Vulnerability Scanner

Name: Vulnerability Scanner
Author: armanzeroeight

Scans code for security vulnerabilities, identifies CVE patterns, and provides severity ratings with remediation guidance. Use when scanning for security issues, code vulnerabilities, or OWASP top 10 problems.

16 stars

0 votes

0 copies

0 views

Added 12/21/2025

data-aijavascripttypescriptpythonrust

Install via CLI

$openskills install armanzeroeight/fastagent-plugins

Download Zip

Files

SKILL.md

---
name: vulnerability-scanner
description: Scans code for security vulnerabilities, identifies CVE patterns, and provides severity ratings with remediation guidance. Use when scanning for security issues, code vulnerabilities, or OWASP top 10 problems.
---

# Vulnerability Scanner

## Quick Start

Scan a codebase for common vulnerabilities:

```bash
# For JavaScript/TypeScript
npx eslint --plugin security .

# For Python
bandit -r . -f json

# For general patterns
grep -rn "eval\|exec\|system\|shell" --include="*.py" --include="*.js"
```

## Instructions

### Step 1: Identify Project Type

Detect the technology stack:
- Check for `package.json` (Node.js)
- Check for `requirements.txt` or `pyproject.toml` (Python)
- Check for `go.mod` (Go)
- Check for `Cargo.toml` (Rust)

### Step 2: Run Static Analysis

**JavaScript/TypeScript:**
```bash
npx eslint --plugin security --ext .js,.ts,.jsx,.tsx .
```

**Python:**
```bash
pip install bandit
bandit -r . -f json -o bandit-report.json
```

**Go:**
```bash
go install golang.org/x/vuln/cmd/govulncheck@latest
govulncheck ./...
```

### Step 3: Check for Common Patterns

Scan for dangerous patterns:

| Pattern | Risk | Languages |
|---------|------|-----------|
| `eval()` | Code injection | JS, Python |
| `exec()` | Command injection | Python |
| `shell=True` | Command injection | Python |
| `dangerouslySetInnerHTML` | XSS | React |
| SQL string concatenation | SQL injection | All |
| `pickle.loads()` | Deserialization | Python |

### Step 4: Categorize Findings

Assign severity based on:
- **Critical**: Remote code execution, authentication bypass
- **High**: SQL injection, XSS, SSRF
- **Medium**: Information disclosure, CSRF
- **Low**: Missing headers, verbose errors

### Step 5: Generate Report

Format findings:
```
## Security Scan Results

### Critical (0)
[None found]

### High (2)
1. **SQL Injection** - src/db/queries.js:45
   - Pattern: String concatenation in SQL query
   - Fix: Use parameterized queries

2. **XSS Vulnerability** - src/components/Comment.jsx:23
   - Pattern: dangerouslySetInnerHTML with user input
   - Fix: Sanitize input with DOMPurify
```

## Common Vulnerability Patterns

### Injection Flaws

```javascript
// BAD: SQL Injection
const query = `SELECT * FROM users WHERE id = ${userId}`;

// GOOD: Parameterized query
const query = 'SELECT * FROM users WHERE id = ?';
db.query(query, [userId]);
```

### Cross-Site Scripting (XSS)

```javascript
// BAD: Direct HTML insertion
element.innerHTML = userInput;

// GOOD: Text content or sanitization
element.textContent = userInput;
// or
element.innerHTML = DOMPurify.sanitize(userInput);
```

## Advanced

For detailed information, see:
- [CVE Patterns](reference/cve-patterns.md) - Common vulnerability patterns by type
- [Remediation Guide](reference/remediation-guide.md) - Fix strategies for each vulnerability type
- [Tools Reference](reference/tools.md) - Security scanning tools by language

Vulnerability Scanner

Attribution

Comments (0)