Back to Details

ghost-scan-code

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Find Issues

检测问题

You find security issues in a repository. This skill plans which vulnerability vectors to scan, then executes those scans against each project.
你需要检测代码仓库中的安全问题。本skill会规划要扫描的漏洞向量,然后针对每个项目执行这些扫描。

Inputs

输入参数

  • depth: 
    quick
    (default), 
    balanced
    , or 
    full
    — override via 
    $ARGUMENTS
$ARGUMENTS
Note: Arguments passed can be used to customize the scan workflow if provided. For example, if the user specifies a specific set of vectors, count of vectors, specific candidate files, areas to focus on, count of candidate files, etc., ensure the relevant details are passed to the relevant steps in the skill.
  • depth
    quick
    (默认值)、
    balanced
    full
    ——可通过
    $ARGUMENTS
    覆盖
$ARGUMENTS
注意: 如果传入参数,可用于自定义扫描流程。例如,如果用户指定了特定的向量集、向量数量、特定候选文件、重点关注区域、候选文件数量等,请确保将相关细节传递给skill中的对应步骤。

Supporting files

支持文件

  • Loop script: scripts/loop.sh
  • Scan criteria: criteria/index.yaml
  • 循环脚本:scripts/loop.sh
  • 扫描标准:criteria/index.yaml

Step 1: Setup

步骤1:设置

Compute the repo-specific output directory:
bash
repo_name=$(basename "$(pwd)") && remote_url=$(git remote get-url origin 2>/dev/null || pwd) && short_hash=$(printf '%s' "$remote_url" | git hash-object --stdin | cut -c1-8) && repo_id="${repo_name}-${short_hash}" && short_sha=$(git rev-parse --short HEAD 2>/dev/null || date +%Y%m%d) && ghost_repo_dir="$HOME/.ghost/repos/${repo_id}" && scan_dir="${ghost_repo_dir}/scans/${short_sha}/code" && cache_dir="${ghost_repo_dir}/cache" && mkdir -p "$scan_dir" && echo "scan_dir=$scan_dir cache_dir=$cache_dir"
  1. Read 
    $cache_dir/repo.md
    — if missing, run the repo-context skill first and then continue.
  2. Read criteria/index.yaml to get the valid agent→vector mappings per project type
  3. Set 
    depth
    to 
    quick
    if not provided
  4. If 
    depth
    is 
    full
    , warn the user that a full scan uses significantly more tokens and ask them to confirm before proceeding. If they decline, fall back to 
    balanced
    .
计算仓库专属的输出目录:
bash
repo_name=$(basename "$(pwd)") && remote_url=$(git remote get-url origin 2>/dev/null || pwd) && short_hash=$(printf '%s' "$remote_url" | git hash-object --stdin | cut -c1-8) && repo_id="${repo_name}-${short_hash}" && short_sha=$(git rev-parse --short HEAD 2>/dev/null || date +%Y%m%d) && ghost_repo_dir="$HOME/.ghost/repos/${repo_id}" && scan_dir="${ghost_repo_dir}/scans/${short_sha}/code" && cache_dir="${ghost_repo_dir}/cache" && mkdir -p "$scan_dir" && echo "scan_dir=$scan_dir cache_dir=$cache_dir"
  1. 读取
    $cache_dir/repo.md
    ——如果文件缺失,先运行repo-context skill,再继续后续操作。
  2. 读取criteria/index.yaml,获取每种项目类型对应的有效agent→向量映射关系
  3. 如果未提供depth参数,默认设置为
    quick
  4. 如果depth设置为
    full
    ,需提醒用户全量扫描会消耗更多token,并请用户确认后再继续。若用户拒绝,则 fallback 到
    balanced
    模式。

Step 2: Plan Scans

步骤2:规划扫描

If 
$scan_dir/plan.md
already exists, skip to the next step.
Otherwise, run the planner using scripts/loop.sh:
bash
bash <path-to-loop.sh> $scan_dir planner.md "- depth: <depth>
- arguments: <relevant argument overrides if any, otherwise omit>" 1 $cache_dir
Use a 10-minute timeout. If the command times out, re-run it — the script resumes from where it left off. If it fails 3 times consecutively with the same error, stop and report the failure.
Verify: 
$scan_dir/plan.md
exists and contains at least one 
## Project:
section before proceeding.
如果
$scan_dir/plan.md
已存在,跳过此步骤,直接进入下一步。
否则,使用scripts/loop.sh运行规划器:
bash
bash <path-to-loop.sh> $scan_dir planner.md "- depth: <depth>
- arguments: <relevant argument overrides if any, otherwise omit>" 1 $cache_dir
设置10分钟超时时间。如果命令超时,重新运行——脚本会从上次中断的位置恢复。如果连续3次出现相同错误导致失败,停止操作并报告失败信息。
验证: 在继续之前,确保
$scan_dir/plan.md
存在且包含至少一个
## Project:
章节。

Step 3: Nominate Files

步骤3:提名文件

If 
$scan_dir/nominations.md
does not exist, generate it by reading 
$scan_dir/plan.md
and for each project section (
## Project: <base_path> (<type>)
), parse the Recommended Scans table. For each row, extract the Agent and Vector columns. Write 
$scan_dir/nominations.md
- one line per (project, agent, vector) combination. Skip projects with empty scan tables.
markdown
undefined
如果
$scan_dir/nominations.md
不存在,通过读取
$scan_dir/plan.md
生成该文件。对于每个项目章节(
## Project: <base_path> (<type>)
),解析推荐扫描表格。提取每一行的Agent和Vector列。写入
$scan_dir/nominations.md
——每一行对应一个(项目、agent、向量)组合。跳过扫描表格为空的项目。
markdown
undefined

Nominations

提名列表

  • <base_path> (<type>) | <agent> | <vector>
  • <base_path> (<type>) | <agent> | <vector> ...

If `$scan_dir/nominations.md` already exists, change every top level task `- [x]` to `- [ ]`. Keep all indented lines/subtasks beneath each item unchanged.
  • <base_path> (<type>) | <agent> | <vector>
  • <base_path> (<type>) | <agent> | <vector> ...

如果`$scan_dir/nominations.md`已存在,将所有顶级任务项`- [x]`改为`- [ ]`。保留每个项下方的所有缩进行/子任务不变。

Run nomination script

运行提名脚本

Using scripts/loop.sh:
bash
bash <path-to-loop.sh> $scan_dir nominator.md "- depth: <depth>
- arguments: <relevant argument overrides if any, otherwise omit>" 5 $cache_dir
Use a 10-minute timeout. If the command times out, re-run it — the script resumes from where it left off. If it fails 3 times consecutively with the same error, stop and report the failure.
Verify: 
$scan_dir/nominations.md
contains at least one 
- [x]
line before proceeding.
使用scripts/loop.sh
bash
bash <path-to-loop.sh> $scan_dir nominator.md "- depth: <depth>
- arguments: <relevant argument overrides if any, otherwise omit>" 5 $cache_dir
设置10分钟超时时间。如果命令超时,重新运行——脚本会从上次中断的位置恢复。如果连续3次出现相同错误导致失败,停止操作并报告失败信息。
验证: 在继续之前,确保
$scan_dir/nominations.md
包含至少一行
- [x]

Step 4: Analyze Nominated Files

步骤4:分析提名文件

Read 
$scan_dir/nominations.md
. For each candidate file under a checked 
- [x]
line, append to 
$scan_dir/analyses.md
(skip candidates already listed in 
analyses.md
).
- [ ] <base_path> (<type>) | <agent> | <vector> | <candidate_file>
Create the findings directory:
bash
mkdir -p $scan_dir/findings
读取
$scan_dir/nominations.md
。对于每个已勾选的
- [x]
行下的候选文件,将其追加到
$scan_dir/analyses.md
中(跳过已在
analyses.md
中列出的候选文件)。
- [ ] <base_path> (<type>) | <agent> | <vector> | <candidate_file>
创建结果目录:
bash
mkdir -p $scan_dir/findings

Run analysis script

运行分析脚本

Using scripts/loop.sh:
bash
bash <path-to-loop.sh> $scan_dir analyzer.md "" 5 $cache_dir
Use a 10-minute timeout. If the command times out, re-run it — the script resumes from where it left off. If it fails 3 times consecutively with the same error, stop and report the failure.
Verify: 
$scan_dir/analyses.md
contains at least one 
- [x]
line before proceeding.
使用scripts/loop.sh
bash
bash <path-to-loop.sh> $scan_dir analyzer.md "" 5 $cache_dir
设置10分钟超时时间。如果命令超时,重新运行——脚本会从上次中断的位置恢复。如果连续3次出现相同错误导致失败,停止操作并报告失败信息。
验证: 在继续之前,确保
$scan_dir/analyses.md
包含至少一行
- [x]

Step 5: Verify Findings

步骤5:验证结果

List all 
.md
files in 
$scan_dir/findings/
. If none exist, write a 
no-findings.md
summary and stop.
Using scripts/loop.sh:
bash
bash <path-to-loop.sh> $scan_dir verifier.md "" 5 $cache_dir
Use a 10-minute timeout. If the command times out, re-run it — the script resumes from where it left off. If it fails 3 times consecutively with the same error, stop and report the failure.
列出
$scan_dir/findings/
中的所有
.md
文件。如果不存在任何文件,写入
no-findings.md
总结并停止操作。
使用scripts/loop.sh
bash
bash <path-to-loop.sh> $scan_dir verifier.md "" 5 $cache_dir
设置10分钟超时时间。如果命令超时,重新运行——脚本会从上次中断的位置恢复。如果连续3次出现相同错误导致失败,停止操作并报告失败信息。

Completion

完成

After all steps complete, report the scan results:
  1. List all finding files in 
    $scan_dir/findings/
  2. Count verified vs rejected findings
  3. Present a summary to the user
所有步骤完成后,向用户报告扫描结果:
  1. 列出
    $scan_dir/findings/
    中的所有结果文件
  2. 统计已验证和已拒绝的结果数量
  3. 向用户展示扫描总结