AI-powered whitebox penetration testing plugin for Claude Code. 9 languages, 27 skills, 8 autonomous agents. STRIDE threat modeling, hotspot-aware findings, SARIF output, and polyglot monorepo support.
npx claudepluginhub allsmog/vuln-scout --plugin vuln-scoutAuto-remediate verified findings by generating patches and optionally creating a PR
Create a custom Semgrep detection rule from a confirmed vulnerability pattern
Compare security posture between two git refs to find new/fixed vulnerabilities and track regression
Security mutation testing -- weaken security controls and check if the scanner detects the resulting vulnerability
Pattern propagation - find all instances of a vulnerability pattern throughout the codebase
Generate report output from `.claude/findings.json` in markdown, json, SARIF, or interactive HTML
Run Semgrep, CodeQL, and Joern scan branches and emit a shared findings artifact
Prepare focused analysis scope for large codebases, list workspaces in monorepos
Search for dangerous functions (sinks) and auto-discover output patterns
Application understanding + threat modeling - maps architecture, generates DFDs, performs STRIDE analysis
Trace data flow from sources to a specific sink with explicit evidence requirements
Verify findings with Joern plus code review and update the shared findings artifact
Use this agent when the user asks to "understand the application", "map the codebase", "analyze the architecture", "identify trust boundaries", "map user roles", or needs to build comprehensive application understanding before vulnerability hunting.
Autonomous attack vector exploration agent that hypothesizes novel attack vectors, tests them against the codebase, and iterates. Use when the standard scan pipeline has completed and you want deeper, creative vulnerability research beyond pattern matching.
Use this agent when the user asks to "review code for security", "find vulnerabilities", "security audit", "analyze for security issues", or when exploring a codebase with security concerns.
Use this agent to verify security findings and eliminate false positives. Analyzes code context, data flow paths, and exploitability with structured evidence to determine if a finding is a true positive or false positive.
Use this agent when the user wants to "test a vulnerability", "confirm exploitation", "debug the application", "verify the finding", or needs guidance on dynamic testing during Phase 2 of whitebox pentesting.
Use this agent when the user asks to "fix the vulnerability", "patch the code", "remediate the issue", "secure coding recommendation", or needs help with Phase 4 remediation after identifying vulnerabilities. This agent should also trigger proactively after vulnerabilities are confirmed.
Use this agent when the user wants to "write an exploit", "create a PoC", "develop proof of concept", "automate the attack", or needs help creating exploit scripts during Phase 3 of whitebox pentesting.
Use this agent when the user asks to "create a threat model", "analyze threats", "STRIDE analysis", "what are the threats", "threat modeling", "identify attack vectors", "map attack surface", or needs systematic threat identification with data flow diagrams.
This skill should be used when the user asks about "AI security", "ML pipeline attacks", "prompt injection", "model deserialization", "unsafe model loading", "Jupyter injection", "LLM security", or needs to identify AI/ML-specific vulnerabilities in codebases that use machine learning frameworks.
This skill should be used when the user asks about "business logic", "workflow vulnerability", "trust boundary", "state machine", "authorization bypass", "multi-step process", "workflow bypass", "application logic flaw", or needs to identify business logic vulnerabilities during whitebox pentesting.
---
This skill should be used when the user asks about "cloud security", "AWS security", "GCP security", "Azure security", "Kubernetes security", "IMDS", "instance metadata", "S3 bucket policy", "IAM", "serverless security", "Lambda security", "container security", "cloud misconfiguration", "SSRF to cloud metadata", or needs to identify cloud-native security issues during whitebox pentesting.
This skill should be used when the user asks about "compliance mapping", "PCI-DSS", "HIPAA", "SOC 2", "NIST CSF", "regulatory requirements", "compliance report", or needs to map security findings to compliance framework requirements.
This skill should be used when the user asks about "Code Property Graph", "CPG analysis", "Joern queries", "CPGQL", "data flow verification", "taint tracking with Joern", "semantic code analysis", or needs to understand how CPG-based verification works for vulnerability detection.
This skill should be used when analyzing multi-service architectures, frontend-backend interactions, microservices, or when looking for vulnerabilities that span multiple components. Use when the user asks about "cross-component", "frontend to backend", "service interaction", "internal service access", or "multi-service vulnerabilities".
This skill should be used when the user asks about "cryptographic failures", "weak encryption", "hardcoded secrets", "insecure random", "MD5", "SHA1", "weak hashing", or needs to find crypto-related vulnerabilities during whitebox pentesting.
This skill should be used when the user asks about "dangerous functions", "security sinks", "what functions are dangerous in PHP/Java/Python", "find vulnerable functions", "code execution functions", "command injection sinks", "SQL injection functions", or needs to identify security-sensitive functions in source code during whitebox pentesting.
This skill should be used when the user asks to "trace data flow", "follow user input", "source to sink analysis", "track variable", "find input sources", "taint analysis", or needs to understand how user-controlled data flows through an application during whitebox pentesting.
This skill should be used when the user asks about "XXE", "XML External Entity", "error handling", "exception disclosure", "stack trace exposure", "improper error handling", or needs to find exception-related vulnerabilities during whitebox pentesting.
This skill should be used when the user asks to "write an exploit", "create PoC", "develop proof of concept", "exploit script", "automate exploitation", "build exploit", or needs guidance on developing working exploits during whitebox pentesting.
This skill should be used when the user asks about "framework vulnerabilities", "Next.js security", "Flask security", "Django security", "Rails security", "Spring security", "GraphQL security", "Server Actions", "render_template_string", "SSTI patterns", "redirect SSRF", "mass assignment", "actuator exposure", "SpEL injection", "introspection", or needs to identify framework-specific vulnerability patterns during whitebox pentesting.
This skill should be used when the user asks about "logging failures", "log injection", "insufficient logging", "audit logging", "security logging", "CWE-117", or needs to find logging-related vulnerabilities during whitebox pentesting.
This skill should be used when the user is auditing a "polyglot monorepo", "multi-language codebase", "microservices with different languages", "Go + Python + TypeScript", or any codebase with services written in different programming languages. Provides strategies for cross-service security analysis and unified threat modeling.
This skill should be used when the user asks about "Next.js security", "React security", "Server Components", "Server Actions", "Route Handlers", "RSC vulnerabilities", "SSR security", or needs comprehensive Next.js/React security analysis during whitebox pentesting.
Use this skill when the user asks for OWASP Top 10 mapping, CWE alignment, or standards-oriented reporting. The directory name stays `owasp-2025` for backward compatibility, but external reports should use official OWASP Top 10 names.
This skill should be used when the user asks about "API security", "OWASP API Top 10", "BOLA", "broken object level authorization", "API authentication", "mass assignment", "GraphQL security", "gRPC security", "rate limiting", "API abuse", "REST API vulnerabilities", or needs to identify API-specific security issues during whitebox pentesting.
Detect postMessage handlers that trust unvalidated origins or write attacker-controlled data to dangerous DOM sinks.
This skill should be used when the user asks about "sandbox escape", "vm escape", "template injection to RCE", "SSTI exploitation", "vm2 bypass", "restricted execution bypass", "sandbox breakout", or needs to identify sandbox escape and template engine exploitation techniques during whitebox pentesting.
This skill should be used when the user asks about "secret scanning", "find secrets", "hardcoded credentials", "leaked API keys", "git history secrets", "credential scanning", "detect passwords in code", or needs to identify secrets and credentials in source code or git history during whitebox pentesting.
This skill should be used when the user asks about "security misconfiguration", "default credentials", "debug mode", "security headers", "exposed endpoints", "TLS configuration", or needs to find configuration-related vulnerabilities during whitebox pentesting.
Detect ANY credential/secret flowing to ANY output sink. Use when asked about "credential leakage", "secret logging", "sensitive data exposure", "CWE-532", "password in logs", "token exposure", or security logging issues.
This skill should be used when the user asks about "threat model", "STRIDE", "data flow diagram", "attack surface", "threat analysis", "security architecture", "component threats", "trust boundaries", "technology decomposition", or needs systematic threat identification during whitebox pentesting.
This skill should be used when the user asks about "vulnerability patterns", "how to find SQL injection", "XSS patterns", "command injection techniques", "OWASP vulnerabilities", "common web vulnerabilities", "exploitation patterns", or needs to understand how specific vulnerability classes work during whitebox pentesting.
This skill should be used when the user asks about "vulnerability chains", "chained exploits", "multi-step attacks", "SSRF to RCE", "pivot attacks", or needs to identify how vulnerabilities in different components can be combined during whitebox pentesting.
This skill should be used when the user asks to "detect workspaces", "find packages", "list monorepo packages", "workspace structure", "monorepo analysis", or needs to identify workspace/package boundaries in a codebase for focused security analysis.
Complete collection of battle-tested Claude Code configs from an Anthropic hackathon winner - agents, skills, hooks, rules, and legacy command shims evolved over 10+ months of intensive daily use
Efficient skill management system with progressive discovery — 410+ production-ready skills across 33+ domains
Comprehensive skill pack with 66 specialized skills for full-stack developers: 12 language experts (Python, TypeScript, Go, Rust, C++, Swift, Kotlin, C#, PHP, Java, SQL, JavaScript), 10 backend frameworks, 6 frontend/mobile, plus infrastructure, DevOps, security, and testing. Features progressive disclosure architecture for 50% faster loading.
Complete creative writing suite with 10 specialized agents covering the full writing process: research gathering, character development, story architecture, world-building, dialogue coaching, editing/review, outlining, content strategy, believability auditing, and prose style/voice analysis. Includes genre-specific guides, templates, and quality checklists.
Testing, security, and code quality experts - code review, penetration testing, QA automation
Stripe development plugin for Claude