ghost-scan-code

Featured

Ghost Security - SAST code scanner. Finds security vulnerabilities in source code by planning and executing targeted scans for issues like SQL injection, XSS, BOLA, BFLA, SSRF, and other OWASP categories. Supports applications (backend, frontend, mobile) and libraries (prototype pollution, unsafe deserialization, ReDoS, path traversal, zip slip). Use when the user asks for a code security audit, SAST scan, vulnerability scan of source code, or wants to find security flaws in a codebase or library.

API & Backend 383 stars 26 forks Updated 2 months ago Apache-2.0

Install

View on GitHub

Quality Score: 94/100

Stars 20%
86
Recency 20%
75
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Find Issues You find security issues in a repository. This skill plans which vulnerability vectors to scan, then executes those scans against each project. ## Inputs - **depth**: `quick` (default), `balanced`, or `full` — override via `$ARGUMENTS` $ARGUMENTS > **Note:** Arguments passed can be used to customize the scan workflow if provided. For example, if the user specifies a specific set of vectors, count of vectors, specific candidate files, areas to focus on, count of candidate files, etc., ensure the relevant details are passed to the relevant steps in the skill. ## Supporting files - Loop script: [scripts/loop.sh](scripts/loop.sh) - Scan criteria: [criteria/index.yaml](criteria/index.yaml) --- ## Step 1: Setup Compute the repo-specific output directory: ```bash repo_name=$(basename "$(pwd)") && remote_url=$(git remote get-url origin 2>/dev/null || pwd) && short_hash=$(printf '%s' "$remote_url" | git hash-object --stdin | cut -c1-8) && repo_id="${repo_name}-${short_hash}" && short_sha=$(git rev-parse --short HEAD 2>/dev/null || date +%Y%m%d) && ghost_repo_dir="$HOME/.ghost/repos/${repo_id}" && scan_dir="${ghost_repo_dir}/scans/${short_sha}/code" && cache_dir="${ghost_repo_dir}/cache" && mkdir -p "$scan_dir" && echo "scan_dir=$scan_dir cache_dir=$cache_dir" ``` 1. Read `$cache_dir/repo.md` — if missing, run the repo-context skill first and then continue. 2. Read [criteria/index.yaml](criteria/index.yaml) to get the valid agent→vector mappings per project typ...

Details

Author
ghostsecurity
Repository
ghostsecurity/skills
Created
3 months ago
Last Updated
2 months ago
Language
Shell
License
Apache-2.0

Related Skills

API & Backend Featured

design-postgis-tables

Comprehensive PostGIS spatial table design reference covering geometry types, coordinate systems, spatial indexing, and performance patterns for location-based applications

1,742 Updated 4 days ago
timescale
API & Backend Featured

find-hypertable-candidates

Use this skill to analyze an existing PostgreSQL database and identify which tables should be converted to Timescale/TimescaleDB hypertables. **Trigger when user asks to:** - Analyze database tables for hypertable conversion potential - Identify time-series or event tables in an existing schema - Evaluate if a table would benefit from Timescale/TimescaleDB - Audit PostgreSQL tables for migration to Timescale/TimescaleDB/TigerData - Score or rank tables for hypertable candidacy **Keywords:** hypertable candidate, table analysis, migration assessment, Timescale, TimescaleDB, time-series detection, insert-heavy tables, event logs, audit tables Provides SQL queries to analyze table statistics, index patterns, and query patterns. Includes scoring criteria (8+ points = good candidate) and pattern recognition for IoT, events, transactions, and sequential data.

1,742 Updated 4 days ago
timescale
API & Backend Featured

moai-domain-backend

Backend development specialist covering API design, database integration, microservices architecture, and modern backend patterns. Use when designing APIs, implementing server logic, authentication, or authorization.

1,030 Updated today
modu-ai