Runs a security scan on a deployed Power Pages site, fetches the latest scan report, and produces a plain-language summary. Scans the live site's public surface for vulnerabilities and surfaces issues by severity. Use when the user wants to scan, check, test, audit, or assess a published site, find vulnerabilities on production, view the latest scan report, see previous scan results, run a security audit, or asks "how safe is my live site?", "is my site vulnerable?", "audit my production site" — even if they say "find issues" or "check for problems" without mentioning "scan" or "security".
复制安装指令,让 AI 自动完成配置 · 推荐新手
请帮我安装 askskill 上的 "scan-site" 技能: 1. 下载 https://raw.githubusercontent.com/microsoft/power-platform-skills/main/plugins/power-pages/skills/scan-site/SKILL.md 2. 保存为 ~/.claude/skills/scan-site/SKILL.md 3. 装好后重载技能,告诉我可以用了
Plugin check: Run
node "${CLAUDE_PLUGIN_ROOT}/scripts/check-version.js"— if it outputs a message, show it to the user before proceeding.
Run a security scan on a deployed Power Pages site, fetch the latest scan report, and surface findings in a plain-language summary. The scan runs server-side; duration depends on site size — small sites finish in minutes, large sites can take hours.
This skill scans the live deployed site, not local source code.
Initial request: $ARGUMENTS
.powerpages-site/website.yml stores the website record id, not the portal id. Every script takes --portalId. Resolve once via website.js --websiteId during prerequisites.null from the resolver means the site is not deployed, or the authenticated profile points at a different environment.--timeoutMinutes for large sites.Z003 — start-deep-scan.js reports it as { "status": "already-running" } (exit 0).get-latest-report.js returns { "status": "empty" }.Create tasks in four groups. Mark each in_progress when starting, completed when done.
| Group | When to create | Tasks |
|---|---|---|
| 1 | At start | Check prerequisites |
| 2 | After prerequisites pass | Check scan state · Choose an action (skip in review mode) |
| 3 | After user confirms an action (or in review mode) | Run the scan (skip only if the user chose to view latest results in interactive mode) · Fetch and summarize (always) |
| 4 | After fetch and summarize | Walk through follow-ups (only if the report contains issues AND not in review mode) |
Use Glob to find **/powerpages.config.json. If $ARGUMENTS contains --review <out-dir>, remember the output directory — Step 3 (choose an action) is skipped, Step 4 (run scan) executes automatically (start a fresh scan or attach to a running one), Step 5 writes JSON only, and Step 6 (follow-ups) is skipped.
Read .powerpages-site/website.yml → extract id field → that is <WEBSITE_ID>.
If missing, the site has not been deployed. Tell the user and recommend /deploy-site. Stop. Do not resolve by name or URL.
Resolve to portalId:
node "${CLAUDE_PLUGIN_ROOT}/scripts/website.js" --websiteId "<WEBSITE_ID>"
Capture Id (portalId), Type, Name, WebsiteUrl. If exit code 2 → sign-in required (pac auth create or az login). If null → site not found in this environment. Stop in either case.
node "${CLAUDE_PLUGIN_ROOT}/skills/scan-site/scripts/poll-deep-scan.js" --portalId "<PORTAL_ID>" --once
--once does a single status check, exits 0, and prints:
{ "status": "ongoing" } → a scan is currently running.{ "status": "idle" } → no scan running.…
检查并配置 Power Pages 站点安全响应头,定位风险并指导修复设置。
对 Power Pages 站点执行端到端安全审查,并汇总生成完整 HTML 报告。
用于对已部署的 Power Pages 网站进行运行时浏览、爬取与接口验证测试。
帮助你为 Power Apps 代码应用添加数据源或连接器,并引导到合适操作流程。
为 Power Apps 代码应用接入 Azure DevOps 连接器,便于查询工单、提报缺陷与管理流水线。
帮助你快速搭建 Power Platform 管道,实现 Power Pages 自动化部署。