Does this skill support the latest security standards?

Yes, it is specifically designed around the OWASP Top 10:2025 framework, including new categories like Software Supply Chain Security and Exceptional Conditions.

Can it detect secrets accidentally committed to code?

Yes, it includes pattern matching for high-entropy strings, API keys, cloud credentials, and JWT tokens to prevent accidental exposure.

How does the skill prioritize identified risks?

It uses a prioritization matrix combining CVSS (severity), EPSS (exploit likelihood), and asset value to help you focus on the most critical threats first.

Is this skill suitable for cloud-native applications?

Absolutely. It includes specific checks for cloud security considerations such as IAM least privilege, storage bucket permissions, and secrets management.

Vulnerability Scanner & Security Auditor

Name: Vulnerability Scanner & Security Auditor
Author: claudiodearaujo

byclaudiodearaujo

•

Security & Testing

Audits codebases for security vulnerabilities using 2025 OWASP principles, supply chain analysis, and automated risk prioritization.

This skill transforms Claude into a proactive security expert, enabling deep analysis of applications against the latest 2025 threat landscape. It provides a structured framework for identifying OWASP Top 10 risks—including supply chain vulnerabilities, insecure design, and exceptional condition handling—while mapping attack surfaces and prioritizing remediation based on CVSS and EPSS scores. It is ideal for developers and security engineers who need to validate code integrity, audit third-party dependencies, and implement defense-in-depth strategies within their local development or CI/CD environments.

Key Features

011 GitHub stars

02Supply chain security and dependency integrity verification

03Risk prioritization using CVSS and EPSS metrics

04High-risk code pattern analysis for RCE, injection, and path traversal

05OWASP Top 10 (2025) compliance auditing

06Automated attack surface mapping and entry-point discovery

Use Cases

01Performing a comprehensive security audit prior to a major production release

02Mapping an application's attack surface to discover exposed APIs and sensitive data flows

03Identifying and mitigating third-party dependency risks in the software supply chain

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro vulnerability-scanner

For use in Claude.ai and ChatGPT

Download Skill