type.
  • Caching: Stores reports at the commit level to prevent regeneration.
  • Contextualization: Incorporates repository context like business criticality and sensitive data types for risk assessment (if available).
  • Self-contained reporting: Includes full details for critical issues directly in the report.

Example prompts

  • "Generate a security report for this repository."
  • "Show me the combined security report."
  • "What are the highest priority vulnerabilities found?"

Tips & gotchas

  • The skill operates independently and does not spawn subagents or delegate tasks.
  • Repository context (business criticality, sensitive data types, component map) is optional; its absence doesn't cause an error.
  • Reports are cached at the commit level, so existing reports will be displayed instead of re-running scans.
View Repository โ†’

Tags

๐Ÿ›ก๏ธ

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates โ€” what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
ghostsecurity
Installs
171
Repository (canonical source) โ†’

๐ŸŒ Community

Passed automated security scans.