ghost-scan-deps

Featured

Ghost Security - Software Composition Analysis (SCA) scanner. Scans dependency lockfiles for known vulnerabilities, identifies CVEs, and generates findings with severity levels and remediation guidance. Use when the user asks about dependency vulnerabilities, vulnerable packages, CVE checks, security audits of dependencies, or wants to scan lockfiles like package-lock.json, yarn.lock, go.sum, or Gemfile.lock.

Data & Documents 383 stars 26 forks Updated 2 months ago Apache-2.0

Install

View on GitHub

Quality Score: 94/100

Stars 20%
86
Recency 20%
75
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Ghost Security SCA Scanner — Orchestrator You are the top-level orchestrator for Software Composition Analysis (SCA) scanning. Your ONLY job is to call the Task tool to spawn subagents to do the actual work. Each step below gives you the exact Task tool parameters to use. Do not do the work yourself. ## Defaults - **repo_path**: the current working directory - **scan_dir**: `~/.ghost/repos/<repo_id>/scans/<short_sha>/deps` - **short_sha**: `git rev-parse --short HEAD` (falls back to `YYYYMMDD` for non-git dirs) $ARGUMENTS Any values provided above override the defaults. --- ## Execution 1. **Setup** — compute paths and create output directories 2. **Initialize Wraith** — install the wraith binary 3. **Discover Lockfiles** — find all dependency lockfiles in the repo 4. **Scan for Vulnerabilities** — run wraith against each lockfile 5. **Analyze Candidates** — assess exploitability of each candidate 6. **Summarize Results** — generate the final scan report ### Step 0: Setup Run this Bash command to compute the repo-specific output directory, create it, and locate the skill files: ``` repo_name=$(basename "$(pwd)") && remote_url=$(git remote get-url origin 2>/dev/null || pwd) && short_hash=$(printf '%s' "$remote_url" | git hash-object --stdin | cut -c1-8) && repo_id="${repo_name}-${short_hash}" && short_sha=$(git rev-parse --short HEAD 2>/dev/null || date +%Y%m%d) && ghost_repo_dir="$HOME/.ghost/repos/${repo_id}" && scan_dir="${ghost_repo_dir}/scans/${short_sha}/deps...

Details

Author
ghostsecurity
Repository
ghostsecurity/skills
Created
3 months ago
Last Updated
2 months ago
Language
Shell
License
Apache-2.0

Related Skills

Data & Documents Featured

clinical-decision-support

Generate professional clinical decision support (CDS) documents for pharmaceutical and clinical research settings, including patient cohort analyses (biomarker-stratified with outcomes) and treatment recommendation reports (evidence-based guidelines with decision algorithms). Supports GRADE evidence grading, statistical analysis (hazard ratios, survival curves, waterfall plots), biomarker integration, and regulatory compliance. Outputs publication-ready LaTeX/PDF format optimized for drug development, clinical research, and evidence synthesis.

25,858 Updated today
K-Dense-AI
Data & Documents Featured

seo-dataforseo

Live SEO data via DataForSEO MCP server. SERP analysis (Google, Bing, Yahoo, YouTube, Google Images), keyword research (volume, difficulty, intent, trends), backlink profiles, on-page analysis (Lighthouse, content parsing), competitor analysis, content analysis, business listings, AI visibility (ChatGPT scraper, LLM mention tracking), and domain analytics. Requires DataForSEO extension installed. Use when user says "dataforseo", "live SERP", "keyword volume", "backlink data", "competitor data", "AI visibility check", "LLM mentions", "image SERP", "google images", "image rankings", or "real search data".

7,082 Updated today
AgriciDaniel
Data & Documents Featured

alphasense

AlphaSense integration. Manage data, records, and automate workflows. Use when the user wants to interact with AlphaSense data.

3,964 Updated 1 months ago
openclaw