Claude Skill

utkusen/sast-skills

SAST Skills是一个代理技能集合,可将您的AI编码器转变为SAST扫描器,在Claude Code中实现静态应用安全测试。

概览

Stars680
Forks31
语言未知
最后更新2026-04-08
最近同步2026-07-03
前往 GitHub

仓库信息

拥有者utkusen
仓库sast-skills
完整名称utkusen/sast-skills
Repo ID1,196,248,606

安装这个 Skill

git clone https://github.com/utkusen/sast-skills.git

Registry 信息

类型codex_skill
质量分70/100
验证状态readme_parsed
最近验证2026-06-07
平台
ClaudeCodexCursor
能力
workflowai-securityclaudeclaude-codesast
识别文件
README.md

项目简介

一个代理技能集合,可将您的AI编码器转变为SAST扫描器,直接在Claude Code中实现静态应用安全测试。

英文描述

Collection of agent skills that turn your AI coder into a SAST scanner

要点

  • 将Claude Code转变为SAST扫描器
  • 可复用的代理技能集合
  • 专注于AI安全与代码分析
  • 开源且社区驱动
  • 轻量级集成到现有工作流中

使用场景

  • 开发过程中对代码库进行静态分析
  • 在CI/CD流水线中自动化安全扫描
  • 增强AI编码助手的安防意识
  • 通过代理反馈教授安全编码实践
  • 在开源项目中快速检测漏洞

README 摘要

# LLM SAST Skills A collection of agent skills that turn your LLM coding assistant into a fully functional SAST scanner to find vulnerabilities in your codebase. Works natively with Claude Code, Codex, Opencode, Cursor and any other assistant that supports agent skills. No third-party tools required. Claude Code with Opus model is recommended. But if the cost is a concern, use any IDE and model you trust. ![Process in Claude Code](demo.gif) ## How It Works `CLAUDE.md` (for Claude Code) or `AGENTS.md` (for Opencode and other IDEs) orchestrates the entire assessment workflow automatically. The assessment runs in three steps: 1. **Codebase Analysis** -- The `sast-analysis` skill maps the technology stack, architecture, entry points, data flows, and trust boundaries. It writes its findings to `sast/architecture.md`. 2. **Vulnerability Detection (parallel)** -- All 13 vulnerability detection skills run in parallel as subagents. Each skill follows a two-phase approach: first a recon/discovery phase to find candidate sections, then a verification phase to confirm exploitability. Results are written to `sast/*-results.md`. 3. **Report Generation** -- The `sast-report` skill consolidates all findings into a single `sast/final-report.md`, ranked by severity with full remediation guidance and dynamic test instructions. ## What It Detects | Skill | Vulnerability Class | |---|---| | sast-analysis | Codebase reconnaissance, architecture mapping, threat modeling | | sast-sqli | SQL Injection | | sast-graphql | GraphQL injection | | sast-xss | Cross-Site Scripting (XSS) | | sast-rce | Remote Code Execution (command injection, eval, unsafe deserialization) | | sast-ssrf | Server-Side Request Forgery | | sast-idor | Insecure Direct Object Reference | | sast-xxe | XML External E

话题

探索更多

数据来自 GitHub,同步时间:2026-07-03