Does it check third-party libraries?

Yes, the skill analyzes dependency files such as package.json or requirements.txt to identify known vulnerabilities (CVEs) in your project's libraries.

Can it detect specific flaws like SQL injection?

Yes, the scanner performs static analysis to find common code vulnerabilities including SQL injection, cross-site scripting (XSS), and insecure data handling.

Does it provide instructions on how to fix issues?

Every scan generates a report that includes specific remediation guidance for each finding, helping you resolve security risks quickly.

Is this suitable for a CI/CD workflow?

While it runs within Claude Code, its ability to generate detailed reports makes it perfect for manual pre-deployment checks and security-focused code reviews.

How do I trigger a vulnerability scan?

You can trigger the skill by asking Claude to 'scan for vulnerabilities' or by using command shortcuts like '/scan' or '/vuln' in the terminal.

Security Vulnerability Scanner

Name: Security Vulnerability Scanner
Author: jeremylongshore

byjeremylongshore

•

883

安全与测试

Scans codebases, dependencies, and configurations to identify security flaws and known CVEs with automated reporting.

关于

This skill empowers Claude to perform automated security audits directly within your development environment. By leveraging the vulnerability-scanner plugin, it conducts deep static analysis, checks project dependencies against known CVE databases, and evaluates configurations for security weaknesses. It is an essential tool for developers looking to proactively secure their projects, providing actionable remediation guidance and detailed findings to mitigate risks long before code reaches production.

主要功能

Dependency scanning for known CVEs and outdated packages
883 GitHub stars
Configuration audit for insecure environment settings
Automated static analysis for code-level security flaws
Comprehensive reports with categorized severity levels
Direct remediation guidance for identified vulnerabilities

使用场景

Performing pre-deployment security audits to ensure production readiness
Identifying SQL injection and XSS risks in legacy codebases
Checking npm or pip dependencies for high-severity security patches

关于

主要功能

Dependency scanning for known CVEs and outdated packages
883 GitHub stars
Configuration audit for insecure environment settings
Automated static analysis for code-level security flaws
Comprehensive reports with categorized severity levels
Direct remediation guidance for identified vulnerabilities

使用场景

Performing pre-deployment security audits to ensure production readiness
Identifying SQL injection and XSS risks in legacy codebases
Checking npm or pip dependencies for high-severity security patches