Security scanning skill for AI coding agents checks deployments automatically
A developer has built a security scanning skill for AI coding agents that automatically checks deployments for common vulnerabilities. The skill was created after the developer repeatedly found exposed .env files and open ports in applications after their agent deployed them.
How it works
The skill file allows AI coding agents to check their own deployments automatically. It runs a scan after every deploy, looking for several specific security issues:
- Exposed secrets (specifically mentioned: .env files)
- Open database ports
- Missing security headers
- Leaked source code
The scan takes approximately 30 seconds to complete. The developer notes this is a proactive measure to catch security issues immediately after deployment rather than discovering them later.
Availability and discussion
The skill has been published on ClawHub at https://clawhub.ai/doureios39/preflyt. The developer is asking the community if others have built similar security-related skills for their AI coding agents.
This type of automated security scanning is particularly relevant for AI coding agents, which can rapidly deploy applications but may not have built-in security validation. Automated post-deployment checks can help catch common misconfigurations before they become security incidents.
📖 Read the full source: r/clawdbot
👀 See Also
Open-source trust scoring hook for Claude Code monitors sessions, blocks protected paths
A developer built a Python hook that scores every Claude Code session on reliability, scope, and cost dimensions, blocks access to protected paths like .env files, and hash-chains events for tamper detection. The single-file tool is available on GitHub.
Driftwatch V3 Released: AI-Assisted Codebase Monitoring Tool
Driftwatch V3 is now available as a public repository after a 5-6 day build involving approximately 9,000 lines of code and $160 in API credits. The in-browser tool tracks markdown file issues, flags contradictory instructions, and provides cost tracking with recommendations.
MCP Server Directory Lists 1000+ Servers Across 20 Categories
A curated directory provides install commands and config snippets for over 1000 MCP servers across categories including databases, developer tools, browser automation, AI/ML, and cloud/devops. The directory is free to browse and submit to.
llm-use – An Open-Source Framework for Routing and Orchestrating Multi-LLM Agent Workflows
llm-use is revolutionizing automation with its open-source framework designed to efficiently route and orchestrate multi-LLM agent workflows. Explore its impact on AI operations.