Marketplace

scan-vulnerabilities

Detect security vulnerabilities in code and dependencies. Use when auditing security.

$ インストール

git clone https://github.com/mvillmow/ProjectOdyssey /tmp/ProjectOdyssey && cp -r /tmp/ProjectOdyssey/.claude/skills/tier-2/scan-vulnerabilities ~/.claude/skills/ProjectOdyssey

// tip: Run this command in your terminal to install the skill

SKILL.md

View on GitHub →

name: scan-vulnerabilities description: "Detect security vulnerabilities in code and dependencies. Use when auditing security." mcp_fallback: none category: security tier: 2 user-invocable: false

Scan Vulnerabilities

Systematically scan code for security vulnerabilities including unsafe patterns, known CVEs, and potential exploits.

When to Use

Regular security audits
Before releasing code to production
When updating dependencies
In CI/CD security checks

Quick Reference

# Python security scanning
pip install bandit safety

# Scan code for security issues
bandit -r . -ll

# Check for known vulnerabilities in dependencies
safety check

# Advanced: SAST scanning
python3 -m pip install semgrep
semgrep --config=p/security-audit --json .

Workflow

Scan code for issues: Identify unsafe patterns (SQL injection, exec, hardcoded secrets)
Check dependencies: Scan for known vulnerabilities (CVEs)
Review findings: Analyze severity and exploitability
Prioritize fixes: Address critical/high severity issues first
Document fixes: Record how vulnerabilities were resolved

Output Format

Security scan report:

Vulnerability type (SQL injection, hardcoded secret, etc.)
Location (file, line number)
Severity (critical/high/medium/low)
CVSS score (if applicable)
Vulnerable dependency version (if applicable)
Recommended fix
Fixed version (if dependency)

References

See CLAUDE.md > Security standards for security guidelines
See quality-security-scan skill for automated CI scanning
OWASP Top 10 for common vulnerability categories