Sec-Check

Scan untrusted code for red flags before you run it β€” exfiltration, reverse shells, backdoors, and supply-chain traps.

Get Started in 5 Minutes View on GitHub

What is Sec-Check?

Sec-Check is an AI-powered security scanning toolkit that orchestrates multiple industry-standard security tools and combines them with LLM-based semantic code review. It is available in three forms:

Component Description
VS Code Copilot Toolkit Custom agent, skills, and prompts that run inside GitHub Copilot Chat
CLI Tool (AgentSec) Standalone command-line scanner built with the GitHub Copilot SDK
VS Code Extension Native extension with dashboard, tree views, and chat participant

What It Detects

  • πŸ”“ Credential theft & data exfiltration β€” API keys, tokens, DNS/HTTP exfil
  • 🐚 Reverse shells & backdoors β€” netcat, bash redirects, named pipes
  • 🧬 Obfuscated payloads β€” base64, hex, eval/exec chains
  • πŸ“¦ Supply chain attacks β€” typosquatting, malicious packages, dependency confusion
  • πŸ’£ System destruction β€” rm -rf, disk wiping, ransomware patterns
  • πŸ”„ Persistence mechanisms β€” cron jobs, registry keys, startup items
  • πŸ’‰ Injection vulnerabilities β€” SQL injection, XSS, command injection, Log4Shell

Sec-Check catches common red flags, not sophisticated zero-day attacks. Always combine with manual review and sandboxing for high-risk code.

Quick Start

Get scanning in under 5 minutes. Pick the option that matches your workflow:

Option A: VS Code Copilot Toolkit (Recommended)

No installation needed β€” works directly in GitHub Copilot Chat.

Prerequisites: VS Code with GitHub Copilot extension installed.

1. Clone the repo to get the skills and prompts:

git clone https://github.com/alxayo/sec-check.git
cd sec-check

2. Open the folder in VS Code:

code .

3. Run a scan β€” open Copilot Chat and type:

/sechek.security-scan

That’s it! Copilot will analyze your workspace using all available security tools and generate a detailed report.

For faster targeted scans, try /sechek.security-scan-quick or language-specific prompts like /sechek.security-scan-python.

Option B: Standalone CLI Tool

Prerequisites: Python 3.11+ and GitHub Copilot CLI installed and authenticated.

1. Install:

pip install agentsec-cli

Or install from source:

git clone https://github.com/alxayo/sec-check.git
cd sec-check
pip install -e ./core
pip install -e ./cli

2. Authenticate Copilot CLI (one-time):

copilot auth login

3. Scan a folder:

agentsec scan ./my-project

4. View the report β€” AgentSec generates a Markdown security report with severity levels, code snippets, and remediation advice.

Add --parallel for faster scans using concurrent sub-agents: agentsec scan ./my-project --parallel

Option C: VS Code Extension

1. Install from the VS Code Marketplace (or build from source):

cd vscode-extension
npm install && npm run build
npx vsce package
# Install the generated .vsix file in VS Code

2. Scan β€” open the Command Palette (Ctrl+Shift+P) and run:

AgentSec: Scan Workspace for Security Issues

Or use the chat participant:

@agentsec /scan

How It Works 

graph LR
    A[Your Code] --> B[File Discovery]
    B --> C{Scanner Selection}
    C --> D[Bandit]
    C --> E[Graudit]
    C --> F[GuardDog]
    C --> G[ShellCheck]
    C --> H[Trivy]
    C --> I[ESLint]
    C --> J[Checkov]
    D --> K[LLM Analysis]
    E --> K
    F --> K
    G --> K
    H --> K
    I --> K
    J --> K
    K --> L[Security Report]
  1. File Discovery β€” Scans the target directory to find all source files
  2. Scanner Selection β€” Determines which security tools are relevant based on file types
  3. Parallel Scanning β€” Runs applicable scanners concurrently (in parallel mode)
  4. LLM Analysis β€” Uses AI to perform semantic code review for patterns scanners miss
  5. Report Generation β€” Compiles all findings into a prioritized Markdown report

Next Steps

What you want to do Where to go
Detailed install instructions Installation Guide
Learn the CLI tool CLI User Guide
Use VS Code Copilot skills Copilot Toolkit Guide
Use the VS Code extension Extension Guide
Configure scanning behavior Configuration Reference
See all available scanners Scanners Reference
Understand the architecture Architecture Overview
Fix common issues Troubleshooting