Stats
Actions
Tags
From fuse-security
Main security scanning orchestration. Detects language, runs OWASP Top 10 patterns, identifies vulnerabilities, generates structured reports. Use when scanning for XSS, SQL injection, command injection, secrets, or any security vulnerability.
How this skill is triggered — by the user, by Claude, or both
Slash command
/fuse-security:security-scanThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Orchestrates the full security scanning workflow across all supported languages.
Orchestrates the full security scanning workflow across all supported languages.
| Language | Marker Files | Pattern Count |
|---|---|---|
| JavaScript/TypeScript | package.json | 25+ |
| PHP | composer.json | 20+ |
| Python | requirements.txt, pyproject.toml | 18+ |
| Swift/iOS | Package.swift, *.xcodeproj | 15+ |
| Go | go.mod | 12+ |
| Rust | Cargo.toml | 10+ |
references/scan-patterns.mdscripts/security-scan.sh for automated scanningreferences/owasp-top10.mdreferences/templates/scan-report.mdAfter scanning, delegate fixes to sniper:
Agent(subagent_type="fuse-ai-pilot:sniper", prompt="Security fixes: [FILE:LINE] [VULN] [FIX]")
npx claudepluginhub fusengine/agents --plugin fuse-securityScans codebases for vulnerabilities like SQL injection, XSS, auth flaws, insecure deps, and secrets using grep and bash. Generates severity-rated reports with file locations, explanations, and fixes.
Performs Static Application Security Testing (SAST) to detect vulnerabilities like SQL injection, XSS, hardcoded secrets, and path traversal in Python, JavaScript/TypeScript, Java, Ruby, PHP, Go, Rust codebases using Bandit, Semgrep, ESLint Security.