A Claude Code slash command for security vulnerability assessment and secrets detection.
# Clone to your preferred location
git clone git@github.com:claude-commands/command-security-scan.git <clone-path>/command-security-scan
# Symlink (use full path to cloned repo)
ln -s <clone-path>/command-security-scan/security-scan.md ~/.claude/commands/security-scan.md/security-scan # Full security audit
/security-scan src/ # Scan specific directory
/security-scan --secrets # Secrets detection only
/security-scan --deps # Dependency vulnerabilities only
/security-scan --code # Code vulnerabilities only
/security-scan --owasp # OWASP Top 10 check
- Scans for hardcoded secrets (API keys, passwords, tokens)
- Checks dependency vulnerabilities (npm audit, govulncheck, etc.)
- Analyzes code for security issues (OWASP Top 10)
- Checks git history for previously committed secrets
- Generates prioritized security report
# Security Scan Report
## Summary
| Category | Critical | High | Medium |
|----------|----------|------|--------|
| Secrets | 1 | 2 | 0 |
| Dependencies | 0 | 3 | 5 |
| Code | 0 | 1 | 4 |
## Critical Issues
### 1. Hardcoded AWS Credentials
- File: src/config/aws.ts:15
- Risk: Full AWS account compromise
- Fix: Move to environment variables| Category | Checks |
|---|---|
| Secrets | API keys, passwords, tokens, private keys |
| Dependencies | CVE scan, outdated packages |
| Injection | SQL, command, LDAP injection |
| XSS | dangerouslySetInnerHTML, innerHTML |
| Auth | Weak passwords, session issues |
| Config | CORS, debug mode, default creds |
- A01: Broken Access Control
- A02: Cryptographic Failures
- A03: Injection
- A05: Security Misconfiguration
- A06: Vulnerable Components
- A07: Authentication Failures
- Git repository with source code
- Claude Code with Opus 4.5 model access
- Optional: npm audit, govulncheck, pip-audit for dependency scans
cd <clone-path>/command-security-scan && git pull