AgentSkillsCN

vulnerability-scanner

扫描代码中的安全漏洞,识别 CVE 模式,并根据漏洞严重程度提供修复建议。当您需要扫描安全问题、查找代码漏洞,或应对 OWASP 十大常见威胁时,可使用此功能。

SKILL.md
--- frontmatter
name: vulnerability-scanner
description: Scans code for security vulnerabilities, identifies CVE patterns, and provides severity ratings with remediation guidance. Use when scanning for security issues, code vulnerabilities, or OWASP top 10 problems.

Vulnerability Scanner

Quick Start

Scan a codebase for common vulnerabilities:

bash
# For JavaScript/TypeScript
npx eslint --plugin security .

# For Python
bandit -r . -f json

# For general patterns
grep -rn "eval\|exec\|system\|shell" --include="*.py" --include="*.js"

Instructions

Step 1: Identify Project Type

Detect the technology stack:

  • Check for package.json (Node.js)
  • Check for requirements.txt or pyproject.toml (Python)
  • Check for go.mod (Go)
  • Check for Cargo.toml (Rust)

Step 2: Run Static Analysis

JavaScript/TypeScript:

bash
npx eslint --plugin security --ext .js,.ts,.jsx,.tsx .

Python:

bash
pip install bandit
bandit -r . -f json -o bandit-report.json

Go:

bash
go install golang.org/x/vuln/cmd/govulncheck@latest
govulncheck ./...

Step 3: Check for Common Patterns

Scan for dangerous patterns:

PatternRiskLanguages
eval()Code injectionJS, Python
exec()Command injectionPython
shell=TrueCommand injectionPython
dangerouslySetInnerHTMLXSSReact
SQL string concatenationSQL injectionAll
pickle.loads()DeserializationPython

Step 4: Categorize Findings

Assign severity based on:

  • Critical: Remote code execution, authentication bypass
  • High: SQL injection, XSS, SSRF
  • Medium: Information disclosure, CSRF
  • Low: Missing headers, verbose errors

Step 5: Generate Report

Format findings:

code
## Security Scan Results

### Critical (0)
[None found]

### High (2)
1. **SQL Injection** - src/db/queries.js:45
   - Pattern: String concatenation in SQL query
   - Fix: Use parameterized queries

2. **XSS Vulnerability** - src/components/Comment.jsx:23
   - Pattern: dangerouslySetInnerHTML with user input
   - Fix: Sanitize input with DOMPurify

Common Vulnerability Patterns

Injection Flaws

javascript
// BAD: SQL Injection
const query = `SELECT * FROM users WHERE id = ${userId}`;

// GOOD: Parameterized query
const query = 'SELECT * FROM users WHERE id = ?';
db.query(query, [userId]);

Cross-Site Scripting (XSS)

javascript
// BAD: Direct HTML insertion
element.innerHTML = userInput;

// GOOD: Text content or sanitization
element.textContent = userInput;
// or
element.innerHTML = DOMPurify.sanitize(userInput);

Advanced

For detailed information, see: