vulnerability-patterns | security | ClaudePluginHub

Skill

vulnerability-patterns

Indexes vulnerability detection patterns and routes to core universal skills for secrets, injections, configs plus language-specific for JavaScript/TypeScript, Python, Go, Java, Ruby, PHP.

$

npx claudepluginhub zate/cc-plugins --plugin security

Tool Access

This skill uses the workspace's default tool permissions.

Preview

This skill is an index to modular detection pattern skills. Use the specialized skills for focused scanning.

SKILL.md

Similar Skills

owasp-top-10

15

Detects OWASP Top 10 2021 security vulnerabilities like broken access control and injection, with remediation patterns for audits and code reviews.

12 files

nickcrew-claude-ctx-plugin

Vulnerability Patterns

12

Identifies common web vulnerability patterns like SQL injection, command injection, XSS, and OWASP Top 10 during whitebox pentesting and code reviews.

7 files

security-scanning-security-sast

36.7k

Performs Static Application Security Testing (SAST) to detect vulnerabilities like SQL injection, XSS, hardcoded secrets, and path traversal in Python, JavaScript/TypeScript, Java, Ruby, PHP, Go, Rust codebases using Bandit, Semgrep, ESLint Security.

antigravity-awesome-skills

Stats

Parent Repo Stars6

Parent Repo Forks1

Last CommitDec 16, 2025

Actions

View Source View Plugin View on GitHub View README

Tags

vulnerability-patterns

security-scanning

Help us improve

Share bugs, ideas, or general feedback.

Vulnerability Patterns

This skill is an index to modular detection pattern skills. Use the specialized skills for focused scanning.

When to Use This Skill

Finding the right pattern skill - Use this index to route appropriately
Overview of detection capabilities - Quick reference of what's available

When NOT to Use This Skill

Actual vulnerability scanning - Use the specialized skills directly
Remediation guidance - Use remediation-* skills
Full security audits - Use domain auditor agents

Specialized Pattern Skills

`vuln-patterns-core`

Covers: Universal patterns, configuration files, quick scan scripts Languages: All (cross-language patterns) Use when: Scanning any codebase, config audits, hook integration

Includes:

Hardcoded secrets (API keys, AWS keys, private keys)
SQL injection (universal patterns)
Command injection (universal patterns)
Path traversal
Configuration file patterns (.env, Docker)
Quick scan script
Hook integration guidance

`vuln-patterns-languages`

Covers: Language-specific vulnerability patterns Languages: JavaScript/TypeScript, Python, Go, Java, Ruby, PHP Use when: Targeting specific tech stacks, code review

Includes:

JavaScript: eval(), XSS, prototype pollution
Python: pickle, yaml.load, weak crypto
Go: fmt.Sprintf SQL, InsecureSkipVerify
Java: ObjectInputStream, XXE, createStatement
Ruby: backticks, Rails SQL, mass assignment
PHP: unserialize, include, mysql_query

Quick Routing Guide

What You're Looking For	Skill to Use
Hardcoded secrets	`vuln-patterns-core`
SQL injection (any language)	`vuln-patterns-core`
Command injection (any)	`vuln-patterns-core`
Path traversal	`vuln-patterns-core`
Docker/config issues	`vuln-patterns-core`
JavaScript XSS	`vuln-patterns-languages`
Python pickle/yaml	`vuln-patterns-languages`
Java deserialization	`vuln-patterns-languages`
Go TLS issues	`vuln-patterns-languages`
Ruby Rails patterns	`vuln-patterns-languages`
PHP include/require	`vuln-patterns-languages`

Pattern Categories by OWASP

OWASP 2021	Skill	Key Patterns
A01 Access Control	Core + Languages	Path traversal, authorization
A02 Crypto Failures	Languages	MD5, SHA1, weak random
A03 Injection	Core	SQL, command, XSS
A05 Security Misconfig	Core	Debug mode, headers
A07 Auth Failures	Core	Hardcoded credentials
A08 Data Integrity	Languages	Deserialization

Integration

For live security hooks, use vuln-patterns-core which includes:

Hook integration guidance
Pattern matching priorities
False positive mitigation strategies
Quick scan script for rapid detection

See Also

asvs-requirements - Full ASVS requirement details
remediation-library - Index to fix patterns
remediation-injection - Injection fixes
remediation-crypto - Cryptography fixes