allowed-tools | argument-hint | description | |
---|---|---|---|
Bash(git clone:*), Glob(*), Grep(*), Read(*), TodoWrite(*) |
|
Clone a GitHub repository and perform security analysis to detect harmful code and personal data leaks |
You are performing a security analysis on a GitHub repository. Your task is to:
- Clone the repository from the provided URL: $ARGUMENTS
- Perform comprehensive security scanning to identify:
- Hardcoded secrets (API keys, passwords, tokens)
- Personal data leaks (emails, phone numbers, SSNs)
- Potential security vulnerabilities
- Suspicious or malicious code patterns
- Insecure dependencies or configurations
Use the following approach:
Phase 1: Repository Setup
- Validate the GitHub URL format
- Clone the repository to a temporary directory
- Get repository information (size, language, structure)
Phase 2: Secret Detection
- Search for common secret patterns:
- API keys (AWS, Google, GitHub, etc.)
- Database connection strings
- Private keys and certificates
- JWT tokens
- Password variables
Phase 3: Personal Data Detection
- Scan for PII patterns:
- Email addresses
- Phone numbers
- Social Security Numbers
- Credit card numbers
- IP addresses in logs
Phase 4: Vulnerability Assessment
- Check for:
- SQL injection patterns
- XSS vulnerabilities
- Command injection risks
- Insecure file operations
- Weak cryptographic practices
Phase 5: Dependency Analysis
- Analyze package files (package.json, requirements.txt, etc.)
- Check for known vulnerable dependencies
- Review security configurations
Reporting:
- Provide a structured security report
- Categorize findings by severity (Critical, High, Medium, Low)
- Include file paths and line numbers for each finding
- Suggest remediation steps
Safety Notes:
- Only perform static analysis - do not execute any code
- Clean up cloned repository after analysis
- Report findings responsibly without exposing actual secrets