Gemini CLI Security Skill

Overview

This skill adapts the Gemini CLI Security Extension's analysis methodology for the agent-studio framework. The original extension uses two MCP server patterns — a security analysis server and an OSV-Scanner integration — to provide dual-vector coverage. This skill implements equivalent analysis using native Claude Code tools (WebFetch for OSV.dev API, Grep/Bash for static analysis patterns).

Source repository

:

https://github.com/gemini-cli-extensions/security

License

Apache 2.0
Performance: 90% precision, 93% recall (OpenSSF CVE benchmark, TypeScript/JavaScript) When to Use Before merging pull requests to detect introduced vulnerabilities During security reviews of new code changes For dependency auditing against known CVE databases For LLM-integrated applications requiring prompt injection defense review As part of CI/CD pipeline security gates Iron Law NO PRODUCTION CODE WITHOUT SECURITY ANALYSIS FOR AUTH/SECRETS/EXTERNAL-INPUT HANDLERS All code paths handling authentication, hardcoded values, external input, or AI model outputs MUST be analyzed before production deployment. Vulnerability Coverage Category 1: Secrets Management Pattern Detection Method Hardcoded API keys Grep for key patterns + entropy analysis Hardcoded passwords Credential keyword detection Private keys in source PEM block / base64 key detection Encryption keys Symmetric key constant patterns Category 2: Injection Attacks Attack Type Examples SQL injection String concatenation in queries XSS Unescaped user content in HTML/JS output Command injection Shell exec with user-controlled args SSRF User-controlled URLs in server requests Template injection Unsanitized user input in template engines Category 3: Authentication Flaws Flaw Detection Session bypass Missing auth middleware Weak tokens Predictable token generation Insecure password reset Token-less or email-only resets Missing MFA enforcement Auth flows without 2FA checks Category 4: Data Handling Issue Detection Weak cryptography MD5/SHA1 for secrets; DES/RC4 usage Sensitive data in logs PII/credential patterns in log statements PII violations Unencrypted PII storage or transmission Insecure deserialization Unsafe pickle/eval/deserialize calls Category 5: LLM Safety (Novel) Risk Detection Prompt injection User content injected into LLM prompts without sanitization Unsafe output handling LLM output used in exec/eval/shell without validation Insecure tool integration Tool calls with unchecked LLM-provided parameters Usage Invocation // From an agent Skill ( { skill : 'gemini-cli-security' } ) ; // With arguments via Bash integration Skill ( { skill : 'gemini-cli-security' , args : 'src/ --scan-deps' } ) ; Workflow Execution

Analyze code in a directory

node .claude/skills/gemini-cli-security/scripts/main.cjs --target src/

Scan dependencies for CVEs

node .claude/skills/gemini-cli-security/scripts/main.cjs --scan-deps

JSON output for CI integration

node .claude/skills/gemini-cli-security/scripts/main.cjs --target . --json

Scoped analysis with natural language

node .claude/skills/gemini-cli-security/scripts/main.cjs --target src/auth/ --scope "focus on token handling and session management" Output Format Default output (markdown report):

Security Analysis Report

CRITICAL

[AUTH-001] Hardcoded API key found in src/config.ts:42 Pattern: const API_KEY = "sk-..." Remediation: Move to environment variable

HIGH

[INJ-002] SQL injection risk in src/db/users.ts:87 Pattern: String concatenation in query builder Remediation: Use parameterized queries

Dependencies

lodash@4.17.15 → CVE-2021-23337 (HIGH) - Prototype pollution
Fix: Upgrade to lodash@4.17.21+
JSON output
(
--json
flag):
{
"findings"
:
[
{
"id"
:
"AUTH-001"
,
"severity"
:
"CRITICAL"
,
"category"
:
"secrets"
,
"file"
:
"src/config.ts"
,
"line"
:
42
,
"description"
:
"Hardcoded API key"
,
"remediation"
:
"Move to environment variable"
}
]
,
"dependencies"
:
[
{
"package"
:
"lodash"
,
"version"
:
"4.17.15"
,
"cve"
:
"CVE-2021-23337"
,
"severity"
:
"HIGH"
,
"fix"
:
"4.17.21"
}
]
,
"summary"
:
{
"critical"
:
1
,
"high"
:
2
,
"medium"
:
3
,
"low"
:
0
,
"precision"
:
0.9
,
"recall"
:
0.93
}
}
OSV.dev Dependency Scanning
The skill integrates with the
OSV.dev
API (no authentication required) to check dependencies:
// OSV.dev batch query endpoint
WebFetch
(
{
url
:
'https://api.osv.dev/v1/querybatch'
,
prompt
:
'Extract vulnerability IDs, severity, and affected versions for these packages'
,
}
)
;
Supported ecosystems: npm, PyPI, RubyGems, Maven, Go, Cargo, NuGet, Packagist GitHub Actions Integration The original extension supports PR analysis via GitHub Actions. This skill includes an equivalent workflow template:

.github/workflows/security.yml

name
:
Security Analysis
on
:
[
pull_request
]
jobs
:
security
:
runs-on
:
ubuntu
-
latest
steps
:
-
uses
:
actions/checkout@v4
-
name
:
Run security analysis
run
:
node .claude/skills/gemini
-
cli
-
security/scripts/main.cjs
-
-
target .
-
-
json
Implementation Notes
Why native tools over MCP servers:
The original extension uses two MCP servers (security analysis server + OSV-Scanner binary). This skill uses native Claude Code tools instead:
WebFetch replaces OSV-Scanner for dependency CVE lookups (OSV.dev has a public REST API)
Grep/Bash replace the security analysis server for pattern-based detection
This approach works immediately without binary installation or session restart
Deviation from source: The original uses Gemini AI for code analysis; this skill uses the pattern-based detection methodology documented in the extension's benchmarking. The AI analysis component can be provided by the invoking agent (security-architect) rather than an embedded AI call. Assigned Agents Agent Role security-architect Primary: comprehensive security audits developer Supporting: pre-commit security checks code-reviewer Supporting: PR review security layer Memory Protocol (MANDATORY) Before starting: Read .claude/context/memory/learnings.md After completing: New vulnerability pattern found -> .claude/context/memory/learnings.md Issue with scanning -> .claude/context/memory/issues.md Decision about scope -> .claude/context/memory/decisions.md ASSUME INTERRUPTION: If it's not in memory, it didn't happen.

安装