How do I install Vulnerability Scanner?

Install Vulnerability Scanner with a single command: npx mdskills install sickn33/vulnerability-scanner. This downloads the skill files into your project and your AI agent picks them up automatically.

What platforms support Vulnerability Scanner?

Vulnerability Scanner works with Claude Code, Claude Desktop, Cursor, Vscode Copilot, Windsurf, Continue Dev, Codex, Gemini Cli, Amp, Roo Code, Goose, Opencode, Trae, Qodo, Command Code. Skills use the open SKILL.md format which is compatible with any AI coding agent that reads markdown instructions.

← Back to skills

Vulnerability Scanner

Name: Vulnerability Scanner: AI Agent Skill
Rating: 7 (1 reviews)
Author: sickn33

Verified

SecurityIntermediate

Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.

by @sickn331 installs0Updated 2 weeks ago

Add this skill

npx mdskills install sickn33/vulnerability-scanner

Fork & Edit

Skill Advisor7.0

Comprehensive security reference with clear threat modeling and OWASP 2025 coverage

+Provides structured methodology from reconnaissance to reporting
+Covers modern threats including supply chain and exceptional conditions
+Includes actionable code patterns and prioritization frameworks
-Lacks explicit trigger conditions for when the agent should activate this skill
-Missing step-by-step workflow instructions for executing the vulnerability scan

SKILL.md

Edit in Browser

1---
2name: vulnerability-scanner
3description: Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.
4allowed-tools: Read, Glob, Grep, Bash
5---
6 
7# Vulnerability Scanner
8 
9> Think like an attacker, defend like an expert. 2025 threat landscape awareness.
10 
11## 🔧 Runtime Scripts
12 
13**Execute for automated validation:**
14 
15| Script | Purpose | Usage |
16|--------|---------|-------|
17| `scripts/security_scan.py` | Validate security principles applied | `python scripts/security_scan.py <project_path>` |
18 
19## 📋 Reference Files
20 
21| File | Purpose |
22|------|---------|
23| [checklists.md](checklists.md) | OWASP Top 10, Auth, API, Data protection checklists |
24 
25---
26 
27## 1. Security Expert Mindset
28 
29### Core Principles
30 
31| Principle | Application |
32|-----------|-------------|
33| **Assume Breach** | Design as if attacker already inside |
34| **Zero Trust** | Never trust, always verify |
35| **Defense in Depth** | Multiple layers, no single point |
36| **Least Privilege** | Minimum required access only |
37| **Fail Secure** | On error, deny access |
38 
39### Threat Modeling Questions
40 
41Before scanning, ask:
421. What are we protecting? (Assets)
432. Who would attack? (Threat actors)
443. How would they attack? (Attack vectors)
454. What's the impact? (Business risk)
46 
47---
48 
49## 2. OWASP Top 10:2025
50 
51### Risk Categories
52 
53| Rank | Category | Think About |
54|------|----------|-------------|
55| **A01** | Broken Access Control | Who can access what? IDOR, SSRF |
56| **A02** | Security Misconfiguration | Defaults, headers, exposed services |
57| **A03** | Software Supply Chain 🆕 | Dependencies, CI/CD, build integrity |
58| **A04** | Cryptographic Failures | Weak crypto, exposed secrets |
59| **A05** | Injection | User input → system commands |
60| **A06** | Insecure Design | Flawed architecture |
61| **A07** | Authentication Failures | Session, credential management |
62| **A08** | Integrity Failures | Unsigned updates, tampered data |
63| **A09** | Logging & Alerting | Blind spots, no monitoring |
64| **A10** | Exceptional Conditions 🆕 | Error handling, fail-open states |
65 
66### 2025 Key Changes
67 
68```
692021 → 2025 Shifts:
70├── SSRF merged into A01 (Access Control)
71├── A02 elevated (Cloud/Container configs)
72├── A03 NEW: Supply Chain (major focus)
73├── A10 NEW: Exceptional Conditions
74└── Focus shift: Root causes > Symptoms
75```
76 
77---
78 
79## 3. Supply Chain Security (A03)
80 
81### Attack Surface
82 
83| Vector | Risk | Question to Ask |
84|--------|------|-----------------|
85| **Dependencies** | Malicious packages | Do we audit new deps? |
86| **Lock files** | Integrity attacks | Are they committed? |
87| **Build pipeline** | CI/CD compromise | Who can modify? |
88| **Registry** | Typosquatting | Verified sources? |
89 
90### Defense Principles
91 
92- Verify package integrity (checksums)
93- Pin versions, audit updates
94- Use private registries for critical deps
95- Sign and verify artifacts
96 
97---
98 
99## 4. Attack Surface Mapping
100 
101### What to Map
102 
103| Category | Elements |
104|----------|----------|
105| **Entry Points** | APIs, forms, file uploads |
106| **Data Flows** | Input → Process → Output |
107| **Trust Boundaries** | Where auth/authz checked |
108| **Assets** | Secrets, PII, business data |
109 
110### Prioritization Matrix
111 
112```
113Risk = Likelihood × Impact
114 
115High Impact + High Likelihood → CRITICAL
116High Impact + Low Likelihood  → HIGH
117Low Impact + High Likelihood  → MEDIUM
118Low Impact + Low Likelihood   → LOW
119```
120 
121---
122 
123## 5. Risk Prioritization
124 
125### CVSS + Context
126 
127| Factor | Weight | Question |
128|--------|--------|----------|
129| **CVSS Score** | Base severity | How severe is the vuln? |
130| **EPSS Score** | Exploit likelihood | Is it being exploited? |
131| **Asset Value** | Business context | What's at risk? |
132| **Exposure** | Attack surface | Internet-facing? |
133 
134### Prioritization Decision Tree
135 
136```
137Is it actively exploited (EPSS >0.5)?
138├── YES → CRITICAL: Immediate action
139└── NO → Check CVSS
140         ├── CVSS ≥9.0 → HIGH
141         ├── CVSS 7.0-8.9 → Consider asset value
142         └── CVSS <7.0 → Schedule for later
143```
144 
145---
146 
147## 6. Exceptional Conditions (A10 - New)
148 
149### Fail-Open vs Fail-Closed
150 
151| Scenario | Fail-Open (BAD) | Fail-Closed (GOOD) |
152|----------|-----------------|---------------------|
153| Auth error | Allow access | Deny access |
154| Parsing fails | Accept input | Reject input |
155| Timeout | Retry forever | Limit + abort |
156 
157### What to Check
158 
159- Exception handlers that catch-all and ignore
160- Missing error handling on security operations
161- Race conditions in auth/authz
162- Resource exhaustion scenarios
163 
164---
165 
166## 7. Scanning Methodology
167 
168### Phase-Based Approach
169 
170```
1711. RECONNAISSANCE
172   └── Understand the target
173       ├── Technology stack
174       ├── Entry points
175       └── Data flows
176 
1772. DISCOVERY
178   └── Identify potential issues
179       ├── Configuration review
180       ├── Dependency analysis
181       └── Code pattern search
182 
1833. ANALYSIS
184   └── Validate and prioritize
185       ├── False positive elimination
186       ├── Risk scoring
187       └── Attack chain mapping
188 
1894. REPORTING
190   └── Actionable findings
191       ├── Clear reproduction steps
192       ├── Business impact
193       └── Remediation guidance
194```
195 
196---
197 
198## 8. Code Pattern Analysis
199 
200### High-Risk Patterns
201 
202| Pattern | Risk | Look For |
203|---------|------|----------|
204| **String concat in queries** | Injection | `"SELECT * FROM " + user_input` |
205| **Dynamic code execution** | RCE | `eval()`, `exec()`, `Function()` |
206| **Unsafe deserialization** | RCE | `pickle.loads()`, `unserialize()` |
207| **Path manipulation** | Traversal | User input in file paths |
208| **Disabled security** | Various | `verify=False`, `--insecure` |
209 
210### Secret Patterns
211 
212| Type | Indicators |
213|------|-----------|
214| API Keys | `api_key`, `apikey`, high entropy |
215| Tokens | `token`, `bearer`, `jwt` |
216| Credentials | `password`, `secret`, `key` |
217| Cloud | `AWS_`, `AZURE_`, `GCP_` prefixes |
218 
219---
220 
221## 9. Cloud Security Considerations
222 
223### Shared Responsibility
224 
225| Layer | You Own | Provider Owns |
226|-------|---------|---------------|
227| Data | ✅ | ❌ |
228| Application | ✅ | ❌ |
229| OS/Runtime | Depends | Depends |
230| Infrastructure | ❌ | ✅ |
231 
232### Cloud-Specific Checks
233 
234- IAM: Least privilege applied?
235- Storage: Public buckets?
236- Network: Security groups tightened?
237- Secrets: Using secrets manager?
238 
239---
240 
241## 10. Anti-Patterns
242 
243| ❌ Don't | ✅ Do |
244|----------|-------|
245| Scan without understanding | Map attack surface first |
246| Alert on every CVE | Prioritize by exploitability + asset |
247| Ignore false positives | Maintain verified baseline |
248| Fix symptoms only | Address root causes |
249| Scan once before deploy | Continuous scanning |
250| Trust third-party deps blindly | Verify integrity, audit code |
251 
252---
253 
254## 11. Reporting Principles
255 
256### Finding Structure
257 
258Each finding should answer:
2591. **What?** - Clear vulnerability description
2602. **Where?** - Exact location (file, line, endpoint)
2613. **Why?** - Root cause explanation
2624. **Impact?** - Business consequence
2635. **How to fix?** - Specific remediation
264 
265### Severity Classification
266 
267| Severity | Criteria |
268|----------|----------|
269| **Critical** | RCE, auth bypass, mass data exposure |
270| **High** | Data exposure, privilege escalation |
271| **Medium** | Limited scope, requires conditions |
272| **Low** | Informational, best practice |
273 
274---
275 
276> **Remember:** Vulnerability scanning finds issues. Expert thinking prioritizes what matters. Always ask: "What would an attacker do with this?"
277

Full transparency — inspect the skill content before installing.