How does this skill differ from standard linting?

Unlike basic linters, this skill applies a 'threat actor' mindset, analyzing architectural flaws, trust boundaries, and complex attack chains based on the latest 2025 security standards.

Does it provide remediation guidance?

Every finding includes a clear description, the root cause, business impact, and specific, actionable steps to fix the vulnerability.

What kind of vulnerabilities can it detect?

It identifies a wide range of issues including injection flaws, broken access control, insecure API endpoints, hardcoded secrets, and unsafe dependency configurations.

Does it support the latest OWASP Top 10 updates?

Yes, it is specifically configured for the OWASP 2025 update, which includes new focuses on Software Supply Chain Integrity and Exceptional Conditions.

Can it help prioritize which bugs to fix first?

Yes, it uses a Decision Tree based on CVSS scores and EPSS (Exploit Prediction Scoring System) to distinguish between theoretical risks and actively exploited vulnerabilities.

Advanced Vulnerability Scanner

Name: Advanced Vulnerability Scanner
Author: claudiodearaujo

byclaudiodearaujo

•

Security & Testing

Identifies and prioritizes code vulnerabilities using OWASP 2025 standards, supply chain auditing, and attack surface mapping.

The Vulnerability Scanner skill equips Claude with a security expert mindset tailored for the 2025 threat landscape. It moves beyond simple pattern matching to perform deep analysis of attack surfaces, software supply chains, and architectural 'fail-secure' logic. By integrating OWASP Top 10:2025 principles and risk-prioritization frameworks like CVSS and EPSS, it helps developers identify critical injection points, cryptographic failures, and insecure design patterns. This skill is essential for teams looking to implement defense-in-depth and zero-trust principles directly within their development workflow, providing actionable remediation steps for discovered risks.

Key Features

01Supply chain security for dependency integrity and pipeline safety

02Automated attack surface mapping of APIs, data flows, and entry points

03OWASP Top 10:2025 compliance auditing and risk category mapping

04Analysis of exceptional conditions to prevent fail-open security states

05Risk prioritization using CVSS severity and EPSS exploitability scores

061 GitHub stars

Use Cases

01Auditing third-party dependencies for supply chain vulnerabilities and integrity issues

02Conducting a comprehensive security audit before a major production release

03Identifying and fixing high-risk code patterns like unsafe deserialization and path traversal

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro vulnerability-scanner

For use in Claude.ai and ChatGPT

Download Skill