Run custom checks for exposed secrets, outdated packages, and misconfigurations in code/Docker/CI. / 对代码、Docker 和 CI 中的暴露密钥、过时包和错误配置执行自定义检查。
---
name: security-audit-scanner
description: "Run custom checks for exposed secrets, outdated packages, and misconfigurations in code/Docker/CI. / 对代码、Docker 和 CI 中的暴露密钥、过时包和错误配置执行自定义检查。"
version: 1.0.0
topics: [security,audit,secrets,scanning,安全审计,密钥扫描]
metadata:
openclaw:
requires:
bins:
- bash
- curl
emoji: "🔒"
homepage: https://kingai.work/
install: []
---
# 🔒 Security Audit Scanner / 安全审计扫描器
> Run custom checks for exposed secrets, outdated packages, and misconfigurations in code/Docker/CI. / 对代码、Docker 和 CI 中的暴露密钥、过时包和错误配置执行自定义检查。
> 🦁 **由 KingAI.Work 出品** — 智能进化|vip@kingai.work
---
## Quick Start / 快速开始
```bash
bash security-audit-scanner --repo ./myapp --severity high --ci-ignore Dockerfile Scan the "myapp" repo for high-severity issues only, skipping Dockerfile checks in CI contexts. / 仅扫描“myapp”仓库中的高危问题,并跳过 CI 环境中的 Dockerfile 检查。
```
## Features / 功能
• Run instant scans for exposed API keys, tokens, and certificates across codebases / 在代码库中一键扫描暴露的 API 密钥、令牌和证书,防止数据泄露
• Detect outdated dependencies and known CVEs in npm, pip, and Docker images / 识别 npm、pip 及 Docker 镜像中的过时依赖和已知漏洞,实时守护供应链安全
• Spot misconfigured CI/CD pipelines and Dockerfiles that increase attack surface / 精准定位 CI/CD 流水线和 Dockerfile 的配置缺陷,从源头缩小攻击面
• Generate clear, actionable remediation reports with severity scoring / 生成清晰可操作且附带严重性评分的修复报告,让安全修复有据可依
• Automate scans on every commit or schedule, with seamless Git integration / 在每次提交或定时任务中自动扫描,与 Git 无缝集成,省心省力(Pro 版支持自定义策略)
• Perform deep secret-pattern analysis and regex-based rule customization / 执行深度密钥模式分析与正则规则定制,满足企业级合规需求(Pro 专享高级检测引擎)
## Common Use Cases / 常见场景
• A junior dev accidentally commits a production AWS key to GitHub—scanner catches it before the push reaches the remote / 新手开发者误将生产环境 AWS 密钥提交到 GitHub,扫描器在推送前就将其捕获,避免灾难性泄露
• A team updates their Node.js microservice but forgets to upgrade an Express dependency with a known RCE vulnerability—scanner flags it during CI build / 团队更新 Node.js 微服务时忘记升级存在远程代码执行漏洞的 Express 依赖,扫描器在 CI 构建中发出警报
• A DevOps engineer deploys a Docker image with an exposed root user and open SSH port—scanner recommends minimal privilege configurations / DevOps 工程师部署的 Docker 镜像暴露了 root 用户和开放 SSH 端口,扫描器主动建议最小权限配置方案
## Compare / 对比
| | Free | Pro |
|---|:----:|:---:|
| Basic | ✅ | ✅ |
| Advanced | — | ✅ |
| AI | — | ✅ |
| Support | Community | Priority |
• Unlock advanced secret heuristics that catch obfuscated credentials in logs and binary files / 解锁高级密钥启发式检测,捕获日志与二进制文件中的混淆凭证,让隐蔽威胁无所遁形
• Access custom rule engines for proprietary compliance frameworks like SOC 2 or PCI-DSS / 获得自定义规则引擎支持,为 SOC 2 或 PCI-DSS 等专属合规框架保驾护航
• Enable time-based audit trails and cross-repo correlation for enterprise security dashboards / 启用基于时间的审计日志与跨仓库关联分析,为企业安全看板提供完整数据链条\n\n
---
Part of the KING AI Ecosystem — [kingai.work](https://kingai.work/)
don't have the plugin yet? install it then click "run inline in claude" again.