Habilidades vulnerability-scanner
📦

vulnerability-scanner

Seguro

Scan Code for Vulnerabilities

This skill helps developers identify and prioritize security vulnerabilities in their codebase using OWASP 2025 guidelines and automated scanning tools.

Suporta: Claude Codex Code(CC)
🥉 76 Bronze
1

Baixar o ZIP da skill

2

Upload no Claude

Vá em Configurações → Capacidades → Skills → Upload skill

3

Ative e comece a usar

Testar

A utilizar "vulnerability-scanner". Run security scan on my project

Resultado esperado:

Security Scan Results:

OVERALL STATUS: 3 Issues Found
- Critical: 0
- High: 2
- Medium: 1

SCAN SUMMARY:
1. Code Patterns: Found 2 high-risk patterns
- eval() usage detected in utils.js:42
- SQL string concatenation in database.js:15

2. Configuration: 1 medium issue
- Debug mode enabled in config/development.json

RECOMMENDATIONS:
- Replace eval() with safer alternatives
- Use parameterized queries instead of string concatenation
- Disable debug mode in production configurations

A utilizar "vulnerability-scanner". Check for hardcoded secrets

Resultado esperado:

Secret Scan Results:

SCANNED: 156 files
SECRETS FOUND: 1

- API Key detected in src/config.js:12
Type: Generic API Key
Severity: High

RECOMMENDATION: Move secrets to environment variables or a secrets manager. Never commit API keys to source control.

Auditoria de Segurança

Seguro
v1 • 2/25/2026

This is a defensive security skill that teaches vulnerability scanning principles. All static findings are false positives - the flagged patterns (eval, exec, pickle, secrets, API keys) are documented as patterns to DETECT or are in teaching examples, not actual vulnerabilities. The included security_scan.py script is a defensive scanner that identifies dangerous code patterns in user projects.

3
Arquivos analisados
863
Linhas analisadas
0
achados
1
Total de auditorias
Nenhum problema de segurança encontrado
Auditado por: claude

Pontuação de qualidade

45
Arquitetura
100
Manutenibilidade
87
Conteúdo
50
Comunidade
100
Segurança
91
Conformidade com especificações

O Que Você Pode Construir

Pre-deployment Security Check

Run automated security scans on codebase before production deployment to catch common vulnerabilities early.

Security Audit Workflow

Conduct systematic security audits using OWASP checklists and prioritization frameworks.

Secure Coding Education

Learn about common vulnerability patterns and how to avoid them in different programming languages.

Tente Estes Prompts

Basic Vulnerability Scan 
Use the vulnerability-scanner skill to scan my project at [PROJECT_PATH] for security issues. Run a full scan and report findings.
Secret Detection 
Use the vulnerability-scanner skill to scan for hardcoded secrets, API keys, and credentials in my codebase. Check for AWS keys, tokens, passwords, and private keys.
Dependency Audit 
Use the vulnerability-scanner skill to audit dependencies for known vulnerabilities. Check for outdated packages and supply chain risks.
Comprehensive Security Assessment 
Use the vulnerability-scanner skill to perform a comprehensive security assessment including: dependency audit, secret scanning, dangerous code pattern detection, and configuration review. Prioritize findings by severity and provide remediation steps.

Melhores Práticas

  • Run security scans early and often in the development lifecycle to catch issues before deployment
  • Prioritize findings using CVSS scores combined with business context and asset value
  • Verify all findings manually before taking action - automated scanners produce false positives
  • Maintain a baseline of known safe patterns to reduce noise in repeated scans

Evitar

  • Ignoring scanner warnings without investigation - even low-severity issues can be exploited in combination
  • Relying solely on automated tools without manual security review and threat modeling
  • Scanning once before deployment and never again - new vulnerabilities emerge constantly
  • Treating all scanner findings as equally important without prioritization

Perguntas Frequentes

What is OWASP Top 10 2025?
OWASP Top 10 2025 is a standard document that lists the most critical web application security risks. It includes categories like Broken Access Control, Security Misconfiguration, and new categories for Supply Chain Security and Exceptional Conditions.
Does this skill perform actual penetration testing?
No, this skill performs static code analysis and pattern detection. It identifies potential vulnerabilities but does not actively exploit or test them. Manual penetration testing is still required for comprehensive security assessment.
How does CVSS scoring work?
CVSS (Common Vulnerability Scoring System) assigns severity scores from 0 to 10 based on metrics like exploitability, impact, and scope. Scores of 9.0-10.0 are critical, 7.0-8.9 are high, 4.0-6.9 are medium, and below 4.0 are low.
What is supply chain security?
Supply chain security (OWASP A03) focuses on risks from dependencies, build pipelines, and third-party components. It includes checking for malicious packages, verifying lock file integrity, and auditing CI/CD configurations.
Can this scanner detect all security issues?
No automated scanner can detect every vulnerability. This skill identifies common patterns but cannot find business logic flaws, architectural vulnerabilities, or issues that require runtime analysis. Regular manual security reviews are essential.
How do I prioritize vulnerabilities?
Use a combination of CVSS base score, EPSS exploitability probability, asset business value, and exposure level. Prioritize issues that are actively exploited, have high impact, and affect critical assets.

Detalhes do Desenvolvedor

Autor

sickn33

Licença

MIT

Repositório

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/vulnerability-scanner

Referência

main

Estrutura de arquivos

📁 scripts/

📄 security_scan.py

📄 checklists.md

📄 SKILL.md