Does this skill support the latest security standards?

Yes, it is specifically designed around the OWASP Top 10:2025 updates, including new focus areas like Software Supply Chain Security and Exceptional Conditions.

How does it prioritize identified vulnerabilities?

The skill uses a weighted decision tree combining CVSS base severity, EPSS exploit likelihood, and business asset value to categorize risks from Low to Critical.

Can it detect hardcoded secrets in the codebase?

Yes, it includes high-risk pattern matching for API keys, tokens, JWTs, and cloud-specific credentials (AWS, Azure, GCP) using entropy and prefix detection.

Does it require external security tools to run?

No, it utilizes native Claude Code tools like Grep, Glob, and Bash to perform deep code analysis and reconnaissance directly within your environment.

Is it effective for cloud-native application security?

Absolutely. It includes specific checks for Cloud IAM least privilege, public storage bucket configurations, and security group tightening.

Vulnerability Scanner

Name: Vulnerability Scanner
Author: claudiodearaujo

byclaudiodearaujo

보안 및 테스팅

Performs advanced security audits and vulnerability analysis using modern threat landscape principles and OWASP 2025 standards.

소개

The Vulnerability Scanner skill transforms Claude into a proactive security expert, enabling it to identify, analyze, and prioritize code-level risks. By applying an attacker's mindset, this skill focuses on the 2025 threat landscape, specifically targeting software supply chain integrity, attack surface mapping, and zero-trust principles. It moves beyond simple pattern matching to provide context-aware risk scoring using CVSS and EPSS, ensuring developers focus on remediating the most critical vulnerabilities first. Ideal for pre-deployment checks, dependency audits, and architectural reviews.

주요 기능

OWASP Top 10:2025 compliance and risk category analysis
Supply Chain Security (A03) auditing for dependencies and CI/CD
Automated attack surface mapping and entry point identification
Risk prioritization using CVSS and EPSS exploitability scores
Detailed remediation reporting with clear reproduction steps
0 GitHub stars

사용 사례

Conducting comprehensive security reviews before merging code to production
Auditing third-party libraries and lock files for supply chain vulnerabilities
Mapping trust boundaries and data flows in complex cloud-native architectures

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/izacenter vulnerability-scanner

For use in Claude.ai and ChatGPT

Download Skill

GitHub

소개