Name: Scan Vulnerabilities
Author: mvillmow

name	scan-vulnerabilities
description	Detect security vulnerabilities in code and dependencies. Use when auditing security.
mcp_fallback	none
category	security
tier	2

Scan Vulnerabilities

Systematically scan code for security vulnerabilities including unsafe patterns, known CVEs, and potential exploits.

When to Use

Regular security audits
Before releasing code to production
When updating dependencies
In CI/CD security checks

Quick Reference

# Python security scanning
pip install bandit safety

# Scan code for security issues
bandit -r . -ll

# Check for known vulnerabilities in dependencies
safety check

# Advanced: SAST scanning
python3 -m pip install semgrep
semgrep --config=p/security-audit --json .

Workflow

Scan code for issues: Identify unsafe patterns (SQL injection, exec, hardcoded secrets)
Check dependencies: Scan for known vulnerabilities (CVEs)
Review findings: Analyze severity and exploitability
Prioritize fixes: Address critical/high severity issues first
Document fixes: Record how vulnerabilities were resolved

Output Format

Security scan report:

Vulnerability type (SQL injection, hardcoded secret, etc.)
Location (file, line number)
Severity (critical/high/medium/low)
CVSS score (if applicable)
Vulnerable dependency version (if applicable)
Recommended fix
Fixed version (if dependency)

References

See CLAUDE.md > Security standards for security guidelines
See quality-security-scan skill for automated CI scanning
OWASP Top 10 for common vulnerability categories

name	scan-vulnerabilities
description	Detect security vulnerabilities in code and dependencies. Use when auditing security.
mcp_fallback	none
category	security
tier	2

Scan Vulnerabilities

Systematically scan code for security vulnerabilities including unsafe patterns, known CVEs, and potential exploits.

When to Use

Regular security audits
Before releasing code to production
When updating dependencies
In CI/CD security checks

Quick Reference

# Python security scanning
pip install bandit safety

# Scan code for security issues
bandit -r . -ll

# Check for known vulnerabilities in dependencies
safety check

# Advanced: SAST scanning
python3 -m pip install semgrep
semgrep --config=p/security-audit --json .

Workflow

Scan code for issues: Identify unsafe patterns (SQL injection, exec, hardcoded secrets)
Check dependencies: Scan for known vulnerabilities (CVEs)
Review findings: Analyze severity and exploitability
Prioritize fixes: Address critical/high severity issues first
Document fixes: Record how vulnerabilities were resolved

Output Format

Security scan report:

Vulnerability type (SQL injection, hardcoded secret, etc.)
Location (file, line number)
Severity (critical/high/medium/low)
CVSS score (if applicable)
Vulnerable dependency version (if applicable)
Recommended fix
Fixed version (if dependency)

References

See CLAUDE.md > Security standards for security guidelines
See quality-security-scan skill for automated CI scanning
OWASP Top 10 for common vulnerability categories

scan-vulnerabilities

Scan Vulnerabilities

When to Use

Quick Reference

Workflow

Output Format

References

Scan Vulnerabilities

When to Use

Quick Reference

Workflow

Output Format

References