What tools does this skill utilize for scanning?

The skill utilizes Read, Glob, Grep, and Bash to perform deep code pattern analysis, configuration reviews, and dependency path tracing.

How does it prioritize identified vulnerabilities?

It uses a multi-factor prioritization matrix involving CVSS base scores, EPSS exploit likelihood, and the specific business value of the affected asset.

Does this skill support the latest OWASP standards?

Yes, it is specifically designed with the OWASP Top 10:2025 risk categories, including new focuses on Software Supply Chain and Exceptional Conditions.

Can it help with third-party dependency risks?

Absolutely. It includes specific modules for Supply Chain Security (A03) to audit package integrity, lock files, and potential registry attacks.

Is it suitable for cloud-native applications?

Yes, it includes checks for cloud-specific security configurations, IAM least privilege principles, and shared responsibility model compliance.

Vulnerability Scanner & Security Auditor

Name: Vulnerability Scanner & Security Auditor
Author: claudiodearaujo

byclaudiodearaujo

0•

安全与测试

Conducts advanced security audits and vulnerability assessments using OWASP 2025 standards and modern threat modeling.

The Vulnerability Scanner skill equips Claude with a comprehensive security mindset to identify, prioritize, and remediate software vulnerabilities. It leverages 2025 threat landscape awareness, focusing on the OWASP Top 10, software supply chain integrity, and attack surface mapping. By applying principles like Zero Trust and Defense in Depth, it helps developers move beyond simple bug finding to systematic risk management, providing actionable remediation guidance for complex security flaws in code, configurations, and dependencies.

主要功能

01Software supply chain security auditing for dependencies and CI/CD

02Data-driven risk prioritization using CVSS and EPSS scoring

03OWASP Top 10:2025 compliance checking and risk analysis

04Comprehensive attack surface mapping and entry point identification

05Automated validation scripts for security principle enforcement

060 GitHub stars

使用场景

01Mapping the attack surface of new APIs to identify injection points and access control flaws

02Auditing third-party dependencies and build pipelines for supply chain risks

03Performing a comprehensive security audit on a codebase before a production release

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/izacenter vulnerability-scanner

For use in Claude.ai and ChatGPT

主要功能

01Software supply chain security auditing for dependencies and CI/CD

02Data-driven risk prioritization using CVSS and EPSS scoring

03OWASP Top 10:2025 compliance checking and risk analysis

04Comprehensive attack surface mapping and entry point identification

05Automated validation scripts for security principle enforcement

060 GitHub stars

使用场景

01Mapping the attack surface of new APIs to identify injection points and access control flaws

02Auditing third-party dependencies and build pipelines for supply chain risks

03Performing a comprehensive security audit on a codebase before a production release

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/izacenter vulnerability-scanner

For use in Claude.ai and ChatGPT