Loading...
Loading...
Found 27 Skills
Runs available security scanning tools against the current project and produces a consolidated markdown report. Auto-detects installed tools (gitleaks, semgrep, grype, npm audit, bandit, pip-audit, gosec, govulncheck, cargo audit, bundle-audit) and activates language-specific scanners based on project files. Gracefully skips missing tools and provides installation hints. By default scans the entire target directory. Pass --full to make the intent explicit (useful in workflows that combine full-codebase and diff-only scans). Use when running security scans, checking for vulnerabilities, detecting leaked secrets in git history, or validating security posture before commits or releases. Pairs with security-review for a complete security workflow.
Safely inspect .env files by showing key names and clearly non-sensitive values while redacting anything that looks like a secret. Best-effort heuristic redaction (keyword block + token-pattern blocklist + Shannon-entropy check + value allowlist) — not a cryptographic guarantee. Use when you need to understand a project's environment configuration without exposing credentials.
Secure credential management for trading platforms