vulnerability-scanner

Original：🇺🇸 English

Translated

Scans code for security vulnerabilities, identifies CVE patterns, and provides severity ratings with remediation guidance. Use when scanning for security issues, code vulnerabilities, or OWASP top 10 problems.

1installs

Sourcearmanzeroeight/fastagent-plugins

Added on2026-02-07

NPX Install

npx skill4agent add armanzeroeight/fastagent-plugins vulnerability-scanner

SKILL.md Content

View Translation Comparison →

Vulnerability Scanner

Quick Start

Scan a codebase for common vulnerabilities:

bash

# For JavaScript/TypeScript
npx eslint --plugin security .

# For Python
bandit -r . -f json

# For general patterns
grep -rn "eval\|exec\|system\|shell" --include="*.py" --include="*.js"

Instructions

Step 1: Identify Project Type

Detect the technology stack:

Check for
```
package.json
```
(Node.js)
Check for
```
requirements.txt
```
or
```
pyproject.toml
```
(Python)
Check for
```
go.mod
```
(Go)
Check for
```
Cargo.toml
```
(Rust)

Step 2: Run Static Analysis

JavaScript/TypeScript:

bash

npx eslint --plugin security --ext .js,.ts,.jsx,.tsx .

Python:

bash

pip install bandit
bandit -r . -f json -o bandit-report.json

Go:

bash

go install golang.org/x/vuln/cmd/govulncheck@latest
govulncheck ./...

Step 3: Check for Common Patterns

Scan for dangerous patterns:

Pattern	Risk	Languages
`eval()`	Code injection	JS, Python
`exec()`	Command injection	Python
`shell=True`	Command injection	Python
`dangerouslySetInnerHTML`	XSS	React
SQL string concatenation	SQL injection	All
`pickle.loads()`	Deserialization	Python

Step 4: Categorize Findings

Assign severity based on:

Critical: Remote code execution, authentication bypass
High: SQL injection, XSS, SSRF
Medium: Information disclosure, CSRF
Low: Missing headers, verbose errors

Step 5: Generate Report

Format findings:

## Security Scan Results

### Critical (0)
[None found]

### High (2)
1. **SQL Injection** - src/db/queries.js:45
   - Pattern: String concatenation in SQL query
   - Fix: Use parameterized queries

2. **XSS Vulnerability** - src/components/Comment.jsx:23
   - Pattern: dangerouslySetInnerHTML with user input
   - Fix: Sanitize input with DOMPurify

Common Vulnerability Patterns

Injection Flaws

javascript

// BAD: SQL Injection
const query = `SELECT * FROM users WHERE id = ${userId}`;

// GOOD: Parameterized query
const query = 'SELECT * FROM users WHERE id = ?';
db.query(query, [userId]);

Cross-Site Scripting (XSS)

javascript

// BAD: Direct HTML insertion
element.innerHTML = userInput;

// GOOD: Text content or sanitization
element.textContent = userInput;
// or
element.innerHTML = DOMPurify.sanitize(userInput);

Advanced

For detailed information, see:

CVE Patterns - Common vulnerability patterns by type
Remediation Guide - Fix strategies for each vulnerability type
Tools Reference - Security scanning tools by language

vulnerability-scanner

NPX Install

Tags

SKILL.md Content

Vulnerability Scanner

Quick Start

Instructions

Step 1: Identify Project Type

Step 2: Run Static Analysis

Step 3: Check for Common Patterns

Step 4: Categorize Findings

Step 5: Generate Report

Common Vulnerability Patterns

Injection Flaws

Cross-Site Scripting (XSS)

Advanced