Smithery Logo
MCPsSkillsDocsPricing
Login
NewFlame, an assistant that learns and improves. Available onTelegramSlack
    sugarforever

    python-security-scan

    sugarforever/python-security-scan
    Security
    52

    About

    SKILL.md

    Install

    • Telegram
      Telegram
    • Slack
      Slack
    • Claude Code
      Claude Code
    • Codex
      Codex
    • OpenClaw
      OpenClaw
    • Cursor
      Cursor
    • Amp
      Amp
    • GitHub Copilot
      GitHub Copilot
    • Gemini CLI
      Gemini CLI
    • Kilo Code
      Kilo Code
    • Junie
      Junie
    • Replit
      Replit
    • Windsurf
      Windsurf
    • Cline
      Cline
    • Continue
      Continue
    • OpenCode
      OpenCode
    • OpenHands
      OpenHands
    • Roo Code
      Roo Code
    • Augment
      Augment
    • Goose
      Goose
    • Trae
      Trae
    • Zencoder
      Zencoder
    • Antigravity
      Antigravity
    • Download skill
    ├─
    ├─
    └─
    Smithery Logo

    Give agents more agency

    Resources

    DocumentationPrivacy PolicySystem Status

    Company

    PricingAboutBlog

    Connect

    © 2026 Smithery. All rights reserved.

    About

    Comprehensive security vulnerability scanner for Python projects including Flask, Django, and FastAPI applications...

    SKILL.md

    Python Security Scan Skill

    This skill enables comprehensive security scanning of Python projects based on OWASP guidelines, Python security best practices, and framework-specific vulnerabilities.

    When to Use This Skill

    • Security audits of Python applications
    • Code review for security vulnerabilities
    • Pre-deployment security checks
    • Dependency vulnerability assessment
    • Detecting hardcoded secrets and credentials
    • Framework-specific security reviews (Flask, Django, FastAPI)

    Supported Frameworks

    This skill automatically detects and applies framework-specific checks for:

    • Flask - Template injection, session security, CORS, extensions
    • Django - ORM injection, CSRF, template security, settings
    • FastAPI - Dependency injection, Pydantic validation, OAuth2
    • General Python - Core language vulnerabilities applicable to all projects

    Scan Types

    1. Quick Scan

    Fast scan focusing on critical vulnerabilities:

    • Hardcoded secrets, API keys, and credentials
    • Dangerous function usage (eval, exec, pickle.loads)
    • Command injection via subprocess, os.system
    • SQL injection patterns
    • Known vulnerable dependencies

    2. Full Scan

    Comprehensive security assessment covering:

    • All OWASP Top 10:2025 categories
    • Python-specific vulnerabilities
    • Framework-specific security issues
    • Injection vulnerabilities (SQL, NoSQL, Command, LDAP)
    • Insecure deserialization
    • Authentication and authorization flaws
    • Cryptographic failures
    • Security misconfigurations
    • Dependency audit (CVE check)
    • Environment variable and secrets exposure

    3. Targeted Scan

    Focus on specific vulnerability categories:

    • --injection - SQL/NoSQL/Command/LDAP injection
    • --deserialization - Pickle, YAML, JSON deserialization
    • --auth - Authentication/authorization issues
    • --secrets - Hardcoded credentials
    • --deps - Dependency vulnerabilities
    • --crypto - Cryptographic issues
    • --flask - Flask-specific vulnerabilities
    • --django - Django-specific vulnerabilities
    • --fastapi - FastAPI-specific vulnerabilities

    Scan Procedure

    Step 1: Project Discovery

    1. Identify project type and framework:
      • Check for requirements.txt, Pipfile, pyproject.toml, setup.py
      • Detect Flask (from flask import), Django (django.conf), FastAPI (from fastapi import)
    2. Locate configuration files
    3. Map the codebase structure

    Step 2: Framework Detection

    # Detection patterns
    Flask: "from flask import", "Flask(__name__)"
    Django: "django.conf.settings", "INSTALLED_APPS", "manage.py"
    FastAPI: "from fastapi import", "FastAPI()"
    

    Step 3: Dependency Audit

    Run the dependency audit script:

    ./scripts/dependency-audit.sh /path/to/project
    

    Or manually:

    pip-audit
    # or
    safety check
    

    Step 4: Secret Scanning

    Scan for hardcoded secrets:

    python scripts/secret-scanner.py /path/to/project
    

    Important: Environment File Handling

    • By default, real .env files are SKIPPED (.env, .env.local, .env.production, etc.)
    • These files contain actual secrets and should not be in version control
    • Only .env.example and .env.template files are analyzed for documentation quality
    • Use --include-env-files flag only if explicitly requested by user

    The scanner will:

    1. Scan source code for hardcoded secrets
    2. Analyze .env.example templates to check:
      • Which sensitive variables are documented
      • Whether variables have descriptions (comments)
      • If placeholder values look like real secrets
      • Suggestions for missing common variables (SECRET_KEY, DATABASE_URL, etc.)

    Step 5: Pattern Analysis

    For each file in the codebase, check against patterns in:

    • references/python-vulnerabilities.md - Core Python issues
    • references/injection-patterns.md - Injection flaws
    • references/deserialization.md - Insecure deserialization
    • references/flask-security.md - Flask vulnerabilities
    • references/django-security.md - Django vulnerabilities
    • references/fastapi-security.md - FastAPI vulnerabilities

    Step 6: Report Generation

    Generate a security report using:

    • assets/report-template.md - Report structure

    Severity Classification

    Severity Description Action Required
    CRITICAL Exploitable vulnerability with severe impact Immediate fix required
    HIGH Significant security risk Fix before deployment
    MEDIUM Potential security issue Fix in next release
    LOW Minor security concern Consider fixing
    INFO Security best practice suggestion Optional improvement

    Key Files to Scan

    Always Check

    • **/*.py - All Python source files
    • requirements.txt, Pipfile, pyproject.toml - Dependencies
    • setup.py, setup.cfg - Package configuration
    • config.py, settings.py - Configuration files
    • **/secrets*, **/credentials* - Obvious secret locations

    Environment Files

    • .env.example, .env.template - SCAN for template analysis
    • .env, .env.local, .env.production - SKIP by default (contain real secrets)

    Note: Real .env files should never be committed to version control. The scanner analyzes .env.example templates to ensure proper documentation of required variables.

    High Priority Locations

    • app.py, main.py, wsgi.py - Entry points
    • **/views.py, **/routes.py - Request handlers
    • **/api/**/*.py - API endpoints
    • **/auth*, **/login* - Authentication code
    • **/models.py - Database models
    • **/serializers.py - Data serialization
    • **/middleware.py - Middleware code

    Framework-Specific

    Flask:

    • app.py, __init__.py - Application factory
    • **/blueprints/** - Blueprint routes
    • templates/** - Jinja2 templates

    Django:

    • settings.py, **/settings/*.py - Django settings
    • urls.py - URL configuration
    • **/views.py - View functions/classes
    • **/forms.py - Form definitions
    • templates/** - Django templates

    FastAPI:

    • main.py - Application entry
    • **/routers/** - API routers
    • **/dependencies.py - Dependency injection
    • **/schemas.py - Pydantic models

    Output Format

    Findings should be reported as:

    [SEVERITY] Category: Description
      File: path/to/file.py:lineNumber
      Code: <relevant code snippet>
      Risk: <explanation of the security risk>
      Fix: <recommended remediation>
    

    Integration with CI/CD

    This skill can generate output compatible with:

    • GitHub Security Advisories
    • SARIF format for GitHub Code Scanning
    • JSON for custom integrations
    • JUnit XML for CI pipelines

    References

    Load additional context as needed:

    • references/owasp-top-10.md - OWASP Top 10:2025 quick reference
    • references/python-vulnerabilities.md - Python-specific vulnerabilities
    • references/injection-patterns.md - Injection vulnerability patterns
    • references/deserialization.md - Insecure deserialization patterns
    • references/flask-security.md - Flask security guide
    • references/django-security.md - Django security guide
    • references/fastapi-security.md - FastAPI security guide
    Recommended Servers
    Guard Mail
    Guard Mail
    Codeinterpreter
    Codeinterpreter
    Agent Safe Message MCP
    Agent Safe Message MCP
    Repository
    sugarforever/01coder-agent-skills
    Files