scanning-database-security

Quick Review

This skill provides a generic template structure for database security scanning but lacks specific implementation details. The description mentions 'security scanning and vulnerability detection' and triggers like 'scan for vulnerabilities', but the actual content is a boilerplate workflow (Assess, Design, Implement, Validate, Deploy) without concrete security scanning knowledge. There are no actual security checks, vulnerability detection patterns, compliance frameworks (PCI-DSS, HIPAA, etc.), SQL injection tests, privilege escalation checks, or database-specific security configurations. The allowed-tools include database clients (psql, mysql, mongosh) which is appropriate, but no security scanning tools are mentioned. The structure is clear with logical sections, and it references external files that would contain templates and examples. However, the core task knowledge for actual database security scanning is missing - a CLI agent would still need to know what vulnerabilities to check, how to interpret results, and what security controls to implement. The novelty is moderate since coordinating multi-step security audits could be useful, but without specific security domain knowledge embedded, the skill doesn't significantly reduce the token/complexity burden for security tasks.