Security Scanner

What it does

The hiroro-work security scanner skill analyzes provided text for potential security vulnerabilities. It identifies common issues like SQL injection, cross-site scripting (XSS), and command injection attempts. The tool aims to improve code safety by proactively flagging these risks before deployment.

When to use it

• Code Review: Integrate into your development workflow to automatically scan code snippets for vulnerabilities during pull requests or code reviews.
• Input Validation Checks: Test user input fields on a website or application to ensure they are properly sanitized and don't contain malicious scripts.
• Configuration File Analysis: Scan configuration files (e.g., database connection strings) to identify potential exposure of sensitive information.
• Script Security Assessment: Evaluate custom scripts used in automation tasks for vulnerabilities that could be exploited.

Key capabilities

• Vulnerability detection: Identifies SQL injection, XSS, and command injection attempts.
• Text analysis: Processes provided text input to search for security flaws.
• Automated scanning: Enables proactive identification of potential risks.

Example prompts

• "Scan this code snippet for any SQL injection vulnerabilities: SELECT * FROM users WHERE username = '" + userInput + "'."
• "Analyze this HTML form input field for XSS attacks: <input type='text' name='comment'>."
• “Check this configuration file for exposed credentials.”

Tips & gotchas

The skill’s effectiveness depends on the quality and completeness of the provided text. It is not a replacement for comprehensive security audits, but rather a useful tool for initial screening and identifying common vulnerabilities.