SA
SkillAvatars
← Back to Skills

Security

advanced-github-security-scanner - Claude MCP Skill

Advanced GitHub repository security scanner with automated URL generation, source code fetching, and comprehensive security validation using dollhouse security framework

SEO Guide: Enhance your AI agent with the advanced-github-security-scanner tool. This Model Context Protocol (MCP) server allows Claude Desktop and other LLMs to advanced github repository security scanner with automated url generation, source code fetching, and... Download and configure this skill to unlock new capabilities for your AI workflow.

🌟1 stars • 0 forks
📥0 downloads
JavaScriptNode.js
View on GitHub🔗 Claude Servers

Documentation

SKILL.md
# Advanced GitHub Repository Security Scanner (Reality-Based)

## Purpose
Comprehensive GitHub repository analysis skill that uses smart file discovery to verify actual file existence, then performs automated security validation using the complete dollhouse security framework. No more hallucinated URLs or 404 errors!

## Enhanced Reality-Based Functionality

### 1. Smart Repository Discovery (Phase 1)
Uses search-based verification to find files that actually exist:
- **Search-First Approach:** Query GitHub to discover real files
- **Verify Before Generate:** Confirm file existence via search results
- **Project Type Detection:** Identify actual project structure and language
- **Eliminate False Positives:** Never generate URLs for non-existent files

### 2. Verified URL Generation (Phase 2)
Only creates URLs for confirmed files:
- **High Success Rate:** 90%+ fetch success instead of random failures
- **Accurate Analysis:** Security validation based on real code
- **Clear Status Reporting:** Distinguish between found, missing, and alternative files
- **No Speculation:** Zero hallucinated file paths

### 3. Intelligent Project Analysis
Adapts to actual repository structure:
- **Language Detection:** Based on real files found, not assumptions
- **Framework Identification:** Analyze actual dependencies and configs
- **Entry Point Discovery:** Find real main files, not guessed ones
- **Security File Mapping:** Locate actual security docs and configurations

## Reality-Based Discovery Workflow

### Phase 1: Search-Based File Discovery
Instead of guessing what files exist, search GitHub to discover actual files:

```javascript
async discoverActualFiles(repoURL) {
    const { owner, repo, branch } = this.parseRepo(repoURL);
    
    // Search for files that actually exist
    const searchQueries = [
        `site:github.com ${owner}/${repo} "package.json"`,
        `site:github.com ${owner}/${repo} "requirements.txt"`,
        `site:github.com ${owner}/${repo} ".claude.json"`,
        `site:github.com ${owner}/${repo} "Cargo.toml"`,
        `site:github.com ${owner}/${repo} "SECURITY.md"`,
        `site:github.com ${owner}/${repo}/blob/${branch}/.claude`,
        `site:github.com ${owner}/${repo} filetype:js`,
        `site:github.com ${owner}/${repo} filetype:py`,
    ];
    
    const confirmedFiles = [];
    for (const query of searchQueries) {
        const results = await searchGitHub(query);
        const foundFiles = extractFilesFromResults(results);
        confirmedFiles.push(...foundFiles);
    }
    
    return deduplicateAndVerify(confirmedFiles);
}
```

### Phase 2: Reality-Based Project Analysis
Determine project type based on files that actually exist:

```javascript
analyzeActualProjectType(confirmedFiles) {
    const fileNames = confirmedFiles.map(f => f.name);
    
    if (fileNames.includes('.claude.json') || 
        confirmedFiles.some(f => f.path.includes('.claude/'))) {
        return {
            type: 'Claude Code Project',
            confidence: 'HIGH',
            evidence: ['.claude directory structure', 'Claude-specific configs'],
            securityFiles: ['.claude.json', '.claude/CLAUDE.md', '.claude/settings.json']
        };
    }
    
    if (fileNames.includes('package.json')) {
        return {
            type: 'Node.js/JavaScript',
            confidence: 'HIGH', 
            evidence: ['package.json found'],
            securityFiles: ['package.json', 'package-lock.json', '.env.example']
        };
    }
    
    // ... other project type detection based on actual files
}
```

### Phase 3: Verified URL Generation
Only generate URLs for files confirmed to exist:

```javascript
generateVerifiedURLs(confirmedFiles) {
    return confirmedFiles
        .filter(file => file.confirmed === true)
        .map(file => ({
            name: file.name,
            path: file.path,
            url: `https://raw.githubusercontent.com/${file.owner}/${file.repo}/${file.branch}/${file.path}`,
            verified: true,
            priority: file.securityRelevance
        }));
}
```

## Integration with Dollhouse Security Framework

### Enhanced Security Validation Pipeline
```
Repository URL → Smart Discovery → Verified Files → Accurate URLs → Security Analysis → Reality-Based Report
```

### Core Security Skills Integration
- **smart-github-file-discovery**: File existence verification
- **complete-security-validation-engine**: Comprehensive threat detection
- **content-safety-validator**: Malicious pattern detection  
- **programmatic-security-validator**: Automated security checks
- **encoding-pattern-detection**: Advanced obfuscation detection

## Reality-Based Security Assessment

### Only Analyze Confirmed Files
```javascript
async performVerifiedSecurityAnalysis(discoveredFiles) {
    const analysisResults = [];
    let riskScore = 0;
    
    for (const file of discoveredFiles.confirmed) {
        const rawURL = file.url; // Pre-verified URL
        try {
            const content = await fetchFile(rawURL); // High success rate
            const fileAnalysis = await analyzeFileContent(content, file);
            
            analysisResults.push({
                file: file.name,
                url: rawURL,
                status: 'ANALYZED',
                threats: fileAnalysis.threats,
                score: fileAnalysis.riskScore
            });
            
            riskScore += fileAnalysis.riskScore;
        } catch (error) {
            // Unexpected - file was verified to exist
            analysisResults.push({
                file: file.name,
                status: 'UNEXPECTED_FETCH_FAILURE',
                error: error.message
            });
        }
    }
    
    return {
        overallRiskScore: riskScore,
        analysisResults: analysisResults,
        confidence: calculateConfidence(analysisResults),
        coverage: calculateCoverage(discoveredFiles)
    };
}
```

## Usage Examples

### Fixed Claude Code Analysis
**Input:** `https://github.com/anthropics/claude-code`

**Old Way (Pattern-Based):**
- Generates: `package.json` ❌ (doesn't exist)
- Result: 404 errors, failed analysis

**New Way (Reality-Based):**
1. Search discovers: `.claude.json`, `SECURITY.md`, `.claude/` directory
2. Identifies: Claude Code Project (not Node.js)
3. Generates verified URLs only for confirmed files
4. Result: Successful analysis of actual project structure

### Copy/Paste Commands (Fixed)
```
activate skill: advanced-github-security-scanner
activate skill: smart-github-file-discovery
analyze with verification: https://github.com/anthropics/claude-code
```

## Error Handling and Transparency

### Discovery Status Reporting
```javascript
const discoveryReport = {
    repository: 'anthropics/claude-code',
    discovery_method: 'search_verified',
    confirmed_files: [
        { name: 'SECURITY.md', status: 'CONFIRMED', url: '...' },
        { name: '.claude.json', status: 'CONFIRMED', url: '...' }
    ],
    missing_expected: [
        { name: 'package.json', status: 'NOT_FOUND', reason: 'Not a Node.js project' }
    ],
    project_analysis: {
        type: 'Claude Code CLI Tool',
        confidence: 'HIGH',
        evidence: ['.claude directory structure', 'Claude-specific configuration files']
    }
};
```

### Quality Metrics
- **Discovery Success Rate**: % of searches that found actual files  
- **URL Generation Accuracy**: % of generated URLs that successfully fetch (target: 90%+)
- **Analysis Coverage**: % of confirmed files successfully analyzed
- **False Positive Rate**: % of generated URLs that 404 (target: <5%)

This reality-based approach transforms the GitHub security scanner from a pattern-guessing tool into a precise, verified analysis system that only works with files that actually exist, eliminating false positives and providing reliable security assessments.

Signals

Avg rating0.0
Reviews0
Favorites0

Information

Repository
mickdarling/dollhouse-portfolio
Author
mickdarling
Last Sync
1/14/2026
Repo Updated
10/25/2025
Created
1/13/2026

Reviews (0)

No reviews yet. Be the first to review this skill!

Related Skills

upgrade-webkit

Upgrade Bun's Webkit fork to the latest upstream version of Webkit.

44050Has guide

upgrade-nodejs

Upgrading Bun's Self-Reported Node.js Version

44050Has guide

cn-check

Install and run the Continue CLI (`cn`) to execute AI agent checks on local code changes. Use when asked to "run checks", "lint with AI", "review my changes with cn", or set up Continue CI locally.

31808

CLAUDE

CLAUDE.md

27345

Related Guides

Mastering VSCode Extension Development with Claude: A Complete Guide to the TypeScript Extension Dev Skill

Learn how to use the vscode extension dev typescript Claude skill. Complete guide with installation instructions and examples.

Building Full-Stack Applications with Claude: The Node.js MongoDB JWT Express React Skill Guide

Learn how to use the nodejs mongodb jwt express react Claude skill. Complete guide with installation instructions and examples.

Mastering Modern Web Development with the Next.js React Tailwind Claude Skill

Learn how to use the nextjs react tailwind Claude skill. Complete guide with installation instructions and examples.