Saarthi-AI security_scan
Run runDependencyAudit, runSastScan, and runHoundDogScan and return a concise, prioritized security summary with critical/high findings first. Must use this skill if security scanning is explicitly requested by the user.
install
source · Clone the upstream repo
git clone https://github.com/SAARTHII-AI/Saarthi-AI
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/SAARTHII-AI/Saarthi-AI "$T" && mkdir -p ~/.claude/skills && cp -r "$T/.local/skills/security_scan" ~/.claude/skills/saarthii-ai-saarthi-ai-security-scan && rm -rf "$T"
manifest:
.local/skills/security_scan/SKILL.mdsource content
Security Scan Skill
Run three independent scanners and summarize results:
for package/dependency vulnerabilitiesrunDependencyAudit()
for static code findingsrunSastScan()
for privacy/security dataflow findingsrunHoundDogScan()
Orchestration
For full scans, run scanners in parallel and tolerate per-scanner failures.
const [depResult, sastResult, hounddogResult] = await Promise.allSettled([ runDependencyAudit(), runSastScan(), runHoundDogScan(), ]); const dep = depResult.status === 'fulfilled' ? depResult.value : null; const sast = sastResult.status === 'fulfilled' ? sastResult.value : null; const hounddog = hounddogResult.status === 'fulfilled' ? hounddogResult.value : null;
Do not fail the whole scan because one scanner errors.
Minimal Response Shape
runDependencyAudit()
:metadata.vulnerabilities{ info, low, moderate, high, critical }
:vulnerabilities[]
,id
,package
,severity
,fixsource
runSastScan()
:results[]
,checkId
,message
,severity
,fingerprintlocation
runHoundDogScan()
:vulnerabilities[]
,hash
,ruleIds
,message
,severity
,location
,privacyViolationsremediation*
Output Expectations
Return concise results instead of dumping full payloads:
- Per scanner: status (
orok
) and count by severity.error - Top critical/high findings with file path and short message.
- A short remediation plan, with risky/breaking changes clearly called out.