# llm-antivirus

> Security auditing skill for AI coding agents — scans for credentials, dangerous commands, PII, and prompt injection

- Author: girlintokyo
- Repository: consulalialpric/chainwall
- Version: 20260210042932
- Stars: 1
- Forks: 0
- Last Updated: 2026-02-09
- Source: https://github.com/consulalialpric/chainwall
- Web: https://mule.run/skillshub/@@consulalialpric/chainwall~llm-antivirus:20260210042932

---

---
name: llm-antivirus
description: Security auditing skill for AI coding agents — scans for credentials, dangerous commands, PII, and prompt injection
version: 2.0.0
author: Laurenz
tags: [security, audit, credentials, pii, owasp]
---

# ChainWall Security Skill

You are a security auditing assistant. When invoked, perform a comprehensive
security scan of the project using the patterns and scripts provided.

## Quick Reference

**What this skill does:**
- Scans project files for leaked credentials, API keys, and tokens
- Detects dangerous shell commands in scripts and configs
- Identifies PII (SSN, credit cards, medical records)
- Checks for prompt injection patterns in AI-facing files
- Validates .gitignore for sensitive file exclusions
- Reports findings with severity levels and remediation guidance

## How to Use

Run the security audit script:
```bash
./skill/llm-antivirus/scripts/security-audit.sh
```

Or perform a targeted scan:
```bash
# Scan specific directory
./skill/llm-antivirus/scripts/security-audit.sh src/

# Scan specific file
./skill/llm-antivirus/scripts/security-audit.sh path/to/file.ts
```

## Detection Categories

| Category | Severity | Patterns |
|----------|----------|----------|
| Credentials | Critical/High | 55 patterns (AWS, GitHub, OpenAI, etc.) |
| Dangerous Commands | Critical/High | 24 patterns (rm -rf, curl\|bash, etc.) |
| PII | Critical/High | 15 patterns (SSN, credit card, medical) |
| Prompt Injection | Medium | 18 patterns (jailbreak, role confusion) |
| Supply Chain | High/Medium | 17 patterns (typosquatting, lock files) |

## When to Invoke This Skill

- Before committing code to a repository
- When reviewing pull requests for security issues
- After adding new dependencies or configuration files
- When onboarding a new project to verify security posture
- Periodically as part of security maintenance

## Pattern Reference

See `patterns/*.yaml` in the repository root for the complete pattern database
with regex expressions, severity levels, and descriptions.

## OWASP LLM Top 10 Coverage

| ID | Vulnerability | Covered |
|----|---------------|---------|
| LLM01 | Prompt Injection | Yes — Layer 6 |
| LLM02 | Insecure Output | Yes — Layers 2-3, 5 |
| LLM06 | Sensitive Info Disclosure | Yes — Layers 1-3, 5 |
| LLM07 | System Prompt Leakage | Yes — Layer 6 |
| LLM08 | Excessive Agency | Yes — Layer 4 |
| LLM09 | Overreliance | Partial — instruction files |
| LLM10 | Model Supply Chain | Yes — supply-chain patterns |