Stats
Actions
Tags
From linux-av-manager
Run an on-demand security scan with one or more installed tools — ClamAV (clamscan / clamdscan against home or a chosen path), rkhunter, chkrootkit, Lynis (system audit), AIDE (integrity check). User picks scope (quick / deep / specific path) and which scanners to run. Reports go to the user-defined scan-results folder, organised per tool with timestamped filenames. Triggers on "scan my system", "run clamav", "rkhunter scan", "lynis audit".
How this skill is triggered — by the user, by Claude, or both
Slash command
/linux-av-manager:scanThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Single on-demand scan run. Reads `installed.*` to know what's available; asks the user which scanners + scope.
Single on-demand scan run. Reads installed.* to know what's available; asks the user which scanners + scope.
${CLAUDE_USER_DATA:-${XDG_DATA_HOME:-$HOME/.local/share}/claude-plugins}/linux-av-manager/config.json
scans_dir is the report root. Per-tool subfolder; one file per scan named <ISO-timestamp>.txt (or .json where the tool supports it).
~ only, ClamAV + rkhunter./) excluding pseudo-FS (/proc /sys /dev /run), all installed scanners.Default if not asked: quick.
| Tool | Command | Output |
|---|---|---|
| ClamAV | clamdscan --multiscan --fdpass <path> (if clamav-daemon is up) else clamscan -r <path> | <scans_dir>/clamav/<timestamp>.txt |
| rkhunter | sudo rkhunter --check --skip-keypress --report-warnings-only | <scans_dir>/rkhunter/<timestamp>.txt |
| chkrootkit | sudo chkrootkit -q (-q = quiet, infections only) | <scans_dir>/chkrootkit/<timestamp>.txt |
| Lynis | sudo lynis audit system --quick --no-colors | <scans_dir>/lynis/<timestamp>.txt (also leaves /var/log/lynis-report.dat) |
| AIDE | sudo aide --check | <scans_dir>/aide/<timestamp>.txt |
Run in parallel only if independent and the host has the headroom — these are I/O heavy. Default to sequential.
After all scanners complete, write a <scans_dir>/_summary/<timestamp>.md with one section per tool:
verdict field: clean, noisy (warnings only), findings (real hits).Highlight the real findings at the top of the summary — bury the clean entries.
bindshell INFECTED on port 465 is a known false positive (Postfix submissions). Annotate, don't alarm.Hidden files found warnings are usually benign system files (.gitignore, .cache). Annotate.update-definitions first if a recent apt upgrade ran./ can take an hour+ — warn before starting deep mode.Guides creation, editing, and verification of skills for AI coding agents using test-driven development with subagent scenarios. Use when authoring or debugging skills.
npx claudepluginhub danielrosehill/claude-code-plugins --plugin linux-av-manager