ReddRadar
Agent skill
security-scanning
AgentShield security audit with 5 scanning categories, 102 static analysis rules, and optional red-team simulation.
Install this agent skill to your Project
npx add-skill https://github.com/a5c-ai/babysitter/tree/main/library/methodologies/everything-claude-code/skills/security-scanning
SKILL.md
Security Scanning
Overview
AgentShield security audit methodology adapted from the Everything Claude Code project. Scans across 5 categories with 102 static analysis rules.
Scanning Categories
1. Secrets Detection (14 Pattern Categories)
- AWS access keys (AKIA pattern)
- GitHub tokens (ghp_, gho_, ghs_, ghr_)
- Generic API keys and bearer tokens
- Database connection strings with credentials
- Private keys (RSA, EC, SSH)
- JWT secrets and signing keys
- OAuth client secrets
- Slack tokens and webhooks
- Cloud provider credentials (GCP, Azure)
2. Permission Auditing
- File system read/write scope
- Network calls and protocols
- Process execution (child_process)
- File permissions (777, world-writable)
- CORS and CSP headers
- Docker privilege escalation
3. Hook Injection Analysis
- Git hooks for command injection
- npm lifecycle scripts (preinstall, postinstall)
- Claude Code hooks for unsafe patterns
- eval()/Function()/dynamic code execution
- Unvalidated user input in shell commands
4. MCP Risk Profiling
- Tool permission inventory
- Data exposure risk mapping
- Transport security (stdio vs SSE vs HTTP)
- Prompt injection via tool descriptions
- Rate limiting verification
5. Agent Config Review
- Model settings integrity
- Prompt injection resistance
- Tool allowlist scoping
- Output validation and sanitization
- Information leakage in error messages
Optional: Red Team Simulation
- Attack simulation against found vulnerabilities
- Exploitability rating: trivial, moderate, difficult, theoretical
- Blue-team defense recommendations
When to Use
- Pre-deployment security review
- New dependency introduction
- Hook or plugin configuration changes
- Agent or MCP server setup
Agents Used
security-reviewer(primary consumer)
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
a5c-ai/babysitter
gsd-tools
Central utility skill for GSD operations. Provides config parsing, slug generation, timestamps, path operations, and orchestrates calls to other specialized skills. Acts as the unified entry point that the original gsd-tools.cjs provided via its lib/ modules (commands, config, core, init).
a5c-ai/babysitter
model-profile-resolution
Resolve model profile (quality/balanced/budget) at orchestration start and map agents to specific models. Enables cost/quality tradeoffs by selecting appropriate AI models for each agent role.
a5c-ai/babysitter
verification-suite
Plan structure validation, phase completeness checks, reference integrity verification, and artifact existence confirmation. Provides the structured verification layer ensuring GSD artifacts are well-formed and complete.
a5c-ai/babysitter
state-management
STATE.md reading, writing, and field-level updates. Provides cross-session state persistence via .planning/STATE.md with structured fields for current task, completed phases, blockers, decisions, and quick tasks.
a5c-ai/babysitter
git-integration
Git commit patterns, formats, and conventions for GSD methodology. Provides atomic commits per task, structured commit messages, planning file commits, branch management, and milestone tag operations.
a5c-ai/babysitter
frontmatter-parsing
YAML frontmatter parsing and manipulation for .planning/ documents. Provides read, write, update, query, and validation operations on frontmatter blocks in GSD markdown artifacts.
Didn't find tool you were looking for?