Skip to content

Vulnerability Scanner

Caution

Scan codebases for OWASP Top 10 vulnerabilities, insecure dependencies, and hardcoded secrets. Produces a prioritized vulnerability report with CVE references and remediation code examples.

By Anthropic 4,700 v1.3.0 Updated 2026-03-05

Install

Claude Code

Copy the SKILL.md file to .claude/skills/vulnerability-scanner.md

About This Skill

Vulnerability Scanner performs systematic static security analysis of your codebase, mapping findings to the OWASP Top 10 and producing actionable remediation guidance with concrete code fixes.

OWASP Top 10 Coverage

The skill checks for all ten OWASP categories: Injection (SQL, NoSQL, LDAP, command injection), Broken Authentication (weak session management, missing MFA paths), Sensitive Data Exposure (missing encryption, insecure transmission), XXE, Broken Access Control (IDOR patterns, missing authorization checks), Security Misconfiguration, XSS (reflected, stored, DOM-based), Insecure Deserialization, Known Vulnerable Components, and Insufficient Logging.

Dependency Scanning

Parses package.json, requirements.txt, pom.xml, Cargo.toml, and go.mod files to extract dependency versions. Maps versions to known CVEs from the NVD and GitHub Advisory Database. Recommends minimum safe versions with migration notes.

Secret Detection

Detects hardcoded API keys, database passwords, private keys, and tokens using pattern matching and entropy analysis. Classifies by service provider when possible (AWS, Stripe, GitHub, etc.).

Report Format

Produces: Critical/High/Medium/Low findings table, evidence snippets with file and line references, remediation code showing the vulnerable pattern alongside the secure fix, and a CVSS score for each finding.

Use Cases

  • Scanning a web application for SQL injection and XSS vulnerabilities
  • Auditing npm/pip/maven dependencies for known CVEs
  • Identifying hardcoded credentials and secrets in a codebase
  • Pre-release security review of a new API endpoint

Pros & Cons

Pros

  • + Maps all findings to OWASP Top 10 categories with CVE references
  • + Scans dependency manifests across npm, pip, Maven, and Cargo
  • + Provides remediation code showing the vulnerable and fixed patterns
  • + Detects hardcoded secrets with entropy analysis and provider classification

Cons

  • - Static analysis only; cannot detect runtime or logic-layer vulnerabilities
  • - False positive rate requires security engineer review before actioning all findings

Related AI Tools

Claude Code

Claude Code

Paid

Anthropic's agentic CLI for autonomous terminal-native coding workflows

  • Terminal-native autonomous coding agent
  • Full file system and shell access for multi-step tasks
  • Deep codebase understanding via repository indexing
View Pricing →
OpenAI Codex CLI

OpenAI Codex CLI

Open Source

OpenAI's open-source terminal coding agent with sandboxed execution

  • Three operating modes (suggest, auto-edit, full-auto)
  • OS-level sandboxed execution for safety
  • Optimized codex-mini model for low latency
View on GitHub →
GitHub Copilot

GitHub Copilot

Freemium

AI pair programmer that suggests code in real time across your IDE

  • Real-time code completions across 30+ languages
  • Copilot Chat for natural language code Q&A
  • Pull request description and summary generation
Get Started →

Related Skills

Compliance Checker

Verified
CC Cx

Audit codebases and infrastructure configurations against GDPR, SOC 2, PCI-DSS, and HIPAA requirements. Produces gap analysis reports with remediation steps prioritized by risk.

2,900 security
View

Secret Detector

Caution
CC Cu WS

Scans codebases, configuration files, and git history for exposed credentials, API keys, tokens, and other sensitive secrets that should not be committed.

3,280 security
View

Stay Updated on Agent Skills

Get weekly curated skills + safety alerts

每周精选 Skills + 安全预警