Stats
Actions
Tags
'%20stop-opacity%3D'0.16'%2F%3E%3Cstop%20offset%3D'1'%20stop-color%3D'rgb(200%2C90%2C60)'%20stop-opacity%3D'0.03'%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Crect%20width%3D'320'%20height%3D'200'%20fill%3D'url(%23g)'%2F%3E%3Ccircle%20cx%3D'250'%20cy%3D'56'%20r%3D'92'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.06'%2F%3E%3Ccircle%20cx%3D'64'%20cy%3D'172'%20r%3D'58'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.05'%2F%3E%3C%2Fsvg%3E)
From syncable-cli-skills
Scans codebases for leaked secrets (API keys, tokens, passwords, private keys), insecure code patterns, and configuration issues. Returns severity-rated findings with file locations and remediation steps.
How this skill is triggered — by the user, by Claude, or both
Slash command
/syncable-cli-skills:syncable-securityThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Scan a codebase for leaked secrets (API keys, tokens, passwords, private keys), insecure code patterns, and configuration issues. Returns findings with severity, file locations, and remediation.
Scan a codebase for leaked secrets (API keys, tokens, passwords, private keys), insecure code patterns, and configuration issues. Returns findings with severity, file locations, and remediation.
Always pass --mode explicitly:
| Mode | When to use |
|---|---|
lightning | Quick check, critical files only (.env, configs) |
fast | Smart sampling, large repos during development |
balanced | Default. Good coverage with optimizations |
thorough | Pre-deployment, PR security reviews |
paranoid | Compliance audits, production reviews |
| Flag | Purpose |
|---|---|
--mode <MODE> | Scan depth (always specify) |
--agent | Compressed output (always use) |
--include-low | Include low-severity findings |
--no-secrets | Skip secrets detection (code patterns only) |
--no-code-patterns | Skip code patterns (secrets only) |
--fail-on-findings | Exit with error code if findings exist (CI) |
--output <FILE> | Write report to file |
sync-ctl security <PATH> --mode balanced --agent
Success criteria: JSON output with summary containing severity counts.
Priority order: critical findings (leaked secrets) > high (insecure patterns) > summary score > remediation steps.
Compressed output only includes critical + first 10 high findings. Medium/low are counts only. Use retrieve for details:
sync-ctl retrieve <ref_id> --query "severity:medium"
sync-ctl retrieve <ref_id> --query "file:src/auth.rs"
sync-ctl retrieve <ref_id> --query "code:hardcoded-secret"
Results paginated (default 20). Use --limit N --offset M for more.
Available queries: severity:critical|high|medium|low|info, file:<path>, code:<id>
| Error | Action |
|---|---|
No such file or directory | Ask user to verify path |
| Very slow scan | Suggest balanced or fast mode instead |
No findings with lightning/fast | Re-run with balanced for deeper coverage |
npx claudepluginhub syncable-dev/syncable-cli --plugin syncable-cli-skillsRuns a lightweight mechanical security scan for fast triage. Invoked via /Harness Security Scan or as part of codebase-health-analyst sweep.
Scans codebases for exposed API keys, passwords, tokens, and private keys using pattern matching and entropy analysis. Generates reports with file locations and remediation guidance.
Scans codebases for vulnerabilities like SQL injection, XSS, auth flaws, insecure deps, and secrets using grep and bash. Generates severity-rated reports with file locations, explanations, and fixes.