scanning-for-vulnerabilities
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseVulnerability Scanner
漏洞扫描器
This skill provides automated assistance for vulnerability scanner tasks.
该Skill可为漏洞扫描任务提供自动化辅助。
Overview
概述
This skill empowers Claude to automatically scan your codebase for security vulnerabilities. It leverages the vulnerability-scanner plugin to identify potential risks, including code-level flaws, vulnerable dependencies, and insecure configurations.
该Skill使Claude能够自动扫描您的代码库以查找安全漏洞。它借助vulnerability-scanner插件识别潜在风险,包括代码层面的缺陷、存在漏洞的依赖项以及不安全的配置。
How It Works
工作原理
- Initiate Scan: The skill activates the vulnerability-scanner plugin based on user input.
- Perform Analysis: The plugin scans the codebase, dependencies, and configurations for vulnerabilities, including CVE detection.
- Generate Report: The plugin creates a detailed vulnerability report with findings, severity levels, and remediation guidance.
- 启动扫描:根据用户输入激活vulnerability-scanner插件。
- 执行分析:插件扫描代码库、依赖项和配置以查找漏洞,包括CVE检测。
- 生成报告:插件创建包含检测结果、严重程度等级和修复指导的详细漏洞报告。
When to Use This Skill
使用场景
This skill activates when you need to:
- Identify security vulnerabilities in your code.
- Check your project's dependencies for known CVEs.
- Review your project's configurations for security weaknesses.
当您需要以下操作时,可激活该Skill:
- 识别代码中的安全漏洞。
- 检查项目依赖项是否存在已知CVE。
- 审查项目配置中的安全弱点。
Examples
示例
Example 1: Identifying SQL Injection Risks
示例1:识别SQL注入风险
User request: "Scan my code for SQL injection vulnerabilities."
The skill will:
- Activate the vulnerability-scanner plugin.
- Analyze the codebase for potential SQL injection flaws.
- Generate a report highlighting any identified SQL injection risks and providing remediation steps.
用户请求:"扫描我的代码以查找SQL注入漏洞。"
该Skill将:
- 激活vulnerability-scanner插件。
- 分析代码库以查找潜在的SQL注入缺陷。
- 生成报告,突出显示任何已识别的SQL注入风险并提供修复步骤。
Example 2: Checking for Vulnerable npm Packages
示例2:检查存在漏洞的npm包
User request: "Check my project's npm dependencies for known vulnerabilities."
The skill will:
- Activate the vulnerability-scanner plugin.
- Scan the project's file and identify any npm packages with known CVEs.
package.json - Generate a report listing the vulnerable packages, their CVE identifiers, and recommended updates.
用户请求:"检查我的项目npm依赖项是否存在已知漏洞。"
该Skill将:
- 激活vulnerability-scanner插件。
- 扫描项目的文件,识别任何存在已知CVE的npm包。
package.json - 生成报告,列出存在漏洞的包、它们的CVE标识符以及推荐的更新版本。
Best Practices
最佳实践
- Regular Scanning: Run vulnerability scans regularly, especially before deployments.
- Prioritize Remediation: Focus on addressing critical and high-severity vulnerabilities first.
- Validate Fixes: After applying fixes, run another scan to ensure the vulnerabilities are resolved.
- 定期扫描:定期运行漏洞扫描,尤其是在部署前。
- 优先修复:优先处理严重和高危漏洞。
- 验证修复:应用修复后,再次运行扫描以确保漏洞已解决。
Integration
集成
This skill integrates with the core Claude Code environment by providing automated vulnerability scanning capabilities. It can be used in conjunction with other plugins to create a comprehensive security workflow, such as integrating with a ticketing system to automatically create tickets for identified vulnerabilities.
该Skill通过提供自动化漏洞扫描功能与核心Claude Code环境集成。它可与其他插件结合使用,构建全面的安全工作流,例如与工单系统集成,自动为识别出的漏洞创建工单。
Prerequisites
前提条件
- Appropriate file access permissions
- Required dependencies installed
- 具备适当的文件访问权限
- 已安装所需依赖项
Instructions
操作步骤
- Invoke this skill when the trigger conditions are met
- Provide necessary context and parameters
- Review the generated output
- Apply modifications as needed
- 当触发条件满足时调用该Skill
- 提供必要的上下文和参数
- 审查生成的输出
- 根据需要进行修改
Output
输出
The skill produces structured output relevant to the task.
该Skill生成与任务相关的结构化输出。
Error Handling
错误处理
- Invalid input: Prompts for correction
- Missing dependencies: Lists required components
- Permission errors: Suggests remediation steps
- 无效输入:提示用户更正
- 缺少依赖项:列出所需组件
- 权限错误:建议修复步骤
Resources
资源
- Project documentation
- Related skills and commands
- 项目文档
- 相关Skill和命令