🎁 Get the FREE AI Skills Starter GuideSubscribe →
BytesAgainBytesAgain
🦀 ClawHub

Security Vulnerability Scanner

by @honestqiao

扫描代码中常见安全漏洞如SQL注入、XSS、硬编码密码,提供检测结果和安全评分建议。

Versionv1.0.0
Downloads1,597
Installs5
TERMINAL
clawhub install security-vuln-scanner

📖 About This Skill

Security Vulnerability Scanner

扫描代码中的安全漏洞,提供修复建议。

功能

  • SQL 注入检测
  • XSS 跨站脚本检测
  • 硬编码密码/密钥检测
  • 不安全随机数检测
  • 命令注入检测
  • 敏感信息泄露检测
  • 安全评分
  • 触发词

  • "安全扫描"
  • "漏洞检测"
  • "security scan"
  • "vulnerability"
  • 检测模式

    const patterns = {
      sqlInjection: /query\s*\(\s*['"`].*\$\{/,
      xss: /innerHTML\s*=|document\.write/,
      hardcodedSecret: /password\s*=\s*['"][^'"]+['"]/,
      insecureRandom: /Math\.random\(\)/,
      commandInjection: /exec\s*\(\s*\$\{/
    };
    

    输出示例

    {
      "vulnerabilities": [
        {
          "type": "sql_injection",
          "line": 42,
          "severity": "high",
          "message": "检测到SQL注入风险"
        }
      ],
      "score": 65
    }