1.5 KiB
1.5 KiB
| name | description | allowed-tools | model |
|---|---|---|---|
| security:deep-scan | Run deterministic deep-scan — 9 Node.js scanners for Unicode attacks, entropy analysis, permission mapping, dependency auditing, taint tracing, git forensics, network mapping, memory poisoning, and toxic flow analysis | Read, Glob, Grep, Bash, Agent | sonnet |
/security deep-scan [path]
9 deterministic Node.js scanners — entropy, Unicode, typosquatting, git forensics, taint tracing, dep audit, network mapping, memory poisoning, toxic flow analysis.
Step 1: Setup
$ARGUMENTSempty → target = cwd. Otherwise target =$ARGUMENTS(strip--deep).- Plugin root = parent of this
commands/folder. - Get temp path:
node -p "require('path').join(require('os').tmpdir(), 'deep-scan-results.json')"
Step 2: Run Orchestrator
node <plugin-root>/scanners/scan-orchestrator.mjs "<target>" --output-file "<results_file>"
Exit 0=ALLOW, 1=WARNING, 2=BLOCK. Stdout = compact aggregate JSON. Full results in file.
Step 3: Show Banner
## Deep Scan: [VERDICT]
Risk Score: X/100 | Findings: XC XH XM XL XI
Scanners: X ok, X error, X skipped
Step 4: Synthesize Report
Spawn subagent_type: "llm-security:deep-scan-synthesizer-agent", model: "sonnet":
Read scan results from: <results_file> Read: <plugin-root>/knowledge/mitigation-matrix.md Produce complete report with actionable insights. Don't pad.
Output the synthesizer's report. If it fails, show banner + CRITICAL/HIGH findings from JSON.