Skills
.Work. You
Rest

shine-security-scan

Community

Local, cloud-free security scan for codebases.

Software Engineering#codebase#semgrep#security-scan#cwe#dependency-audit#local-scan#oss-security
AuthordiShine-digital-agency
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Scan codebases for security vulnerabilities and dependency issues locally, enabling private, fast assessment without cloud services.

Core Features & Use Cases

  • SAST scan: semgrep MCP (or npx semgrep --config auto . --json) via Bash; detects common vulnerabilities such as injection, auth bypass, and hardcoded secrets.
  • Dependency audit: osv MCP (or npm audit --json / pip audit --format json) via Bash; reports CVE IDs, severities, affected packages, and fixed versions.
  • SSL check (optional): verify TLS endpoints with sslmon MCP or openssl s_client when a URL is provided.
  • Reporting & remediation: outputs severity-sorted findings with CWE references and actionable remediation guidance.
  • Agent delegation: delegates complex analysis to the shine-vulnerability-scanner agent for large/complex codebases.

Quick Start

Provide the project directory path to scan and run the security scan to produce a prioritized vulnerability report.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: shine-security-scan
Download link: https://github.com/diShine-digital-agency/SHINE-Code-System/archive/main.zip#shine-security-scan

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.