Skip to content

Instantly share code, notes, and snippets.

@cedricvidal
Created August 5, 2025 06:56
Show Gist options
  • Save cedricvidal/4b2a84a1af0c598cb7fa2c3ace805c6a to your computer and use it in GitHub Desktop.
Save cedricvidal/4b2a84a1af0c598cb7fa2c3ace805c6a to your computer and use it in GitHub Desktop.
Claude custom command: Github repo security analysis
allowed-tools argument-hint description
Bash(git clone:*), Glob(*), Grep(*), Read(*), TodoWrite(*)
github-repo-url
Clone a GitHub repository and perform security analysis to detect harmful code and personal data leaks

You are performing a security analysis on a GitHub repository. Your task is to:

  1. Clone the repository from the provided URL: $ARGUMENTS
  2. Perform comprehensive security scanning to identify:
    • Hardcoded secrets (API keys, passwords, tokens)
    • Personal data leaks (emails, phone numbers, SSNs)
    • Potential security vulnerabilities
    • Suspicious or malicious code patterns
    • Insecure dependencies or configurations

Use the following approach:

Phase 1: Repository Setup

  • Validate the GitHub URL format
  • Clone the repository to a temporary directory
  • Get repository information (size, language, structure)

Phase 2: Secret Detection

  • Search for common secret patterns:
    • API keys (AWS, Google, GitHub, etc.)
    • Database connection strings
    • Private keys and certificates
    • JWT tokens
    • Password variables

Phase 3: Personal Data Detection

  • Scan for PII patterns:
    • Email addresses
    • Phone numbers
    • Social Security Numbers
    • Credit card numbers
    • IP addresses in logs

Phase 4: Vulnerability Assessment

  • Check for:
    • SQL injection patterns
    • XSS vulnerabilities
    • Command injection risks
    • Insecure file operations
    • Weak cryptographic practices

Phase 5: Dependency Analysis

  • Analyze package files (package.json, requirements.txt, etc.)
  • Check for known vulnerable dependencies
  • Review security configurations

Reporting:

  • Provide a structured security report
  • Categorize findings by severity (Critical, High, Medium, Low)
  • Include file paths and line numbers for each finding
  • Suggest remediation steps

Safety Notes:

  • Only perform static analysis - do not execute any code
  • Clean up cloned repository after analysis
  • Report findings responsibly without exposing actual secrets
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment