Agent skill

vulnerability-patterns

Index of vulnerability detection pattern skills. Routes to core patterns (universal) and language-specific patterns for security scanning.

View SKILL.md on GitHub Repository
Stars 163
Forks 31

Install this agent skill to your Project

npx add-skill https://github.com/majiayu000/claude-skill-registry/tree/main/skills/security/vulnerability-patterns-zate-cc-plugins

SKILL.md

Vulnerability Patterns

This skill is an index to modular detection pattern skills. Use the specialized skills for focused scanning.

When to Use This Skill

  • Finding the right pattern skill - Use this index to route appropriately
  • Overview of detection capabilities - Quick reference of what's available

When NOT to Use This Skill

  • Actual vulnerability scanning - Use the specialized skills directly
  • Remediation guidance - Use remediation-* skills
  • Full security audits - Use domain auditor agents

Specialized Pattern Skills

vuln-patterns-core

Covers: Universal patterns, configuration files, quick scan scripts Languages: All (cross-language patterns) Use when: Scanning any codebase, config audits, hook integration

Includes:

  • Hardcoded secrets (API keys, AWS keys, private keys)
  • SQL injection (universal patterns)
  • Command injection (universal patterns)
  • Path traversal
  • Configuration file patterns (.env, Docker)
  • Quick scan script
  • Hook integration guidance

vuln-patterns-languages

Covers: Language-specific vulnerability patterns Languages: JavaScript/TypeScript, Python, Go, Java, Ruby, PHP Use when: Targeting specific tech stacks, code review

Includes:

  • JavaScript: eval(), XSS, prototype pollution
  • Python: pickle, yaml.load, weak crypto
  • Go: fmt.Sprintf SQL, InsecureSkipVerify
  • Java: ObjectInputStream, XXE, createStatement
  • Ruby: backticks, Rails SQL, mass assignment
  • PHP: unserialize, include, mysql_query

Quick Routing Guide

What You're Looking For Skill to Use
Hardcoded secrets vuln-patterns-core
SQL injection (any language) vuln-patterns-core
Command injection (any) vuln-patterns-core
Path traversal vuln-patterns-core
Docker/config issues vuln-patterns-core
JavaScript XSS vuln-patterns-languages
Python pickle/yaml vuln-patterns-languages
Java deserialization vuln-patterns-languages
Go TLS issues vuln-patterns-languages
Ruby Rails patterns vuln-patterns-languages
PHP include/require vuln-patterns-languages

Pattern Categories by OWASP

OWASP 2021 Skill Key Patterns
A01 Access Control Core + Languages Path traversal, authorization
A02 Crypto Failures Languages MD5, SHA1, weak random
A03 Injection Core SQL, command, XSS
A05 Security Misconfig Core Debug mode, headers
A07 Auth Failures Core Hardcoded credentials
A08 Data Integrity Languages Deserialization

Integration

For live security hooks, use vuln-patterns-core which includes:

  • Hook integration guidance
  • Pattern matching priorities
  • False positive mitigation strategies
  • Quick scan script for rapid detection

See Also

  • asvs-requirements - Full ASVS requirement details
  • remediation-library - Index to fix patterns
  • remediation-injection - Injection fixes
  • remediation-crypto - Cryptography fixes

Didn't find tool you were looking for?

Be as detailed as possible for better results