How does it prioritize security findings?

It uses a structured prioritization matrix based on CVSS severity, EPSS exploit likelihood, and asset value to ensure critical vulnerabilities are addressed first.

Does it provide remediation guidance?

Every finding includes a clear description, root cause explanation, business impact analysis, and specific remediation steps to fix the underlying issue.

What kind of vulnerabilities can it detect?

It targets a wide range of issues including SQL Injection, RCE, broken access control, insecure deserialization, path traversal, and exposed secrets.

Does this skill support the latest OWASP standards?

Yes, it is specifically designed around the OWASP Top 10:2025 categories, including modern focus areas like Software Supply Chain Security and Exceptional Conditions.

Can it automate security checks within my repository?

Yes, the skill includes runtime scripts like security_scan.py and utilizes Bash, Grep, and Glob tools to automate the discovery of high-risk patterns.

Vulnerability Scanner & Security Auditor

Name: Vulnerability Scanner & Security Auditor
Author: claudiodearaujo

byclaudiodearaujo

安全与测试

Conducts advanced security audits and vulnerability scans using OWASP 2025 principles and supply chain analysis.

关于

This skill transforms Claude into a proactive security expert capable of identifying architectural flaws, coding vulnerabilities, and supply chain risks. It leverages the latest OWASP 2025 standards to map attack surfaces, prioritize risks using CVSS and EPSS scores, and validate security implementations through automated scripts. Ideal for developers and security teams who need to 'think like an attacker' to defend their codebase against modern threats such as insecure design, software integrity failures, and complex supply chain compromises.

主要功能

Risk prioritization using CVSS, EPSS, and business context matrices
Comprehensive OWASP Top 10:2025 risk assessment and mapping
Detailed software supply chain security and dependency auditing
Automated security validation via integrated Python scanning scripts
Advanced code pattern analysis for RCE, injection, and path traversal
0 GitHub stars

使用场景

Performing a pre-deployment security audit on a new microservice or API
Mapping the attack surface of cloud-native applications for proactive threat modeling
Identifying and remediating vulnerabilities in third-party dependencies and CI/CD pipelines

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/izacenter vulnerability-scanner

For use in Claude.ai and ChatGPT

Download Skill

GitHub

关于