>_
Marketplace

vulnerability-patterns

Index of vulnerability detection pattern skills. Routes to core patterns (universal) and language-specific patterns for security scanning.

$ 安裝

git clone https://github.com/Zate/cc-plugins /tmp/cc-plugins && cp -r /tmp/cc-plugins/plugins/security/skills/vulnerability-patterns ~/.claude/skills/cc-plugins

// tip: Run this command in your terminal to install the skill

SKILL.md
View on GitHub →

name: vulnerability-patterns description: Index of vulnerability detection pattern skills. Routes to core patterns (universal) and language-specific patterns for security scanning.

Vulnerability Patterns

This skill is an index to modular detection pattern skills. Use the specialized skills for focused scanning.

When to Use This Skill

  • Finding the right pattern skill - Use this index to route appropriately
  • Overview of detection capabilities - Quick reference of what's available

When NOT to Use This Skill

  • Actual vulnerability scanning - Use the specialized skills directly
  • Remediation guidance - Use remediation-* skills
  • Full security audits - Use domain auditor agents

Specialized Pattern Skills

vuln-patterns-core

Covers: Universal patterns, configuration files, quick scan scripts Languages: All (cross-language patterns) Use when: Scanning any codebase, config audits, hook integration

Includes:

  • Hardcoded secrets (API keys, AWS keys, private keys)
  • SQL injection (universal patterns)
  • Command injection (universal patterns)
  • Path traversal
  • Configuration file patterns (.env, Docker)
  • Quick scan script
  • Hook integration guidance

vuln-patterns-languages

Covers: Language-specific vulnerability patterns Languages: JavaScript/TypeScript, Python, Go, Java, Ruby, PHP Use when: Targeting specific tech stacks, code review

Includes:

  • JavaScript: eval(), XSS, prototype pollution
  • Python: pickle, yaml.load, weak crypto
  • Go: fmt.Sprintf SQL, InsecureSkipVerify
  • Java: ObjectInputStream, XXE, createStatement
  • Ruby: backticks, Rails SQL, mass assignment
  • PHP: unserialize, include, mysql_query

Quick Routing Guide

What You're Looking ForSkill to Use
Hardcoded secretsvuln-patterns-core
SQL injection (any language)vuln-patterns-core
Command injection (any)vuln-patterns-core
Path traversalvuln-patterns-core
Docker/config issuesvuln-patterns-core
JavaScript XSSvuln-patterns-languages
Python pickle/yamlvuln-patterns-languages
Java deserializationvuln-patterns-languages
Go TLS issuesvuln-patterns-languages
Ruby Rails patternsvuln-patterns-languages
PHP include/requirevuln-patterns-languages

Pattern Categories by OWASP

OWASP 2021SkillKey Patterns
A01 Access ControlCore + LanguagesPath traversal, authorization
A02 Crypto FailuresLanguagesMD5, SHA1, weak random
A03 InjectionCoreSQL, command, XSS
A05 Security MisconfigCoreDebug mode, headers
A07 Auth FailuresCoreHardcoded credentials
A08 Data IntegrityLanguagesDeserialization

Integration

For live security hooks, use vuln-patterns-core which includes:

  • Hook integration guidance
  • Pattern matching priorities
  • False positive mitigation strategies
  • Quick scan script for rapid detection

See Also

  • asvs-requirements - Full ASVS requirement details
  • remediation-library - Index to fix patterns
  • remediation-injection - Injection fixes
  • remediation-crypto - Cryptography fixes

Repository

Zate
Zate
Author
Zate/cc-plugins/plugins/security/skills/vulnerability-patterns
1
Stars
0
Forks
Updated3d ago
Added1w ago

Actions

View on GitHubDownload ZIPReport Issue

Related Skills

skill-creator
openai/codex
54.7k
Plugin Settings
anthropics/claude-code
47.9k
MCP Integration
anthropics/claude-code
47.9k
payload
payloadcms/payload
39.0k
creating-financial-models
anthropics/claude-cookbooks
28.3k