Security Scanner

What it does

This skill allows AI agents to automatically scan codebases, configurations, and dependencies for known security vulnerabilities. It leverages integrated tools like semgrep, trivy, and bandit to identify risks without requiring manual setup of complex scanning pipelines.

When to use it

• Before deploying a new application to production to catch critical flaws early.
• During code reviews when an agent needs to validate that recent changes haven't introduced vulnerabilities.
• When auditing third-party libraries or dependencies for outdated or compromised packages.
• As part of a continuous integration pipeline to ensure security compliance on every commit.

Key capabilities

• Scans source code using semgrep for static analysis rules.
• Checks container images and infrastructure configurations with trivy.
• Identifies common Python security issues via bandit.
• Generates actionable reports detailing found vulnerabilities and suggested fixes.

Example prompts

• "Run a full security scan on my current project repository and summarize any high-severity findings."
• "Check if my Dockerfile contains insecure practices or outdated base images using trivy."
• "Analyze this Python module for potential buffer overflows or hardcoded secrets using bandit."

Tips & gotchas

Ensure your AI agent has read access to the relevant repositories and container registries before initiating scans. Some scanners may produce false positives; always review flagged items in context rather than applying fixes blindly.