How does the scanner prioritize discovered vulnerabilities?

It uses a sophisticated decision tree combining CVSS severity scores, EPSS exploit likelihood data, and specific asset values to ensure developers fix the most critical issues first.

Does this skill support the latest OWASP standards?

Yes, it is specifically designed with the OWASP 2025 Top 10 categories in mind, including modern focuses like Supply Chain Security (A03) and Exceptional Conditions (A10).

Can it analyze CI/CD and supply chain risks?

Yes, it audits lock files, dependency integrity, and build pipeline configurations to identify risks like typosquatting or malicious package injection.

Does it provide actionable remediation guidance?

Every finding includes a root cause explanation, the potential business impact, and specific code-level instructions on how to fix the vulnerability.

Can it detect hardcoded secrets and API keys?

Yes, it includes high-entropy pattern matching for API keys, bearer tokens, JWTs, and cloud-specific credentials (AWS, Azure, GCP).

Vulnerability Scanner

Name: Vulnerability Scanner
Author: claudiodearaujo

byclaudiodearaujo

•

Security & Testing

Performs advanced security audits and vulnerability analysis using OWASP 2025 standards and supply chain security principles.

The Vulnerability Scanner skill transforms Claude into a proactive security auditor capable of identifying and mitigating risks within the modern threat landscape. By applying the OWASP 2025 Top 10 framework, it specializes in mapping attack surfaces, auditing software supply chains, and prioritizing vulnerabilities based on real-world exploitability (EPSS) and severity (CVSS). Whether you are securing a CI/CD pipeline, reviewing API entry points, or refactoring error handling for 'Fail-Closed' resiliency, this skill provides the expert mindset and methodology required to defend applications against sophisticated attacks.

Key Features

01Deep code pattern analysis for RCE, injection, and exposed secrets

02Comprehensive OWASP 2025 Top 10 alignment and risk categorization

03Automated attack surface mapping and entry point discovery

04Supply chain security auditing for dependencies and build integrity

05Risk prioritization using CVSS, EPSS, and business impact analysis

061 GitHub stars

Use Cases

01Auditing third-party dependencies for supply chain vulnerabilities (A03:2025)

02Performing a comprehensive security review before major production releases

03Refactoring legacy codebases to implement Zero Trust and Defense in Depth principles

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro vulnerability-scanner

For use in Claude.ai and ChatGPT

Download Skill