vulnerability-patterns
Index of vulnerability detection pattern skills. Routes to core patterns (universal) and language-specific patterns for security scanning.
Best use case
vulnerability-patterns is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Index of vulnerability detection pattern skills. Routes to core patterns (universal) and language-specific patterns for security scanning.
Teams using vulnerability-patterns should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/vulnerability-patterns/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How vulnerability-patterns Compares
| Feature / Agent | vulnerability-patterns | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Index of vulnerability detection pattern skills. Routes to core patterns (universal) and language-specific patterns for security scanning.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Vulnerability Patterns This skill is an index to modular detection pattern skills. Use the specialized skills for focused scanning. ## When to Use This Skill - **Finding the right pattern skill** - Use this index to route appropriately - **Overview of detection capabilities** - Quick reference of what's available ## When NOT to Use This Skill - **Actual vulnerability scanning** - Use the specialized skills directly - **Remediation guidance** - Use remediation-* skills - **Full security audits** - Use domain auditor agents --- ## Specialized Pattern Skills ### `vuln-patterns-core` **Covers**: Universal patterns, configuration files, quick scan scripts **Languages**: All (cross-language patterns) **Use when**: Scanning any codebase, config audits, hook integration Includes: - Hardcoded secrets (API keys, AWS keys, private keys) - SQL injection (universal patterns) - Command injection (universal patterns) - Path traversal - Configuration file patterns (.env, Docker) - Quick scan script - Hook integration guidance ### `vuln-patterns-languages` **Covers**: Language-specific vulnerability patterns **Languages**: JavaScript/TypeScript, Python, Go, Java, Ruby, PHP **Use when**: Targeting specific tech stacks, code review Includes: - JavaScript: eval(), XSS, prototype pollution - Python: pickle, yaml.load, weak crypto - Go: fmt.Sprintf SQL, InsecureSkipVerify - Java: ObjectInputStream, XXE, createStatement - Ruby: backticks, Rails SQL, mass assignment - PHP: unserialize, include, mysql_query --- ## Quick Routing Guide | What You're Looking For | Skill to Use | |-------------------------|--------------| | Hardcoded secrets | `vuln-patterns-core` | | SQL injection (any language) | `vuln-patterns-core` | | Command injection (any) | `vuln-patterns-core` | | Path traversal | `vuln-patterns-core` | | Docker/config issues | `vuln-patterns-core` | | JavaScript XSS | `vuln-patterns-languages` | | Python pickle/yaml | `vuln-patterns-languages` | | Java deserialization | `vuln-patterns-languages` | | Go TLS issues | `vuln-patterns-languages` | | Ruby Rails patterns | `vuln-patterns-languages` | | PHP include/require | `vuln-patterns-languages` | --- ## Pattern Categories by OWASP | OWASP 2021 | Skill | Key Patterns | |------------|-------|--------------| | A01 Access Control | Core + Languages | Path traversal, authorization | | A02 Crypto Failures | Languages | MD5, SHA1, weak random | | A03 Injection | Core | SQL, command, XSS | | A05 Security Misconfig | Core | Debug mode, headers | | A07 Auth Failures | Core | Hardcoded credentials | | A08 Data Integrity | Languages | Deserialization | --- ## Integration For live security hooks, use `vuln-patterns-core` which includes: - Hook integration guidance - Pattern matching priorities - False positive mitigation strategies - Quick scan script for rapid detection --- ## See Also - `asvs-requirements` - Full ASVS requirement details - `remediation-library` - Index to fix patterns - `remediation-injection` - Injection fixes - `remediation-crypto` - Cryptography fixes
Related Skills
vuln-patterns-languages
Language-specific vulnerability detection patterns for JavaScript/TypeScript, Python, Go, Java, Ruby, and PHP. Provides regex patterns and grep commands for common security vulnerabilities.
vuln-patterns-core
Universal vulnerability detection patterns applicable across all programming languages. Includes hardcoded secrets, SQL/command injection, path traversal, and configuration file patterns.
Example Skill
Brief description of what this skill does and the domain expertise it provides.
scan
Run a security assessment using deterministic static analysis tools with LLM-powered triage
results
View the most recent security scan results without re-running the scan
remediation-library
Index of security remediation skills. Routes to specialized skills for injection, cryptography, authentication, and configuration vulnerabilities.
remediation-injection
Security fix patterns for injection vulnerabilities (SQL, Command, XSS). Provides language-specific code examples showing vulnerable and secure implementations.
remediation-crypto
Security fix patterns for cryptographic vulnerabilities (weak algorithms, insecure randomness, TLS issues). Provides language-specific secure implementations.
remediation-config
Security fix patterns for configuration and deployment vulnerabilities (path traversal, debug mode, security headers). Provides language-specific secure implementations.
remediation-auth
Security fix patterns for authentication and authorization vulnerabilities (credentials, JWT, deserialization, access control). Provides language-specific secure implementations.
fix
Fix or guide remediation for a specific security finding from the latest scan report
baseline
Create or update the project security baseline, profile, suppressions file, and gitignore entries for security scans