Back to Details

security-scan

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Security Scan Skill

安全扫描Skill

Overview

概述

Orchestrates the full security scanning workflow across all supported languages.

可对所有支持的编程语言编排完整的安全扫描工作流。

Supported Languages

支持的语言

Language	Marker Files	Pattern Count
JavaScript/TypeScript	package.json	25+
PHP	composer.json	20+
Python	requirements.txt, pyproject.toml	18+
Swift/iOS	Package.swift, *.xcodeproj	15+
Go	go.mod	12+
Rust	Cargo.toml	10+

编程语言	标识文件	检测规则数量
JavaScript/TypeScript	package.json	25+
PHP	composer.json	20+
Python	requirements.txt, pyproject.toml	18+
Swift/iOS	Package.swift, *.xcodeproj	15+
Go	go.mod	12+
Rust	Cargo.toml	10+

Workflow

工作流

Detect language from project markers
Load patterns from
```
references/scan-patterns.md
```
Run
```
scripts/security-scan.sh
```
for automated scanning
Map findings to OWASP categories via
```
references/owasp-top10.md
```
Generate report using
```
references/templates/scan-report.md
```

检测：通过项目标识文件判断编程语言
加载：从
```
references/scan-patterns.md
```
中加载检测规则
运行：执行
```
scripts/security-scan.sh
```
进行自动化扫描
映射：通过
```
references/owasp-top10.md
```
将检测结果映射到OWASP分类
生成：使用
```
references/templates/scan-report.md
```
生成扫描报告

Pattern Categories

检测规则分类

XSS (Cross-Site Scripting)
SQL Injection
Command Injection
Code Execution (eval, exec)
SSRF (Server-Side Request Forgery)
Weak Cryptography
Hardcoded Secrets
Insecure Deserialization
Path Traversal / LFI / RFI

XSS（跨站脚本攻击）
SQL注入
命令注入
代码执行（eval、exec）
SSRF（服务器端请求伪造）
弱加密算法
硬编码敏感信息
不安全反序列化
路径遍历 / LFI / RFI

Integration

集成

After scanning, delegate fixes to sniper:

Task(subagent_type: "fuse-ai-pilot:sniper")
Prompt: "Security fixes: [FILE:LINE] [VULN] [FIX]"

扫描完成后，可将修复任务委托给sniper：

Task(subagent_type: "fuse-ai-pilot:sniper")
Prompt: "Security fixes: [FILE:LINE] [VULN] [FIX]"

References

参考资料

OWASP Top 10 Mapping
Scan Patterns by Language
Report Template

OWASP Top 10 映射
按语言分类的扫描规则
报告模板