← Back to list
vulnerability-scanner
by armanzeroeight
🚀 A collection of Claude subagents, skills, rules, guides, and blueprints for Developers, Engineers, and Creators. | Covering programming languages, DevOps, Cloud, and beyond.
⭐ 20🍴 4📅 Jan 18, 2026
Run in ManusSKILL.md
name: vulnerability-scanner description: Scans code for security vulnerabilities, identifies CVE patterns, and provides severity ratings with remediation guidance. Use when scanning for security issues, code vulnerabilities, or OWASP top 10 problems.
Vulnerability Scanner
Quick Start
Scan a codebase for common vulnerabilities:
# For JavaScript/TypeScript
npx eslint --plugin security .
# For Python
bandit -r . -f json
# For general patterns
grep -rn "eval\|exec\|system\|shell" --include="*.py" --include="*.js"
Instructions
Step 1: Identify Project Type
Detect the technology stack:
- Check for
package.json(Node.js) - Check for
requirements.txtorpyproject.toml(Python) - Check for
go.mod(Go) - Check for
Cargo.toml(Rust)
Step 2: Run Static Analysis
JavaScript/TypeScript:
npx eslint --plugin security --ext .js,.ts,.jsx,.tsx .
Python:
pip install bandit
bandit -r . -f json -o bandit-report.json
Go:
go install golang.org/x/vuln/cmd/govulncheck@latest
govulncheck ./...
Step 3: Check for Common Patterns
Scan for dangerous patterns:
| Pattern | Risk | Languages |
|---|---|---|
eval() | Code injection | JS, Python |
exec() | Command injection | Python |
shell=True | Command injection | Python |
dangerouslySetInnerHTML | XSS | React |
| SQL string concatenation | SQL injection | All |
pickle.loads() | Deserialization | Python |
Step 4: Categorize Findings
Assign severity based on:
- Critical: Remote code execution, authentication bypass
- High: SQL injection, XSS, SSRF
- Medium: Information disclosure, CSRF
- Low: Missing headers, verbose errors
Step 5: Generate Report
Format findings:
## Security Scan Results
### Critical (0)
[None found]
### High (2)
1. **SQL Injection** - src/db/queries.js:45
- Pattern: String concatenation in SQL query
- Fix: Use parameterized queries
2. **XSS Vulnerability** - src/components/Comment.jsx:23
- Pattern: dangerouslySetInnerHTML with user input
- Fix: Sanitize input with DOMPurify
Common Vulnerability Patterns
Injection Flaws
// BAD: SQL Injection
const query = `SELECT * FROM users WHERE id = ${userId}`;
// GOOD: Parameterized query
const query = 'SELECT * FROM users WHERE id = ?';
db.query(query, [userId]);
Cross-Site Scripting (XSS)
// BAD: Direct HTML insertion
element.innerHTML = userInput;
// GOOD: Text content or sanitization
element.textContent = userInput;
// or
element.innerHTML = DOMPurify.sanitize(userInput);
Advanced
For detailed information, see:
- CVE Patterns - Common vulnerability patterns by type
- Remediation Guide - Fix strategies for each vulnerability type
- Tools Reference - Security scanning tools by language
Score
Total Score
70/100
Based on repository quality metrics
✓SKILL.md
SKILL.mdファイルが含まれている
+20
✓LICENSE
ライセンスが設定されている
+10
✓説明文
100文字以上の説明がある
+10
○人気
GitHub Stars 100以上
0/15
✓最近の活動
1ヶ月以内に更新
+10
○フォーク
10回以上フォークされている
0/5
✓Issue管理
オープンIssueが50未満
+5
○言語
プログラミング言語が設定されている
0/5
✓タグ
1つ以上のタグが設定されている
+5
Reviews
💬
Reviews coming soon
