{"id":"aa1738b0-07d1-4cad-b7dd-482125648a36","shortId":"wv23NR","kind":"skill","title":"analyzing-security","tagline":"Scans code for security vulnerabilities, detects dangerous patterns, and ensures security decisions are documented. Use when running security scans, auditing code, or checking for OWASP issues, injection risks, or sensitive data leaks. Automatically triggered on new modules, secu","description":"# 安全校验关卡\n\n## 命令\n\n```bash\nnode scripts/security_scanner.js <路径>\nnode scripts/security_scanner.js <路径> -v           # 详细\nnode scripts/security_scanner.js <路径> --json       # JSON\nnode scripts/security_scanner.js <路径> --exclude vendor\n```\n\n## 检测矩阵\n\n| 类别 | 检测项 | 严重度 |\n|------|--------|--------|\n| 注入 | SQL/命令/代码注入 | Critical |\n| 敏感信息 | 硬编码密钥、AWS Key、私钥 | Critical |\n| XSS | innerHTML、dangerouslySetInnerHTML | High |\n| 反序列化 | pickle.loads、yaml.load | High |\n| 路径遍历 | 未验证文件路径操作 | High |\n| SSRF | 未验证 URL 请求 | High |\n| 弱加密 | MD5/SHA1 用于安全场景 | Medium |\n| 不安全随机 | random 用于安全场景 | Medium |\n| 调试残留 | debugger、pdb.set_trace、breakpoint | Low |\n\n## 危险模式速查\n\n```python\n# 危险: eval(), exec(), os.system(), subprocess(shell=True), pickle.loads(), yaml.load(), f\"SELECT...{id}\"\n# 安全: ast.literal_eval(), subprocess([...], shell=False), yaml.safe_load(), cursor.execute(\"...%s\", (id,))\n```\n\n```javascript\n// 危险: eval(), innerHTML, document.write(), new Function(userInput)\n// 安全: JSON.parse(), textContent, 模板引擎自动转义\n```\n\n```go\n// 危险: exec.Command(\"sh\", \"-c\", userInput), template.HTML(userInput)\n// 安全: exec.Command(\"cmd\", args...), html/template 自动转义\n```\n\n## 触发条件\n\n新建模块 | 安全相关变更 | 攻防任务 | 重构完成 | 提交前\n\n## 输出规则\n\nCritical/High 必修后方可交付。安全决策须于 DESIGN.md 记录：威胁模型、信任边界、已知风险。","tags":["analyzing","security","code","abyss","telagod","agent-skills","ai-agent","ai-assistant","ai-personality","blue-team","character-card","claude-code"],"capabilities":["skill","source-telagod","skill-analyzing-security","topic-agent-skills","topic-ai-agent","topic-ai-assistant","topic-ai-personality","topic-blue-team","topic-character-card","topic-claude-code","topic-cli","topic-codex","topic-codex-cli","topic-configuration","topic-developer-tools"],"categories":["code-abyss"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/telagod/code-abyss/analyzing-security","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add telagod/code-abyss","source_repo":"https://github.com/telagod/code-abyss","install_from":"skills.sh"}},"qualityScore":"0.555","qualityRationale":"deterministic score 0.56 from registry signals: · indexed on github topic:agent-skills · 211 github stars · SKILL.md body (1,248 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T18:55:04.800Z","embedding":null,"createdAt":"2026-05-16T12:54:49.262Z","updatedAt":"2026-05-18T18:55:04.800Z","lastSeenAt":"2026-05-18T18:55:04.800Z","tsv":"'analyz':2 'analyzing-secur':1 'arg':156 'ast.literal':123 'audit':23 'automat':36 'aw':74 'bash':44 'breakpoint':106 'c':149 'check':26 'cmd':155 'code':5,24 'critic':71,77 'critical/high':166 'cursor.execute':130 'danger':10 'dangerouslysetinnerhtml':80 'data':34 'debugg':103 'decis':15 'design.md':169 'detect':9 'document':17 'document.write':137 'ensur':13 'eval':111,124,135 'exclud':61 'exec':112 'exec.command':147,154 'f':119 'fals':127 'function':139 'go':145 'high':81,85,88,93 'html/template':157 'id':121,132 'inject':30 'innerhtml':79,136 'issu':29 'javascript':133 'json':56,57 'json.parse':142 'key':75 'leak':35 'load':129 'low':107 'md5/sha1':95 'medium':97,101 'modul':40 'new':39,138 'node':45,48,53,58 'os.system':113 'owasp':28 'pattern':11 'pdb.set':104 'pickle.loads':83,117 'python':109 'random':99 'risk':31 'run':20 'scan':4,22 'scripts/security_scanner.js':46,49,54,59 'secu':41 'secur':3,7,14,21 'select':120 'sensit':33 'sh':148 'shell':115,126 'skill' 'skill-analyzing-security' 'source-telagod' 'sql':68 'ssrf':89 'subprocess':114,125 'template.html':151 'textcont':143 'topic-agent-skills' 'topic-ai-agent' 'topic-ai-assistant' 'topic-ai-personality' 'topic-blue-team' 'topic-character-card' 'topic-claude-code' 'topic-cli' 'topic-codex' 'topic-codex-cli' 'topic-configuration' 'topic-developer-tools' 'trace':105 'trigger':37 'true':116 'url':91 'use':18 'userinput':140,150,152 'v':51 'vendor':62 'vulner':8 'xss':78 'yaml.load':84,118 'yaml.safe':128 '不安全随机':98 '严重度':66 '代码注入':70 '信任边界':172 '危险':110,134,146 '危险模式速查':108 '反序列化':82 '命令':43,69 '威胁模型':171 '安全':122,141,153 '安全决策须于':168 '安全校验关卡':42 '安全相关变更':161 '已知风险':173 '弱加密':94 '必修后方可交付':167 '提交前':164 '攻防任务':162 '敏感信息':72 '新建模块':160 '未验证':90 '未验证文件路径操作':87 '检测矩阵':63 '检测项':65 '模板引擎自动转义':144 '注入':67 '用于安全场景':96,100 '硬编码密钥':73 '私钥':76 '类别':64 '自动转义':158 '触发条件':159 '记录':170 '详细':52 '请求':92 '调试残留':102 '路径':47,50,55,60 '路径遍历':86 '输出规则':165 '重构完成':163","prices":[{"id":"7b36644c-afd8-482d-a89b-a764a39f1d9a","listingId":"aa1738b0-07d1-4cad-b7dd-482125648a36","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"telagod","category":"code-abyss","install_from":"skills.sh"},"createdAt":"2026-05-16T12:54:49.262Z"}],"sources":[{"listingId":"aa1738b0-07d1-4cad-b7dd-482125648a36","source":"github","sourceId":"telagod/code-abyss/analyzing-security","sourceUrl":"https://github.com/telagod/code-abyss/tree/main/skills/analyzing-security","isPrimary":false,"firstSeenAt":"2026-05-16T12:54:49.262Z","lastSeenAt":"2026-05-18T18:55:04.800Z"}],"details":{"listingId":"aa1738b0-07d1-4cad-b7dd-482125648a36","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"telagod","slug":"analyzing-security","github":{"repo":"telagod/code-abyss","stars":211,"topics":["agent-skills","ai-agent","ai-assistant","ai-personality","blue-team","character-card","claude-code","cli","codex","codex-cli","configuration","developer-tools","devops","gemini-cli","persona","prompt-engineering","red-team","security","skills"],"license":"mit","html_url":"https://github.com/telagod/code-abyss","pushed_at":"2026-05-16T10:42:04Z","description":"Give your AI coding agent a personality. Composable persona + style + skills for Claude Code, Codex, Gemini CLI & OpenClaw. Ships Tech Persona Card v1.0 spec.","skill_md_sha":"c3da4a2194b5a5e804a3e2ea5ac4c3542ea130a4","skill_md_path":"skills/analyzing-security/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/telagod/code-abyss/tree/main/skills/analyzing-security"},"layout":"multi","source":"github","category":"code-abyss","frontmatter":{"name":"analyzing-security","description":"Scans code for security vulnerabilities, detects dangerous patterns, and ensures security decisions are documented. Use when running security scans, auditing code, or checking for OWASP issues, injection risks, or sensitive data leaks. Automatically triggered on new modules, security-related changes, or post-refactor.","compatibility":"node>=18"},"skills_sh_url":"https://skills.sh/telagod/code-abyss/analyzing-security"},"updatedAt":"2026-05-18T18:55:04.800Z"}}