How does it prioritize discovered vulnerabilities?

It uses a combination of CVSS (Base Severity) and EPSS (Exploit Likelihood) scores alongside business context to categorize risks from Low to Critical.

What tools does this skill utilize?

It leverages Claude's ability to read, glob, and grep through files, as well as executing dedicated bash and python scripts for automated security validation.

Can it detect secrets in my code?

Yes, it includes pattern analysis for API keys, tokens, credentials, and cloud-specific secrets across various providers like AWS, Azure, and GCP.

Does this skill support the latest OWASP standards?

Yes, it is specifically designed around the OWASP 2025 Top 10, including new categories like Supply Chain Security and Exceptional Conditions.

Vulnerability Scanner & Security Auditor

Name: Vulnerability Scanner & Security Auditor
Author: claudiodearaujo

byclaudiodearaujo

•

セキュリティとテスト

Conducts advanced security audits and vulnerability mapping based on the 2025 threat landscape and OWASP principles.

This Claude Code skill empowers developers to perform deep security analysis of their codebases using modern principles like Zero Trust and Defense in Depth. It specifically targets the OWASP 2025 Top 10 risks, including emerging categories like Supply Chain Security and Exceptional Conditions. By combining automated scanning scripts with expert-level threat modeling, it helps identify attack surfaces, prioritize risks using CVSS and EPSS metrics, and provides actionable remediation guidance to ensure applications are secure by design rather than just by chance.

主な機能

01Attack Surface Mapping & Risk Prioritization (CVSS/EPSS)

02Automated Security Validation via Python Scripts

03Fail-Secure Pattern Analysis & Remediation Guidance

04OWASP Top 10:2025 Compliance Mapping

05Supply Chain Security & Dependency Integrity Analysis

061 GitHub stars

ユースケース

01Prioritizing vulnerability backlogs based on real-world exploitability and business impact.

02Assessing third-party dependency risks and verifying software supply chain integrity.

03Pre-deployment security audits to identify high-risk code patterns and injection points.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro vulnerability-scanner

For use in Claude.ai and ChatGPT

Download Skill