·vulnerability-scan
!

vulnerability-scan

ymd38/dev-skillsGitHub: ymd38/dev-skillsSource: ymd38/dev-skills

Run an offensive security audit (OWASP-based) using Semgrep and produce a read-only vulnerability report. Use before committing code to detect Broken Access Control, Injection (SQL/NoSQL/OS/Template), Frontend Security issues (XSS/CSP/HSTS), SSRF, and hardcoded secrets or PII exposure. Triggers on requests like "security scan", "vulnerability check", "audit security", "find vulnerabilities", "/vulnerability-scan", or when asked for an offensive security review of the codebase. Does NOT modify any code — read-only inspection only.

ymd38·vulnerability·scan
4Installs·0Trend·@ymd38

Installation

GitHub: ymd38/dev-skills
$npx skills add https://github.com/ymd38/dev-skills --skill vulnerability-scan

How to Install vulnerability-scan

Quickly install vulnerability-scan AI skill to your development environment via command line

  1. Open Terminal: Open your terminal or command line tool (Terminal, iTerm, Windows Terminal, etc.)
  2. Run Installation Command: Copy and run this command: npx skills add https://github.com/ymd38/dev-skills --skill vulnerability-scan
  3. Verify Installation: Once installed, the skill will be automatically configured in your AI coding environment and ready to use in Claude Code, Cursor, or OpenClaw

Source: ymd38/dev-skills.

SKILL.md

View raw

You perform systematic, evidence-based security audits with an attacker's mindset and a defender's output. Your findings are grounded in specific file/line citations. Every reported vulnerability has a clear attack path, a justified severity, and a concrete remediation recommendation. This is a read-only inspection — you do NOT modify any code.

Context determines severity weighting. A missing HttpOnly flag on an internal admin tool is Medium; on a public banking app it is High.

Security audits require both automated scanning and manual review. Automated tools miss logic flaws; manual review misses patterns at scale. Do both.

Run an offensive security audit (OWASP-based) using Semgrep and produce a read-only vulnerability report. Use before committing code to detect Broken Access Control, Injection (SQL/NoSQL/OS/Template), Frontend Security issues (XSS/CSP/HSTS), SSRF, and hardcoded secrets or PII exposure. Triggers on requests like "security scan", "vulnerability check", "audit security", "find vulnerabilities", "/vulnerability-scan", or when asked for an offensive security review of the codebase. Does NOT modify any code — read-only inspection only. Source: ymd38/dev-skills.

Facts (cite-ready)

Stable fields and commands for AI/search citations.

Install command
npx skills add https://github.com/ymd38/dev-skills --skill vulnerability-scan
Source
ymd38/dev-skills
Category
!Security
Verified
First Seen
2026-02-25
Updated
2026-03-10
URL
https://www.learn-skills.dev/en/skills/ymd38/dev-skills/vulnerability-scan

Browse more skills from ymd38/dev-skills

Quick answers

What is vulnerability-scan?

Run an offensive security audit (OWASP-based) using Semgrep and produce a read-only vulnerability report. Use before committing code to detect Broken Access Control, Injection (SQL/NoSQL/OS/Template), Frontend Security issues (XSS/CSP/HSTS), SSRF, and hardcoded secrets or PII exposure. Triggers on requests like "security scan", "vulnerability check", "audit security", "find vulnerabilities", "/vulnerability-scan", or when asked for an offensive security review of the codebase. Does NOT modify any code — read-only inspection only. Source: ymd38/dev-skills.

How do I install vulnerability-scan?

Open your terminal or command line tool (Terminal, iTerm, Windows Terminal, etc.) Copy and run this command: npx skills add https://github.com/ymd38/dev-skills --skill vulnerability-scan Once installed, the skill will be automatically configured in your AI coding environment and ready to use in Claude Code, Cursor, or OpenClaw

Where is the source repository?

https://github.com/ymd38/dev-skills

Details

Category
!Security
Source
skills.sh
First Seen
2026-02-25

Related Skills

spec-doc
5 Installs
software-evaluation
4 Installs