---
name: security-deep-scan
description: Run deterministic deep-scan — 10 Node.js scanners for Unicode attacks, entropy analysis, permission mapping, dependency auditing, taint tracing, git forensics, network mapping, memory poisoning, supply chain recheck, and toxic flow analysis
---

# Deep Scan

10 deterministic Node.js scanners — entropy, Unicode, typosquatting, git forensics, taint tracing, dep audit, network mapping, memory poisoning, supply chain recheck, toxic flow analysis.

## Step 1: Setup

- If `$ARGUMENTS` is empty, target = current working directory. Otherwise target = `$ARGUMENTS` (strip `--deep` if present).
- Create a temporary file path for results (e.g. using `node -p "require('path').join(require('os').tmpdir(), 'deep-scan-results.json')"`).

## Step 2: Run Orchestrator

```bash
node <plugin-root>/scanners/scan-orchestrator.mjs "<target>" --output-file "<results_file>"
```

Exit codes: 0=ALLOW, 1=WARNING, 2=BLOCK. Stdout = compact aggregate JSON. Full results in file.

## Step 3: Show Banner

```
## Deep Scan: [VERDICT]
Risk Score: X/100 | Findings: XC XH XM XL XI
Scanners: X ok, X error, X skipped
```

## Step 4: Synthesize Report

Read the full results from `<results_file>`. Also read `<plugin-root>/knowledge/mitigation-matrix.md` for remediation context.

Produce a complete report with:
1. **Executive Summary** — 3-5 sentences: posture assessment, dominant issue themes, intent assessment
2. **Per-Scanner Details** — Group findings by severity (CRITICAL first). Highlight important findings, explain implications.
3. **Toxic Flow Analysis** — If toxic-flow findings exist, show the trifecta chain legs (Input, Access, Exfil) with evidence
4. **Recommendations** — Prioritized by urgency. Include finding IDs and actionable fix steps.
5. **OWASP Coverage** — Map findings to OWASP LLM Top 10 and Agentic AI Top 10 categories.

Do NOT invent findings. Do NOT downplay CRITICAL or HIGH severity issues.