How does this skill categorize security findings?

It categorizes vulnerabilities by severity (Critical, High, Medium, Low) and maps them directly to industry standards like OWASP ASVS and CWE.

Does it scan configuration files like Docker or .env?

Absolutely. It includes specific patterns for .env files, Dockerfiles, and docker-compose.yml to identify privileged containers, root users, or exposed environment secrets.

Can this skill detect vulnerabilities in any programming language?

Yes, vuln-patterns-core uses universal regex patterns and grep commands designed to work effectively across JavaScript, Python, Java, Go, PHP, Ruby, and many other languages.

Is this a replacement for a professional security audit?

No, this skill is designed for rapid, real-time detection and developer hooks. While it catches common flaws, full security audits should still utilize specialized domain tools and expert review.

Vulnerability Patterns: Core

Name: Vulnerability Patterns: Core
Author: Zate

byZate

0•

Security & Testing

Detects universal security vulnerabilities and hardcoded secrets across all programming languages using standardized regex patterns.

The vuln-patterns-core skill empowers Claude to proactively identify high-risk security flaws by providing a comprehensive library of universal detection patterns. It scans for critical vulnerabilities including SQL injection, command injection, path traversal, and hardcoded credentials (such as API keys and AWS secrets) regardless of the programming language being used. This skill is specifically designed for integration into live security hooks, configuration audits of Docker or environment files, and rapid cross-language codebase scanning to ensure robust security posture throughout the development lifecycle.

Key Features

01Multi-language support for universal security pattern matching

02Automated security audits for .env, Docker, and YAML configurations

03Identification of hardcoded API keys, AWS credentials, and private keys

04Scanning for path traversal and unsafe file operations

050 GitHub stars

06Detection of SQL and Command Injection vulnerabilities

Use Cases

01Performing rapid security audits on polyglot repositories

02Implementing real-time security hooks during the coding process

03Scanning configuration files for exposed secrets and privileged modes

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add zate/cc-plugins vuln-patterns-core

For use in Claude.ai and ChatGPT

Download Skill