{"id":"61a827a0-be5e-47e6-bb59-c0fb905ce04c","shortId":"uxEaau","kind":"skill","title":"vulnerability-scanner","tagline":"Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.","description":"# Vulnerability Scanner\n\n> Think like an attacker, defend like an expert. 2025 threat landscape awareness.\n\n## 🔧 Runtime Scripts\n\n**Execute for automated validation:**\n\n| Script | Purpose | Usage |\n|--------|---------|-------|\n| `scripts/security_scan.py` | Validate security principles applied | `python scripts/security_scan.py <project_path>` |\n\n## 📋 Reference Files\n\n| File | Purpose |\n|------|---------|\n| [checklists.md](checklists.md) | OWASP Top 10, Auth, API, Data protection checklists |\n\n---\n\n## 1. Security Expert Mindset\n\n### Core Principles\n\n| Principle | Application |\n|-----------|-------------|\n| **Assume Breach** | Design as if attacker already inside |\n| **Zero Trust** | Never trust, always verify |\n| **Defense in Depth** | Multiple layers, no single point |\n| **Least Privilege** | Minimum required access only |\n| **Fail Secure** | On error, deny access |\n\n### Threat Modeling Questions\n\nBefore scanning, ask:\n1. What are we protecting? (Assets)\n2. Who would attack? (Threat actors)\n3. How would they attack? (Attack vectors)\n4. What's the impact? (Business risk)\n\n---\n\n## 2. OWASP Top 10:2025\n\n### Risk Categories\n\n| Rank | Category | Think About |\n|------|----------|-------------|\n| **A01** | Broken Access Control | Who can access what? IDOR, SSRF |\n| **A02** | Security Misconfiguration | Defaults, headers, exposed services |\n| **A03** | Software Supply Chain 🆕 | Dependencies, CI/CD, build integrity |\n| **A04** | Cryptographic Failures | Weak crypto, exposed secrets |\n| **A05** | Injection | User input → system commands |\n| **A06** | Insecure Design | Flawed architecture |\n| **A07** | Authentication Failures | Session, credential management |\n| **A08** | Integrity Failures | Unsigned updates, tampered data |\n| **A09** | Logging & Alerting | Blind spots, no monitoring |\n| **A10** | Exceptional Conditions 🆕 | Error handling, fail-open states |\n\n### 2025 Key Changes\n\n```\n2021 → 2025 Shifts:\n├── SSRF merged into A01 (Access Control)\n├── A02 elevated (Cloud/Container configs)\n├── A03 NEW: Supply Chain (major focus)\n├── A10 NEW: Exceptional Conditions\n└── Focus shift: Root causes > Symptoms\n```\n\n---\n\n## 3. Supply Chain Security (A03)\n\n### Attack Surface\n\n| Vector | Risk | Question to Ask |\n|--------|------|-----------------|\n| **Dependencies** | Malicious packages | Do we audit new deps? |\n| **Lock files** | Integrity attacks | Are they committed? |\n| **Build pipeline** | CI/CD compromise | Who can modify? |\n| **Registry** | Typosquatting | Verified sources? |\n\n### Defense Principles\n\n- Verify package integrity (checksums)\n- Pin versions, audit updates\n- Use private registries for critical deps\n- Sign and verify artifacts\n\n---\n\n## 4. Attack Surface Mapping\n\n### What to Map\n\n| Category | Elements |\n|----------|----------|\n| **Entry Points** | APIs, forms, file uploads |\n| **Data Flows** | Input → Process → Output |\n| **Trust Boundaries** | Where auth/authz checked |\n| **Assets** | Secrets, PII, business data |\n\n### Prioritization Matrix\n\n```\nRisk = Likelihood × Impact\n\nHigh Impact + High Likelihood → CRITICAL\nHigh Impact + Low Likelihood  → HIGH\nLow Impact + High Likelihood  → MEDIUM\nLow Impact + Low Likelihood   → LOW\n```\n\n---\n\n## 5. Risk Prioritization\n\n### CVSS + Context\n\n| Factor | Weight | Question |\n|--------|--------|----------|\n| **CVSS Score** | Base severity | How severe is the vuln? |\n| **EPSS Score** | Exploit likelihood | Is it being exploited? |\n| **Asset Value** | Business context | What's at risk? |\n| **Exposure** | Attack surface | Internet-facing? |\n\n### Prioritization Decision Tree\n\n```\nIs it actively exploited (EPSS >0.5)?\n├── YES → CRITICAL: Immediate action\n└── NO → Check CVSS\n         ├── CVSS ≥9.0 → HIGH\n         ├── CVSS 7.0-8.9 → Consider asset value\n         └── CVSS <7.0 → Schedule for later\n```\n\n---\n\n## 6. Exceptional Conditions (A10 - New)\n\n### Fail-Open vs Fail-Closed\n\n| Scenario | Fail-Open (BAD) | Fail-Closed (GOOD) |\n|----------|-----------------|---------------------|\n| Auth error | Allow access | Deny access |\n| Parsing fails | Accept input | Reject input |\n| Timeout | Retry forever | Limit + abort |\n\n### What to Check\n\n- Exception handlers that catch-all and ignore\n- Missing error handling on security operations\n- Race conditions in auth/authz\n- Resource exhaustion scenarios\n\n---\n\n## 7. Scanning Methodology\n\n### Phase-Based Approach\n\n```\n1. RECONNAISSANCE\n   └── Understand the target\n       ├── Technology stack\n       ├── Entry points\n       └── Data flows\n\n2. DISCOVERY\n   └── Identify potential issues\n       ├── Configuration review\n       ├── Dependency analysis\n       └── Code pattern search\n\n3. ANALYSIS\n   └── Validate and prioritize\n       ├── False positive elimination\n       ├── Risk scoring\n       └── Attack chain mapping\n\n4. REPORTING\n   └── Actionable findings\n       ├── Clear reproduction steps\n       ├── Business impact\n       └── Remediation guidance\n```\n\n---\n\n## 8. Code Pattern Analysis\n\n### High-Risk Patterns\n\n| Pattern | Risk | Look For |\n|---------|------|----------|\n| **String concat in queries** | Injection | `\"SELECT * FROM \" + user_input` |\n| **Dynamic code execution** | RCE | `eval()`, `exec()`, `Function()` |\n| **Unsafe deserialization** | RCE | `pickle.loads()`, `unserialize()` |\n| **Path manipulation** | Traversal | User input in file paths |\n| **Disabled security** | Various | `verify=False`, `--insecure` |\n\n### Secret Patterns\n\n| Type | Indicators |\n|------|-----------|\n| API Keys | `api_key`, `apikey`, high entropy |\n| Tokens | `token`, `bearer`, `jwt` |\n| Credentials | `password`, `secret`, `key` |\n| Cloud | `AWS_`, `AZURE_`, `GCP_` prefixes |\n\n---\n\n## 9. Cloud Security Considerations\n\n### Shared Responsibility\n\n| Layer | You Own | Provider Owns |\n|-------|---------|---------------|\n| Data | ✅ | ❌ |\n| Application | ✅ | ❌ |\n| OS/Runtime | Depends | Depends |\n| Infrastructure | ❌ | ✅ |\n\n### Cloud-Specific Checks\n\n- IAM: Least privilege applied?\n- Storage: Public buckets?\n- Network: Security groups tightened?\n- Secrets: Using secrets manager?\n\n---\n\n## 10. Anti-Patterns\n\n| ❌ Don't | ✅ Do |\n|----------|-------|\n| Scan without understanding | Map attack surface first |\n| Alert on every CVE | Prioritize by exploitability + asset |\n| Ignore false positives | Maintain verified baseline |\n| Fix symptoms only | Address root causes |\n| Scan once before deploy | Continuous scanning |\n| Trust third-party deps blindly | Verify integrity, audit code |\n\n---\n\n## 11. Reporting Principles\n\n### Finding Structure\n\nEach finding should answer:\n1. **What?** - Clear vulnerability description\n2. **Where?** - Exact location (file, line, endpoint)\n3. **Why?** - Root cause explanation\n4. **Impact?** - Business consequence\n5. **How to fix?** - Specific remediation\n\n### Severity Classification\n\n| Severity | Criteria |\n|----------|----------|\n| **Critical** | RCE, auth bypass, mass data exposure |\n| **High** | Data exposure, privilege escalation |\n| **Medium** | Limited scope, requires conditions |\n| **Low** | Informational, best practice |\n\n---\n\n> **Remember:** Vulnerability scanning finds issues. Expert thinking prioritizes what matters. Always ask: \"What would an attacker do with this?\"\n\n## When to Use\nThis skill is applicable to execute the workflow or actions described in the overview.\n\n## Limitations\n- Use this skill only when the task clearly matches the scope described above.\n- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.\n- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.","tags":["vulnerability","scanner","antigravity","awesome","skills","sickn33","agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding","ai-workflows"],"capabilities":["skill","source-sickn33","skill-vulnerability-scanner","topic-agent-skills","topic-agentic-skills","topic-ai-agent-skills","topic-ai-agents","topic-ai-coding","topic-ai-workflows","topic-antigravity","topic-antigravity-skills","topic-claude-code","topic-claude-code-skills","topic-codex-cli","topic-codex-skills"],"categories":["antigravity-awesome-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/sickn33/antigravity-awesome-skills/vulnerability-scanner","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add sickn33/antigravity-awesome-skills","source_repo":"https://github.com/sickn33/antigravity-awesome-skills","install_from":"skills.sh"}},"qualityScore":"0.700","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 37911 github stars · SKILL.md body (7,584 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T18:51:59.439Z","embedding":null,"createdAt":"2026-04-18T20:38:09.377Z","updatedAt":"2026-05-18T18:51:59.439Z","lastSeenAt":"2026-05-18T18:51:59.439Z","tsv":"'-8.9':423 '0.5':410 '1':62,110,501,714 '10':56,139,655 '11':705 '2':116,136,512,719 '2021':222 '2025':9,28,140,219,223 '3':122,250,524,726 '4':129,308,537,731 '5':363,735 '6':432 '7':494 '7.0':422,428 '8':548 '9':619 '9.0':419 'a01':147,228 'a02':157,231 'a03':164,235,254 'a04':172 'a05':179 'a06':185 'a07':190 'a08':196 'a09':203 'a10':210,241,435 'abort':469 'accept':461 'access':96,103,149,153,229,456,458 'action':414,539,797 'activ':407 'actor':121 'address':686 'advanc':4 'alert':205,669 'allow':455 'alreadi':76 'alway':82,776 'analysi':6,520,525,551 'answer':713 'anti':657 'anti-pattern':656 'api':58,319,599,601 'apikey':603 'appli':45,643 'applic':69,631,791 'approach':500 'architectur':189 'artifact':307 'ask':109,261,777,835 'asset':115,333,388,425,676 'assum':70 'attack':13,23,75,119,126,127,255,273,309,397,534,666,781 'audit':267,296,703 'auth':57,453,747 'auth/authz':331,490 'authent':191 'autom':36 'aw':615 'awar':31 'azur':616 'bad':448 'base':373,499 'baselin':682 'bearer':608 'best':764 'blind':206,700 'boundari':329,843 'breach':71 'broken':148 'bucket':646 'build':170,277 'busi':134,336,390,544,733 'bypass':748 'catch':477 'catch-al':476 'categori':142,144,315 'caus':248,688,729 'chain':11,167,238,252,535 'chang':221 'check':332,416,472,639 'checklist':61 'checklists.md':52,53 'checksum':293 'ci/cd':169,279 'clarif':837 'classif':742 'clear':541,716,810 'close':443,451 'cloud':614,620,637 'cloud-specif':636 'cloud/container':233 'code':521,549,570,704 'command':184 'commit':276 'compromis':280 'concat':561 'condit':212,244,434,488,761 'config':234 'configur':517 'consequ':734 'consid':424 'consider':622 'context':367,391 'continu':693 'control':150,230 'core':66 'credenti':194,610 'criteria':744,846 'critic':302,347,412,745 'crypto':176 'cryptograph':173 'cve':672 'cvss':366,371,417,418,421,427 'data':59,202,323,337,510,630,750,753 'decis':403 'default':160 'defend':24 'defens':84,288 'deni':102,457 'dep':269,303,699 'depend':168,262,519,633,634 'deploy':692 'depth':86 'describ':798,814 'descript':718 'deseri':577 'design':72,187 'disabl':589 'discoveri':513 'dynam':569 'element':316 'elev':232 'elimin':531 'endpoint':725 'entri':317,508 'entropi':605 'environ':826 'environment-specif':825 'epss':380,409 'error':101,213,454,482 'escal':756 'eval':573 'everi':671 'exact':721 'except':211,243,433,473 'exec':574 'execut':34,571,793 'exhaust':492 'expert':27,64,771,831 'explan':730 'exploit':382,387,408,675 'expos':162,177 'exposur':396,751,754 'face':401 'factor':368 'fail':98,216,438,442,446,450,460 'fail-clos':441,449 'fail-open':215,437,445 'failur':174,192,198 'fals':529,593,678 'file':49,50,271,321,587,723 'find':540,708,711,769 'first':668 'fix':683,738 'flaw':188 'flow':324,511 'focus':240,245 'forev':467 'form':320 'function':575 'gcp':617 'good':452 'group':649 'guidanc':547 'handl':214,483 'handler':474 'header':161 'high':343,345,348,352,355,420,553,604,752 'high-risk':552 'iam':640 'identifi':514 'idor':155 'ignor':480,677 'immedi':413 'impact':133,342,344,349,354,359,545,732 'indic':598 'inform':763 'infrastructur':635 'inject':180,564 'input':182,325,462,464,568,585,840 'insecur':186,594 'insid':77 'integr':171,197,272,292,702 'internet':400 'internet-fac':399 'issu':516,770 'jwt':609 'key':220,600,602,613 'landscap':30 'later':431 'layer':88,625 'least':92,641 'like':21,25 'likelihood':341,346,351,356,361,383 'limit':468,758,802 'line':724 'locat':722 'lock':270 'log':204 'look':558 'low':350,353,358,360,362,762 'maintain':680 'major':239 'malici':263 'manag':195,654 'manipul':582 'map':15,311,314,536,665 'mass':749 'match':811 'matrix':339 'matter':775 'medium':357,757 'merg':226 'methodolog':496 'mindset':65 'minimum':94 'misconfigur':159 'miss':481,848 'model':105 'modifi':283 'monitor':209 'multipl':87 'network':647 'never':80 'new':236,242,268,436 'open':217,439,447 'oper':486 'os/runtime':632 'output':327,820 'overview':801 'owasp':8,54,137 'own':629 'packag':264,291 'pars':459 'parti':698 'password':611 'path':581,588 'pattern':522,550,555,556,596,658 'permiss':841 'phase':498 'phase-bas':497 'pickle.loads':579 'pii':335 'pin':294 'pipelin':278 'point':91,318,509 'posit':530,679 'potenti':515 'practic':765 'prefix':618 'principl':7,44,67,68,289,707 'priorit':17,338,365,402,528,673,773 'privat':299 'privileg':93,642,755 'process':326 'protect':60,114 'provid':628 'public':645 'purpos':39,51 'python':46 'queri':563 'question':106,259,370 'race':487 'rank':143 'rce':572,578,746 'reconnaiss':502 'refer':48 'registri':284,300 'reject':463 'remedi':546,740 'rememb':766 'report':538,706 'reproduct':542 'requir':95,760,839 'resourc':491 'respons':624 'retri':466 'review':518,832 'risk':16,135,141,258,340,364,395,532,554,557 'root':247,687,728 'runtim':32 'safeti':842 'scan':108,495,662,689,694,768 'scanner':3,19 'scenario':444,493 'schedul':429 'scope':759,813 'score':372,381,533 'script':33,38 'scripts/security_scan.py':41,47 'search':523 'secret':178,334,595,612,651,653 'secur':12,43,63,99,158,253,485,590,621,648 'select':565 'servic':163 'session':193 'sever':374,376,741,743 'share':623 'shift':224,246 'sign':304 'singl':90 'skill':789,805 'skill-vulnerability-scanner' 'softwar':165 'sourc':287 'source-sickn33' 'specif':638,739,827 'spot':207 'ssrf':156,225 'stack':507 'state':218 'step':543 'stop':833 'storag':644 'string':560 'structur':709 'substitut':823 'success':845 'suppli':10,166,237,251 'surfac':14,256,310,398,667 'symptom':249,684 'system':183 'tamper':201 'target':505 'task':809 'technolog':506 'test':829 'think':20,145,772 'third':697 'third-parti':696 'threat':29,104,120 'tighten':650 'timeout':465 'token':606,607 'top':55,138 'topic-agent-skills' 'topic-agentic-skills' 'topic-ai-agent-skills' 'topic-ai-agents' 'topic-ai-coding' 'topic-ai-workflows' 'topic-antigravity' 'topic-antigravity-skills' 'topic-claude-code' 'topic-claude-code-skills' 'topic-codex-cli' 'topic-codex-skills' 'travers':583 'treat':818 'tree':404 'trust':79,81,328,695 'type':597 'typosquat':285 'understand':503,664 'unsaf':576 'unseri':580 'unsign':199 'updat':200,297 'upload':322 'usag':40 'use':298,652,787,803 'user':181,567,584 'valid':37,42,526,828 'valu':389,426 'various':591 'vector':128,257 'verifi':83,286,290,306,592,681,701 'version':295 'vs':440 'vuln':379 'vulner':2,5,18,717,767 'vulnerability-scann':1 'weak':175 'weight':369 'without':663 'workflow':795 'would':118,124,779 'yes':411 'zero':78","prices":[{"id":"6dbae8c2-3956-46db-a5e8-51ac0b0ce607","listingId":"61a827a0-be5e-47e6-bb59-c0fb905ce04c","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"sickn33","category":"antigravity-awesome-skills","install_from":"skills.sh"},"createdAt":"2026-04-18T20:38:09.377Z"}],"sources":[{"listingId":"61a827a0-be5e-47e6-bb59-c0fb905ce04c","source":"github","sourceId":"sickn33/antigravity-awesome-skills/vulnerability-scanner","sourceUrl":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/vulnerability-scanner","isPrimary":false,"firstSeenAt":"2026-04-18T21:47:20.770Z","lastSeenAt":"2026-05-18T18:51:59.439Z"},{"listingId":"61a827a0-be5e-47e6-bb59-c0fb905ce04c","source":"skills_sh","sourceId":"sickn33/antigravity-awesome-skills/vulnerability-scanner","sourceUrl":"https://skills.sh/sickn33/antigravity-awesome-skills/vulnerability-scanner","isPrimary":true,"firstSeenAt":"2026-04-18T20:38:09.377Z","lastSeenAt":"2026-05-07T22:40:46.208Z"}],"details":{"listingId":"61a827a0-be5e-47e6-bb59-c0fb905ce04c","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"sickn33","slug":"vulnerability-scanner","github":{"repo":"sickn33/antigravity-awesome-skills","stars":37911,"topics":["agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding","ai-workflows","antigravity","antigravity-skills","claude-code","claude-code-skills","codex-cli","codex-skills","cursor","cursor-skills","developer-tools","gemini-cli","gemini-skills","kiro","mcp","skill-library"],"license":"mit","html_url":"https://github.com/sickn33/antigravity-awesome-skills","pushed_at":"2026-05-18T08:24:49Z","description":"Installable GitHub library of 1,400+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.","skill_md_sha":"1ed7085dbd1a5cda5c218e3e0f3a4ee8ddfa9004","skill_md_path":"skills/vulnerability-scanner/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/vulnerability-scanner"},"layout":"multi","source":"github","category":"antigravity-awesome-skills","frontmatter":{"name":"vulnerability-scanner","description":"Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization."},"skills_sh_url":"https://skills.sh/sickn33/antigravity-awesome-skills/vulnerability-scanner"},"updatedAt":"2026-05-18T18:51:59.439Z"}}