By byamb4
Automate CVE hunting in open source packages: discover high-potential npm/PyPI/Go/RubyGems targets, audit code for vulnerabilities like command injection, SSRF, prototype pollution, SQLi, and ReDoS, build PoC exploits, run 6-gate false positive elimination, and generate professional disclosure reports for GHSA or HackerOne.
npx claudepluginhub byamb4/find-cve-agentQuery NVD and OSV.dev for existing CVEs. Usage: /check-nvd <package-name>. Shows CVE count, severity breakdown, and recent fixes.
Take a confirmed vulnerability pattern and find the same bug in similar packages. Usage: /cross-pollinate (run after confirming a finding).
Run the 6-gate false positive elimination process on the current finding. Usage: /fp-check (run from a target directory with findings).
Full CVE hunting pipeline. Usage: /hunt <package-name>. Orchestrates all agents: registry check, clone, code review, PoC build, validation, and report generation.
Find targets in a category. Usage: /recon <category>. Examples: /recon csv-parsers, /recon template-engines, /recon archive-libs.
Query or update the research registry. Usage: /registry [query]. Examples: /registry stats, /registry check lodash, /registry list in-progress.
Generate a disclosure report from the current finding. Auto-detects the best submission channel. Usage: /report (run from target directory with confirmed finding).
PoC builder and exploit chainer. Takes Hunter findings and builds working proof-of-concept exploits. Always seeks to escalate impact through vulnerability chaining.
Code review specialist. Performs deep source code analysis to find security vulnerabilities by tracing data flows from untrusted input sources to dangerous sinks.
Target discovery agent. Finds promising open source packages for security review by analyzing npm/PyPI/GitHub registries, download counts, and attack surfaces.
Research tracking agent. Maintains REGISTRY.md as the single source of truth. Prevents duplicate work, records all outcomes, and answers status queries from other agents.
False positive elimination specialist. Runs 6-gate verification process on every finding. Only CONFIRMED findings proceed to submission. Fail 3x = FALSE POSITIVE, no exceptions.
Mine GitHub Security Advisories and CVE databases for incomplete fixes, finding variant vulnerabilities in patched code or similar patterns in related packages.
Detect authentication and authorization bypass vulnerabilities including missing auth middleware, JWT algorithm confusion, IDOR, and session fixation.
Detect code injection vulnerabilities in packages that dynamically generate or evaluate code via new Function(), eval(), vm.run*, or template literal interpolation.
Detect OS command injection via shell execution sinks where user-controlled input reaches system commands without proper sanitization.
Cross-pollination multiplier technique: find a vulnerability in one package, then search for the same pattern across all similar packages to multiply findings.
Detect decompression bomb vulnerabilities where compressed input can expand to exhaust memory, targeting buffer-based decompression without size limits.
Detect XML/SVG/YAML entity expansion (Billion Laughs) vulnerabilities in parsers that allow unbounded entity definitions.
Systematic false positive elimination for security findings. 6-gate verification, 13-item checklist, devil's advocate questioning. MANDATORY before any CVE submission.
Detect JWT implementation vulnerabilities including algorithm confusion, none algorithm acceptance, weak secrets, and JWK injection attacks.
Detect method clobbering via user-controlled object keys that overwrite built-in methods like toString, valueOf, or hasOwnProperty, causing crashes or logic bypass.
Detect path traversal and Zip Slip vulnerabilities where user-controlled path components can escape intended directories.
Detect prototype pollution via object merge/clone/assign operations where __proto__ or constructor.prototype keys can modify Object.prototype.
Detect stack overflow and infinite recursion DoS in recursive parsers, tree walkers, and serializers that lack depth limits.
Detect Regular Expression Denial of Service (ReDoS) where crafted input causes catastrophic backtracking in regex patterns applied to user-controlled strings.
Generate polished, human-sounding vulnerability disclosure reports for GHSA, HackerOne, and email. Auto-selects channel, calculates CVSS, and adapts tone.
Detect VM/sandbox escape vulnerabilities in packages using node:vm, simpleeval, or custom sandboxes that can be bypassed to achieve code execution.
Detect SQL injection where user input reaches SQL query construction through string concatenation, template literals, or ORM raw query methods.
Detect Server-Side Request Forgery where user-controlled URLs can reach internal services, cloud metadata endpoints, or bypass network boundaries.
Detect Server-Side Template Injection where user input is passed as the template string itself rather than as template variables, enabling code execution.
Target discovery methodology for finding high-quality npm/PyPI/GitHub packages to audit for vulnerabilities, with evaluation criteria and search strategies.
Detect XML External Entity injection where XML parsers process untrusted input with external entity loading enabled, allowing file read or SSRF.
Executes bash commands
Hook triggers when Bash tool is used
Modifies files
Hook triggers on file write and edit operations
Uses power tools
Share bugs, ideas, or general feedback.
Open-source cybersecurity analysis agent. Scans any local project for vulnerabilities: code security (SAST), dependency CVEs (SCA), secret leaks, authentication/authorization flaws, cryptographic weaknesses, misconfigurations, supply chain risks, and CI/CD security. Covers all OWASP 2025 Top 10 and CWE Top 25 categories. Generates prioritized reports with remediation guidance. Invoke with /cyber-neo [path].
Meta-tool for generating security audit Skills from GHSA and HackerOne data
Security audit patterns (OWASP Top 10, CWE Top 25 2025, CVSS v4.0) and GitHub project security checks for any project. Deep automated PHP/TYPO3 scanning with 80+ checkpoints, 19 reference guides, PreToolUse warnings. By Netresearch.
Web vulnerability testing methodology distilled from 88,636 real-world cases from the WooYun vulnerability database (2010-2016)
Auto-scan repositories and packages for security threats on install/clone
Uses Bash, Write, or Edit tools
Uses Bash, Write, or Edit tools
Share bugs, ideas, or general feedback.