commands/security-scan.md
Run AgentShield against the current project or a target path, then turn the findings into a prioritized remediation plan.
/security-scan [path] [--format text|json|markdown|html] [--min-severity low|medium|high|critical] [--fix]
path (optional): defaults to the current project. Use a .claude/ path, a repo root, or a checked-in template directory.--format: output format. Use json for CI, markdown for handoffs, and html for standalone review reports.--min-severity: filters lower-priority findings.--fix: applies only AgentShield fixes explicitly marked as safe and auto-fixable.Prefer the packaged scanner:
npx ecc-agentshield scan --path "${TARGET_PATH:-.}" --format text
For local AgentShield development, run from the AgentShield checkout:
npm run scan -- --path "${TARGET_PATH:-.}" --format text
Do not invent findings. Use AgentShield output as the source of truth and separate scanner facts from follow-up judgment.
npx--fix is requested, state the planned edits before applying fixes.Return:
Use AgentShield in GitHub Actions for enforced gates:
- uses: affaan-m/agentshield@v1
with:
path: "."
min-severity: "medium"
fail-on-findings: true
skills/security-scan/SKILL.mdagents/security-reviewer.md$ARGUMENTS: