Skill

perseus:audit

Executes parallel agent-based vulnerability analysis for injection, XSS, auth, authz, and SSRF. Traces source-to-sink paths, verifies defenses, scores confidence, and generates exploit queues.

security

From perseus

Install

Run in your terminal

npx claudepluginhub kaivyy/perseus --plugin perseus

Tool Access

This skill uses the workspace's default tool permissions.

Skill Content

Similar Skills

agent-harness-construction

Designs and optimizes AI agent action spaces, tool definitions, observation formats, error recovery, and context for higher task completion rates.

everything-claude-code

139.9k

agent-payment-x402

Enables AI agents to execute x402 payments with per-task budgets, spending controls, and non-custodial wallets via MCP tools. Use when agents pay for APIs, services, or other agents.

everything-claude-code

139.9k

agent-eval

Compares coding agents like Claude Code and Aider on custom YAML-defined codebase tasks using git worktrees, measuring pass rate, cost, time, and consistency.

everything-claude-code

139.9k

Stats

Stars24

Forks4

Last CommitFeb 12, 2026

Actions

View Source View Plugin View on GitHub View README

Perseus Audit (Phase 2)

Overview

This skill executes the Vulnerability Analysis Phase of the Perseus framework. It performs deep-dive white-box analysis on the components identified during the Scan phase.

Goal: Prove the potential for exploitation by finding source-to-sink paths lacking proper defense.

Methodology:

Launch 5 Agents in Parallel: Injection, XSS, Auth, Authz, SSRF.
Negative Analysis Loop: Trace Source -> Sanitizers -> Sink -> Verdict.
Exploit Queue: Generate actionable vulnerabilities for verification.

Confidence Scoring (Required)

Assign confidence to every finding:

Confidence	Criteria
High	Direct source-to-sink path with clear missing defense and reproducible trigger
Medium	Strong path evidence, but one assumption (runtime config/auth state) remains
Low	Pattern match only; data flow or trigger path is incomplete

Prioritize exploit queue in this order:

High + Critical/High severity
Medium + Critical/High severity
Remaining findings

Execution Instructions

Launch these 5 agents simultaneously using a single message with multiple Task tool calls:

Injection Analyst:
- "Trace untrusted input to SQL/Command sinks. Verify if sanitization matches sink context. Flag string concatenation in queries."
XSS Specialist:
- "Trace input to browser sinks (innerHTML, eval). Verify context-aware escaping. Flag raw HTML rendering."
Auth Specialist:
- "Analyze login/session logic. Check for bypasses, weak tokens, and missing MFA. Verify state/nonce in OAuth."
Authz Specialist:
- "Analyze permission checks (RBAC/ABAC). Check for IDOR and Privilege Escalation. Verify every protected route has a guard."
SSRF Specialist:
- "Trace input to outbound request sinks. Verify URL validation and allowlists. Check for local network access."

Analysis Methodology (The "Negative Analysis" Loop)

For each agent, enforce this loop:

Trace Source: Identify where untrusted data enters (from Scan phase).
Trace Flow: Follow variables through functions, middleware, and transforms.
Identify Sink: Where does the data end up? (DB, Screen, Log, Shell).
Verify Defense:
- Is there validation? (e.g., zod.parse)
- Is there sanitization? (e.g., escapeHtml)
- Is it parameterized? (e.g., Prepared Statements)
Verdict:
- VULNERABLE: Path exists + Defense missing/mismatched. -> Add to Exploit Queue
- SAFE: Defense is robust. -> Document as Secure

Output Requirements

Each agent must produce a specialized report in deliverables/:

injection_analysis.md
xss_analysis.md
auth_analysis.md
authz_analysis.md
ssrf_analysis.md

For each finding include:

Finding ID
Source -> Sink Path
Missing or Mismatched Defense
Preconditions
Confidence: High | Medium | Low
Exploit Candidate: Yes | No (and reason)

Next Step: Proceed to perseus:exploit to verify findings with Proof-of-Concept.