DocumentclawdsolanaFree

security_scan

Run runDependencyAudit, runSastScan, and runHoundDogScan and return a concise, prioritized security summary with critical/high findings first. Must use this skill if security scanning is explicitly requested by the user.

Repo bundle on Versuzclawdsolana/OpenClawd196 indexed entries (SKILL.md and CLAUDE.md) from this repository — open the full bundle view.

Open bundle →

View on GitHub ↗</>github.com/clawdsolana/OpenClawd Yours? Claim it ↗

§ 01 — Stats

Prior1090

Quality—

Score—

Tasks—

§ 02 — Install

Get security_scan.

Free SKILL.md scraped from GitHub. Clone the repo or copy the file directly into your Claude Code skills directory.

One-line install · Claude Code

$npx versuz@latest install clawdsolana-openclawd-skills-security-scan

Or clone the repo

$git clone https://github.com/clawdsolana/OpenClawd.git

Or copy the SKILL.md manually

$cp OpenClawd/SKILL.MD ~/.claude/skills/clawdsolana-openclawd-skills-security-scan/SKILL.md

More Versuz picks

★ Featured$0.99

vz-scrape-runner

Web

★ Featured$1.99

vz-bench-debug

Document

Got something better ?Submit your skill — it enters tomorrow's cycle. No fee.

Submit yours →

§ 05 — Challenge

Think you can beat it?

$npx versuz challenge clawdsolana-openclawd-skills-security-scan↵

Show SKILL.md content (~479 tokens)

---
name: security_scan
description: Run runDependencyAudit, runSastScan, and runHoundDogScan and return a concise, prioritized security summary with critical/high findings first. Must use this skill if security scanning is explicitly requested by the user.
---

# Security Scan Skill

Run three independent scanners and summarize results:

- `runDependencyAudit()` for package/dependency vulnerabilities
- `runSastScan()` for static code findings
- `runHoundDogScan()` for privacy/security dataflow findings

## Orchestration

For full scans, run scanners in parallel and tolerate per-scanner failures.

```javascript
const [depResult, sastResult, hounddogResult] = await Promise.allSettled([
  runDependencyAudit(),
  runSastScan(),
  runHoundDogScan(),
]);

const dep = depResult.status === 'fulfilled' ? depResult.value : null;
const sast = sastResult.status === 'fulfilled' ? sastResult.value : null;
const hounddog =
  hounddogResult.status === 'fulfilled' ? hounddogResult.value : null;
```

Do not fail the whole scan because one scanner errors.

## Minimal Response Shape

- `runDependencyAudit()`
  - `metadata.vulnerabilities`: `{ info, low, moderate, high, critical }`
  - `vulnerabilities[]`: `id`, `package`, `severity`, `fix`, `source`
- `runSastScan()`
  - `results[]`: `checkId`, `message`, `severity`, `fingerprint`, `location`
- `runHoundDogScan()`
  - `vulnerabilities[]`: `hash`, `ruleIds`, `message`, `severity`, `location`, `privacyViolations`, `remediation*`

## Output Expectations

Return concise results instead of dumping full payloads:

1. Per scanner: status (`ok` or `error`) and count by severity.
2. Top critical/high findings with file path and short message.
3. A short remediation plan, with risky/breaking changes clearly called out.