Security scanning skill for AI coding agents checks deployments automatically
A developer has built a security scanning skill for AI coding agents that automatically checks deployments for common vulnerabilities. The skill was created after the developer repeatedly found exposed .env files and open ports in applications after their agent deployed them.
How it works
The skill file allows AI coding agents to check their own deployments automatically. It runs a scan after every deploy, looking for several specific security issues:
- Exposed secrets (specifically mentioned: .env files)
- Open database ports
- Missing security headers
- Leaked source code
The scan takes approximately 30 seconds to complete. The developer notes this is a proactive measure to catch security issues immediately after deployment rather than discovering them later.
Availability and discussion
The skill has been published on ClawHub at https://clawhub.ai/doureios39/preflyt. The developer is asking the community if others have built similar security-related skills for their AI coding agents.
This type of automated security scanning is particularly relevant for AI coding agents, which can rapidly deploy applications but may not have built-in security validation. Automated post-deployment checks can help catch common misconfigurations before they become security incidents.
📖 Read the full source: r/clawdbot
👀 See Also
Multi-Agent Content Pipeline for Claude Code with Quality Gates
A developer built a six-agent content pipeline for Claude Code that separates research, writing, editing, and SEO tasks with quality gates between stages. The system halts for manual approval before publishing and allows individual agent re-runs.
Modo: Open-Source AI IDE with Spec-Driven Development and Agent Hooks
Modo is an open-source desktop IDE built on Void editor that adds spec-driven development workflows, agent hooks, and steering files. It structures prompts into requirements, design, and tasks before generating code.
Altimate Code: Open-Source Agentic Data Engineering Harness
Altimate Code is an open-source harness that provides deterministic data engineering tools for AI agents, addressing issues like hallucinated SQL and missing schema context. It includes column-level lineage, SQL anti-pattern detection, and dbt integration, with benchmarks showing 74.4% performance on ADE-bench.
Slack Plugin for Claude Code: Connect to Slack for Context and Updates
Slack has released a new plugin for Claude Code that enables connection to Slack for search, messaging, and document creation. The plugin allows Claude Code to access Slack context to unblock technical problems and post updates.