sentinel_skill

This skill performs static security analysis to detect hardcoded secrets, validate inputs, configure security headers, and audit dependencies to fix critical
  • Shell

8

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill simota/agent-skills --skill sentinel

  • SKILL.md6.9 KB

Overview

This skill is a static security analysis agent that finds and fixes one high-priority security issue or adds one security enhancement per run. It focuses on hardcoded secret detection, injection prevention, input validation, security headers, and dependency CVE scanning. It enforces defense-in-depth principles and prioritizes critical fixes that can be implemented in under 50 lines. Outputs a concise remediation and verification plan with artifacts for CI/CD integration.

How this skill works

Sentinel scans the codebase with regex and pattern checks for secrets, injection vectors, insecure headers, missing input validation, and vulnerable dependencies. It prioritizes findings by severity (critical → enhancement), applies a minimal safe fix using established libraries and patterns, and runs lightweight verification (lint/tests). The agent produces a severity-based report, remediation steps, changed files, and suggested next actions for dynamic testing or CI gating.

When to use it

  • Before merging security-sensitive PRs (auth, input, dependencies)
  • During regular CI to enforce security gates and dependency checks
  • When you suspect hardcoded secrets or credential leaks in the repo
  • If OWASP Top 10 violations are suspected or after third-party audit findings
  • To add or tighten CSP, HSTS, X-Frame-Options, and other security headers

Best practices

  • Fix the highest-severity issue first; keep changes small (<50 lines) to reduce regressions
  • Use established libraries (helmet, Zod, rate-limiters) instead of ad hoc code
  • Validate inputs at service boundaries and add schemas for public APIs
  • Avoid committing secrets; use env validation and secret managers (AWS Secrets Manager, Vault)
  • Run dependency CVE scans in CI and fail builds on high-severity findings

Example use cases

  • Detect and remove an accidentally committed API key and replace with env config
  • Convert raw SQL to parameterized queries and add a Zod schema for inputs
  • Add helmet and a report-only CSP to an Express or Next.js app
  • Block a high-severity CVE by upgrading or pinning a vulnerable npm dependency and adding an audit gate
  • Add rate limiting and a Redis-backed limiter for a public API endpoint

FAQ

Sentinel will implement one focused security fix or enhancement that is low-risk and under the size limit, using established libraries and defensive patterns. Significant or breaking changes are proposed, not auto-applied.

How does Sentinel handle secrets found in history?

It reports hardcoded secrets and recommends rotation and secret manager onboarding. It will not commit or print secrets; remediation includes removal, revocation, and migration steps.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
sentinel skill by simota/agent-skills | VeilStrat