How does this skill categorize security findings?

It categorizes vulnerabilities by severity (Critical, High, Medium, Low) and maps them directly to industry standards like OWASP ASVS and CWE.

Does it scan configuration files like Docker or .env?

Absolutely. It includes specific patterns for .env files, Dockerfiles, and docker-compose.yml to identify privileged containers, root users, or exposed environment secrets.

Can this skill detect vulnerabilities in any programming language?

Yes, vuln-patterns-core uses universal regex patterns and grep commands designed to work effectively across JavaScript, Python, Java, Go, PHP, Ruby, and many other languages.

Is this a replacement for a professional security audit?

No, this skill is designed for rapid, real-time detection and developer hooks. While it catches common flaws, full security audits should still utilize specialized domain tools and expert review.

Vulnerability Patterns: Core

Name: Vulnerability Patterns: Core
Author: Zate

byZate

Security & Testing

Detects universal security vulnerabilities and hardcoded secrets across all programming languages using standardized regex patterns.

About

The vuln-patterns-core skill empowers Claude to proactively identify high-risk security flaws by providing a comprehensive library of universal detection patterns. It scans for critical vulnerabilities including SQL injection, command injection, path traversal, and hardcoded credentials (such as API keys and AWS secrets) regardless of the programming language being used. This skill is specifically designed for integration into live security hooks, configuration audits of Docker or environment files, and rapid cross-language codebase scanning to ensure robust security posture throughout the development lifecycle.

Key Features

Multi-language support for universal security pattern matching
Automated security audits for .env, Docker, and YAML configurations
Identification of hardcoded API keys, AWS credentials, and private keys
Scanning for path traversal and unsafe file operations
0 GitHub stars
Detection of SQL and Command Injection vulnerabilities

Use Cases

Performing rapid security audits on polyglot repositories
Implementing real-time security hooks during the coding process
Scanning configuration files for exposed secrets and privileged modes

About

Key Features

Multi-language support for universal security pattern matching
Automated security audits for .env, Docker, and YAML configurations
Identification of hardcoded API keys, AWS credentials, and private keys
Scanning for path traversal and unsafe file operations
0 GitHub stars
Detection of SQL and Command Injection vulnerabilities

Use Cases

Performing rapid security audits on polyglot repositories
Implementing real-time security hooks during the coding process
Scanning configuration files for exposed secrets and privileged modes