vulnerability-scanner

Vulnerability Scanner

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "vulnerability-scanner" with this command: npx skills add armanzeroeight/fastagent-plugins/armanzeroeight-fastagent-plugins-vulnerability-scanner

Vulnerability Scanner

Quick Start

Scan a codebase for common vulnerabilities:

For JavaScript/TypeScript

npx eslint --plugin security .

For Python

bandit -r . -f json

For general patterns

grep -rn "eval|exec|system|shell" --include=".py" --include=".js"

Instructions

Step 1: Identify Project Type

Detect the technology stack:

  • Check for package.json (Node.js)

  • Check for requirements.txt or pyproject.toml (Python)

  • Check for go.mod (Go)

  • Check for Cargo.toml (Rust)

Step 2: Run Static Analysis

JavaScript/TypeScript:

npx eslint --plugin security --ext .js,.ts,.jsx,.tsx .

Python:

pip install bandit bandit -r . -f json -o bandit-report.json

Go:

go install golang.org/x/vuln/cmd/govulncheck@latest govulncheck ./...

Step 3: Check for Common Patterns

Scan for dangerous patterns:

Pattern Risk Languages

eval()

Code injection JS, Python

exec()

Command injection Python

shell=True

Command injection Python

dangerouslySetInnerHTML

XSS React

SQL string concatenation SQL injection All

pickle.loads()

Deserialization Python

Step 4: Categorize Findings

Assign severity based on:

  • Critical: Remote code execution, authentication bypass

  • High: SQL injection, XSS, SSRF

  • Medium: Information disclosure, CSRF

  • Low: Missing headers, verbose errors

Step 5: Generate Report

Format findings:

Security Scan Results

Critical (0)

[None found]

High (2)

  1. SQL Injection - src/db/queries.js:45

    • Pattern: String concatenation in SQL query
    • Fix: Use parameterized queries

  2. XSS Vulnerability - src/components/Comment.jsx:23

    • Pattern: dangerouslySetInnerHTML with user input
    • Fix: Sanitize input with DOMPurify

Common Vulnerability Patterns

Injection Flaws

// BAD: SQL Injection const query = SELECT * FROM users WHERE id = ${userId};

// GOOD: Parameterized query const query = 'SELECT * FROM users WHERE id = ?'; db.query(query, [userId]);

Cross-Site Scripting (XSS)

// BAD: Direct HTML insertion element.innerHTML = userInput;

// GOOD: Text content or sanitization element.textContent = userInput; // or element.innerHTML = DOMPurify.sanitize(userInput);

Advanced

For detailed information, see:

  • CVE Patterns - Common vulnerability patterns by type

  • Remediation Guide - Fix strategies for each vulnerability type

  • Tools Reference - Security scanning tools by language

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

api-security-checker

No summary provided by upstream source.

Repository SourceNeeds Review
-5
armanzeroeight
Security

security-group-analyzer

No summary provided by upstream source.

Repository SourceNeeds Review
-5
armanzeroeight
Security

image-security-scanner

No summary provided by upstream source.

Repository SourceNeeds Review
-5
armanzeroeight