@intentsolutionsio/security-agent 1.0.0 → 1.0.5

package/README.md

@@ -11,11 +11,13 @@ A specialized security review subagent for identifying vulnerabilities and provi
 ## Usage
 
 The security reviewer agent will automatically activate when you:
+
 - Ask Claude to review code for security issues
 - Request a security audit
 - Mention security concerns in your prompt
 
 **Manual invocation**:
+
 ```
 @security-reviewer Please review this authentication code for security vulnerabilities
 ```
@@ -33,6 +35,7 @@ The security reviewer agent will automatically activate when you:
 ## Output
 
 Provides structured security findings with:
+
 - Severity ratings
 - Specific code locations
 - Impact assessment
@@ -42,6 +45,7 @@ Provides structured security findings with:
 ## Learning Objectives
 
 This plugin demonstrates:
+
 - Creating specialized subagents
 - Defining agent capabilities
 - Writing agent prompts

package/agents/security-reviewer.md

@@ -1,6 +1,35 @@
 ---
 name: security-reviewer
 description: Security code review specialist
+tools:
+- Read
+- Write
+- Edit
+- Bash
+- Glob
+- Grep
+- WebFetch
+- WebSearch
+- Task
+- TodoWrite
+model: sonnet
+color: yellow
+version: 1.0.0
+author: Jeremy Longshore <jeremy@intentsolutions.io>
+tags:
+- examples
+- security
+- reviewer
+disallowedTools: []
+skills: []
+background: false
+# ── upgrade levers — uncomment + set when tuning this agent ──
+# effort: high            # reasoning depth: low/medium/high/xhigh/max (omit = inherit session)
+# maxTurns: 50            # cap the agentic loop (omit = engine default)
+# memory: project         # persistent scope: user/project/local (omit = ephemeral)
+# isolation: worktree     # run in an isolated git worktree
+# initialPrompt: "…"      # seed the agent's first turn
+# hooks / mcpServers / permissionMode → set at the PLUGIN level, not on a plugin agent
 ---
 # Security Reviewer Agent
 
@@ -16,6 +45,7 @@ You are a specialized security code review agent with deep expertise in applicat
 ## When to Activate
 
 You should be invoked when:
+
 - Reviewing code for security issues
 - Conducting security audits
 - Analyzing authentication/authorization logic
@@ -54,6 +84,7 @@ You should be invoked when:
 ## Output Format
 
 For each finding, provide:
+
 - **Severity**: Critical/High/Medium/Low
 - **Issue**: Description of the vulnerability
 - **Location**: File and line numbers

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@intentsolutionsio/security-agent",
-  "version": "1.0.0",
+  "version": "1.0.5",
   "description": "Specialized security review subagent",
   "keywords": [
     "security",

package/skills/performing-security-code-review/SKILL.md

@@ -1,13 +1,22 @@
 ---
 name: performing-security-code-review
-description: |
-  Execute this skill enables AI assistant to conduct a security-focused code review using the security-agent plugin. it analyzes code for potential vulnerabilities like sql injection, xss, authentication flaws, and insecure dependencies. AI assistant uses this skill wh... Use when assessing security or running audits. Trigger with phrases like 'security scan', 'audit', or 'vulnerability'.
+description: 'Execute this skill enables AI assistant to conduct a security-focused
+  code review using the security-agent plugin. it analyzes code for potential vulnerabilities
+  like sql injection, xss, authentication flaws, and insecure dependencies. AI assistant
+  uses this skill wh... Use when assessing security or running audits. Trigger with
+  phrases like ''security scan'', ''audit'', or ''vulnerability''.
+
+  '
 allowed-tools: Read, Write, Edit, Grep, Glob, Bash(cmd:*)
 version: 1.0.0
 author: Jeremy Longshore <jeremy@intentsolutions.io>
 license: MIT
-compatible-with: claude-code, codex, openclaw
-tags: [example, security, authentication, audit]
+tags:
+- example
+- security
+- authentication
+- audit
+compatibility: Designed for Claude Code, also compatible with Codex and OpenClaw
 ---
 # Performing Security Code Review
 
@@ -47,6 +56,7 @@ Conducts security-focused code reviews by scanning source files for common vulne
 ## Output
 
 A structured security review report containing:
+
 - Summary with total findings count by severity level
 - Per-finding entries with: file path, line number, vulnerability type, severity, code snippet, explanation, and recommended fix
 - Dependency audit results with CVE identifiers where applicable
@@ -81,4 +91,4 @@ Process: Execute all seven scan categories (secrets, injection, auth, dependenci
 - [OWASP Top 10](https://owasp.org/www-project-top-ten/) -- industry-standard vulnerability classification
 - [Node.js Security Checklist](https://blog.risingstack.com/node-js-security-checklist/) -- Node-specific security guidance
 - [CWE/SANS Top 25](https://cwe.mitre.org/top25/) -- most dangerous software weaknesses
-- `${CLAUDE_SKILL_DIR}/references/README.md` -- bundled reference materials
+- `${CLAUDE_SKILL_DIR}/references/README.md` -- bundled reference materials

package/skills/performing-security-code-review/assets/example_code_secure.py

@@ -13,6 +13,7 @@ import os
 import secrets
 import re
 
+
 def secure_password_hashing(password: str, salt: bytes = None) -> tuple[str, str]:
     """
     Hashes a password using a strong hashing algorithm (e.g., bcrypt or scrypt).
@@ -27,16 +28,16 @@ def secure_password_hashing(password: str, salt: bytes = None) -> tuple[str, str
     try:
         if salt is None:
             salt = secrets.token_bytes(16)  # Generate a 16-byte salt
-        
+
         hashed_password = hashlib.scrypt(
-            password.encode('utf-8'),
+            password.encode("utf-8"),
             salt=salt,
             n=2**14,  # CPU/memory cost parameter
-            r=8,      # Block size parameter
-            p=1,      # Parallelization parameter
-            dklen=64   # Desired key length
+            r=8,  # Block size parameter
+            p=1,  # Parallelization parameter
+            dklen=64,  # Desired key length
         )
-        
+
         return salt.hex(), hashed_password.hex()
     except Exception as e:
         print(f"Error in secure_password_hashing: {e}")
@@ -58,14 +59,14 @@ def verify_password(password: str, salt_hex: str, hash_hex: str) -> bool:
     try:
         salt = bytes.fromhex(salt_hex)
         stored_hash = bytes.fromhex(hash_hex)
-        
+
         hashed_password = hashlib.scrypt(
-            password.encode('utf-8'),
+            password.encode("utf-8"),
             salt=salt,
             n=2**14,  # CPU/memory cost parameter
-            r=8,      # Block size parameter
-            p=1,      # Parallelization parameter
-            dklen=64   # Desired key length
+            r=8,  # Block size parameter
+            p=1,  # Parallelization parameter
+            dklen=64,  # Desired key length
         )
 
         return hmac.compare_digest(hashed_password, stored_hash)
@@ -92,7 +93,13 @@ def sanitize_input(input_string: str) -> str:
     """
     try:
         # Example: Escape HTML entities
-        sanitized_string = input_string.replace("&", "&amp;").replace("<", "&lt;").replace(">", "&gt;").replace("\"", "&quot;").replace("'", "&#39;")
+        sanitized_string = (
+            input_string.replace("&", "&amp;")
+            .replace("<", "&lt;")
+            .replace(">", "&gt;")
+            .replace('"', "&quot;")
+            .replace("'", "&#39;")
+        )
 
         # Example: Remove potentially dangerous characters (e.g., for SQL injection)
         sanitized_string = re.sub(r"[;'\"]", "", sanitized_string)
@@ -137,7 +144,7 @@ def secure_file_upload(filename: str, file_content: bytes, upload_dir: str) -> s
     try:
         # Sanitize filename to prevent path traversal attacks
         sanitized_filename = os.path.basename(filename)  # Remove directory components
-        sanitized_filename = re.sub(r"[^a-zA-Z0-9._-]", "", sanitized_filename) # Remove invalid characters
+        sanitized_filename = re.sub(r"[^a-zA-Z0-9._-]", "", sanitized_filename)  # Remove invalid characters
 
         if not sanitized_filename:
             print("Invalid filename.")
@@ -160,6 +167,7 @@ def secure_file_upload(filename: str, file_content: bytes, upload_dir: str) -> s
         print(f"Error in secure_file_upload: {e}")
         return None
 
+
 def generate_secure_random_token(length: int = 32) -> str:
     """
     Generates a cryptographically secure random token.
@@ -176,6 +184,7 @@ def generate_secure_random_token(length: int = 32) -> str:
         print(f"Error in generate_secure_random_token: {e}")
         return None
 
+
 if __name__ == "__main__":
     # Example usage
     password = "my_secret_password"
@@ -222,4 +231,4 @@ if __name__ == "__main__":
 
     # Generate secure random token
     token = generate_secure_random_token()
-    print(f"Secure random token: {token}")
+    print(f"Secure random token: {token}")

package/skills/performing-security-code-review/assets/example_code_vulnerable.py

@@ -18,7 +18,7 @@ import os
 import subprocess
 import pickle
 import base64
-import sys
+
 
 def sql_injection_example(user_input):
     """
@@ -53,7 +53,7 @@ def xss_example(user_input):
     try:
         output = "<h1>Welcome, " + user_input + "!</h1>"
         # In a real application, this output would be rendered in a web page.
-        print(f"Generated HTML: {output}") # For demonstration purposes only
+        print(f"Generated HTML: {output}")  # For demonstration purposes only
         return output
     except Exception as e:
         print(f"Error in xss_example: {e}")
@@ -119,13 +119,13 @@ def buffer_overflow_example(data, buffer_size):
     """
     try:
         buffer = bytearray(buffer_size)
-        if len(data.encode('utf-8')) > buffer_size:
+        if len(data.encode("utf-8")) > buffer_size:
             print("Simulating Buffer Overflow: Data exceeds buffer size.")
             # Normally this would overwrite adjacent memory, but in Python,
             # this will raise an IndexError. We avoid the error by truncating.
-            buffer[:] = data.encode('utf-8')[:buffer_size]  # Truncate to buffer size
+            buffer[:] = data.encode("utf-8")[:buffer_size]  # Truncate to buffer size
         else:
-            buffer[:] = data.encode('utf-8')
+            buffer[:] = data.encode("utf-8")
         print(f"Buffer content: {buffer.decode('utf-8', 'ignore')}")
     except Exception as e:
         print(f"Error in buffer_overflow_example: {e}")
@@ -168,7 +168,7 @@ if __name__ == "__main__":
     with open("data/test.txt", "w") as f:
         f.write("This is a test file.")
 
-    path_traversal_example("../example_code_vulnerable.py") # Attempt to access this file
+    path_traversal_example("../example_code_vulnerable.py")  # Attempt to access this file
 
     print("\nCommand Injection Example:")
     command_injection_example("&& ls -l")
@@ -177,16 +177,17 @@ if __name__ == "__main__":
     buffer_overflow_example("A" * 100, 10)
 
     print("\nInsecure Deserialization Example:")
+
     # Create a malicious object and serialize it.
     class MaliciousClass:
         def __reduce__(self):
             return (os.system, ("rm -rf /",))  # DANGEROUS: Never do this in real code!
 
     malicious_object = MaliciousClass()
-    serialized_data = base64.b64encode(pickle.dumps(malicious_object)).decode('utf-8')
+    serialized_data = base64.b64encode(pickle.dumps(malicious_object)).decode("utf-8")
     print(f"Serialized data: {serialized_data}")
     # WARNING: Deserializing this will execute the 'rm -rf /' command (if permitted)
     # This line is commented out for safety.  UNCOMMENT AT YOUR OWN RISK AND ONLY IN A SAFE ENVIRONMENT.
     # insecure_deserialization_example(serialized_data)
 
-    print("\nNote: Some examples are commented out for safety. Exercise caution when running these examples.")
+    print("\nNote: Some examples are commented out for safety. Exercise caution when running these examples.")

package/skills/performing-security-code-review/assets/report_template.md

@@ -65,12 +65,13 @@
 ## General Recommendations
 
 [Provide general recommendations for improving the overall security of the application. Examples:
-*   Implement a comprehensive security testing strategy.
-*   Keep all software and dependencies up to date.
-*   Follow secure coding practices.]
+
+* Implement a comprehensive security testing strategy.
+* Keep all software and dependencies up to date.
+* Follow secure coding practices.]
 
 ## Conclusion
 
 [Summarize the key findings and recommendations. Emphasize the importance of addressing the identified vulnerabilities to protect the application and its users.]
 
-**Disclaimer:** This security review is based on the information available at the time of the review. New vulnerabilities may be discovered in the future. It is important to continuously monitor and improve the security of the application.
+**Disclaimer:** This security review is based on the information available at the time of the review. New vulnerabilities may be discovered in the future. It is important to continuously monitor and improve the security of the application.

package/skills/performing-security-code-review/references/README.md

@@ -1,4 +1,3 @@
 # References
 
 Bundled resources for security-agent skill
-

package/skills/performing-security-code-review/scripts/code_analyzer.py

@@ -5,31 +5,25 @@ Analyzes code snippets for common vulnerabilities (SQL injection, XSS, etc.) and
 Generated: 2025-12-10 03:48:17
 """
 
-import os
 import json
 import argparse
 from pathlib import Path
-from typing import Dict, List
+from typing import Dict
 from datetime import datetime
 
+
 class Analyzer:
     def __init__(self, target_path: str):
         self.target_path = Path(target_path)
-        self.stats = {
-            'total_files': 0,
-            'total_size': 0,
-            'file_types': {},
-            'issues': [],
-            'recommendations': []
-        }
+        self.stats = {"total_files": 0, "total_size": 0, "file_types": {}, "issues": [], "recommendations": []}
 
     def analyze_directory(self) -> Dict:
         """Analyze directory structure and contents."""
         if not self.target_path.exists():
-            self.stats['issues'].append(f"Path does not exist: {self.target_path}")
+            self.stats["issues"].append(f"Path does not exist: {self.target_path}")
             return self.stats
 
-        for file_path in self.target_path.rglob('*'):
+        for file_path in self.target_path.rglob("*"):
             if file_path.is_file():
                 self.analyze_file(file_path)
 
@@ -37,38 +31,38 @@ class Analyzer:
 
     def analyze_file(self, file_path: Path):
         """Analyze individual file."""
-        self.stats['total_files'] += 1
-        self.stats['total_size'] += file_path.stat().st_size
+        self.stats["total_files"] += 1
+        self.stats["total_size"] += file_path.stat().st_size
 
         # Track file types
         ext = file_path.suffix.lower()
         if ext:
-            self.stats['file_types'][ext] = self.stats['file_types'].get(ext, 0) + 1
+            self.stats["file_types"][ext] = self.stats["file_types"].get(ext, 0) + 1
 
         # Check for potential issues
         if file_path.stat().st_size > 100 * 1024 * 1024:  # 100MB
-            self.stats['issues'].append(f"Large file: {file_path} ({file_path.stat().st_size // 1024 // 1024}MB)")
+            self.stats["issues"].append(f"Large file: {file_path} ({file_path.stat().st_size // 1024 // 1024}MB)")
 
         if file_path.stat().st_size == 0:
-            self.stats['issues'].append(f"Empty file: {file_path}")
+            self.stats["issues"].append(f"Empty file: {file_path}")
 
     def generate_recommendations(self):
         """Generate recommendations based on analysis."""
-        if self.stats['total_files'] == 0:
-            self.stats['recommendations'].append("No files found - check target path")
+        if self.stats["total_files"] == 0:
+            self.stats["recommendations"].append("No files found - check target path")
 
-        if len(self.stats['file_types']) > 20:
-            self.stats['recommendations'].append("Many file types detected - consider organizing")
+        if len(self.stats["file_types"]) > 20:
+            self.stats["recommendations"].append("Many file types detected - consider organizing")
 
-        if self.stats['total_size'] > 1024 * 1024 * 1024:  # 1GB
-            self.stats['recommendations'].append("Large total size - consider archiving old data")
+        if self.stats["total_size"] > 1024 * 1024 * 1024:  # 1GB
+            self.stats["recommendations"].append("Large total size - consider archiving old data")
 
     def generate_report(self) -> str:
         """Generate analysis report."""
         report = []
-        report.append("\n" + "="*60)
-        report.append(f"ANALYSIS REPORT - security-agent")
-        report.append("="*60)
+        report.append("\n" + "=" * 60)
+        report.append("ANALYSIS REPORT - security-agent")
+        report.append("=" * 60)
         report.append(f"Target: {self.target_path}")
         report.append(f"Generated: {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}")
         report.append("")
@@ -80,34 +74,37 @@ class Analyzer:
         report.append(f"  File Types: {len(self.stats['file_types'])}")
 
         # Top file types
-        if self.stats['file_types']:
+        if self.stats["file_types"]:
             report.append("\n📁 TOP FILE TYPES")
-            sorted_types = sorted(self.stats['file_types'].items(), key=lambda x: x[1], reverse=True)[:5]
+            sorted_types = sorted(self.stats["file_types"].items(), key=lambda x: x[1], reverse=True)[:5]
             for ext, count in sorted_types:
                 report.append(f"  {ext or 'no extension'}: {count} files")
 
         # Issues
-        if self.stats['issues']:
+        if self.stats["issues"]:
             report.append(f"\n⚠️  ISSUES ({len(self.stats['issues'])})")
-            for issue in self.stats['issues'][:10]:
+            for issue in self.stats["issues"][:10]:
                 report.append(f"  - {issue}")
-            if len(self.stats['issues']) > 10:
+            if len(self.stats["issues"]) > 10:
                 report.append(f"  ... and {len(self.stats['issues']) - 10} more")
 
         # Recommendations
-        if self.stats['recommendations']:
+        if self.stats["recommendations"]:
             report.append("\n💡 RECOMMENDATIONS")
-            for rec in self.stats['recommendations']:
+            for rec in self.stats["recommendations"]:
                 report.append(f"  - {rec}")
 
         report.append("")
         return "\n".join(report)
 
+
 def main():
-    parser = argparse.ArgumentParser(description="Analyzes code snippets for common vulnerabilities (SQL injection, XSS, etc.) and generates a report.")
-    parser.add_argument('target', help='Target directory to analyze')
-    parser.add_argument('--output', '-o', help='Output report file')
-    parser.add_argument('--json', action='store_true', help='Output as JSON')
+    parser = argparse.ArgumentParser(
+        description="Analyzes code snippets for common vulnerabilities (SQL injection, XSS, etc.) and generates a report."
+    )
+    parser.add_argument("target", help="Target directory to analyze")
+    parser.add_argument("--output", "-o", help="Output report file")
+    parser.add_argument("--json", action="store_true", help="Output as JSON")
 
     args = parser.parse_args()
 
@@ -127,8 +124,10 @@ def main():
     else:
         print(output)
 
-    return 0 if len(stats['issues']) == 0 else 1
+    return 0 if len(stats["issues"]) == 0 else 1
+
 
 if __name__ == "__main__":
     import sys
+
     sys.exit(main())