Index of vulnerability detection pattern skills. Routes to core patterns (universal) and language-specific patterns for security scanning.
Index that routes vulnerability scanning requests to specialized pattern skills for universal (secrets, SQL injection, command injection) or language-specific (JavaScript XSS, Python pickle, Java deserialization) detection. Use when you need to find the right security scanning skill for a specific vulnerability type or tech stack.
/plugin marketplace add Zate/cc-plugins/plugin install security@cc-pluginsThis skill inherits all available tools. When active, it can use any tool Claude has access to.
This skill is an index to modular detection pattern skills. Use the specialized skills for focused scanning.
vuln-patterns-coreCovers: Universal patterns, configuration files, quick scan scripts Languages: All (cross-language patterns) Use when: Scanning any codebase, config audits, hook integration
Includes:
vuln-patterns-languagesCovers: Language-specific vulnerability patterns Languages: JavaScript/TypeScript, Python, Go, Java, Ruby, PHP Use when: Targeting specific tech stacks, code review
Includes:
| What You're Looking For | Skill to Use |
|---|---|
| Hardcoded secrets | vuln-patterns-core |
| SQL injection (any language) | vuln-patterns-core |
| Command injection (any) | vuln-patterns-core |
| Path traversal | vuln-patterns-core |
| Docker/config issues | vuln-patterns-core |
| JavaScript XSS | vuln-patterns-languages |
| Python pickle/yaml | vuln-patterns-languages |
| Java deserialization | vuln-patterns-languages |
| Go TLS issues | vuln-patterns-languages |
| Ruby Rails patterns | vuln-patterns-languages |
| PHP include/require | vuln-patterns-languages |
| OWASP 2021 | Skill | Key Patterns |
|---|---|---|
| A01 Access Control | Core + Languages | Path traversal, authorization |
| A02 Crypto Failures | Languages | MD5, SHA1, weak random |
| A03 Injection | Core | SQL, command, XSS |
| A05 Security Misconfig | Core | Debug mode, headers |
| A07 Auth Failures | Core | Hardcoded credentials |
| A08 Data Integrity | Languages | Deserialization |
For live security hooks, use vuln-patterns-core which includes:
asvs-requirements - Full ASVS requirement detailsremediation-library - Index to fix patternsremediation-injection - Injection fixesremediation-crypto - Cryptography fixesMaster authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when implementing auth systems, securing APIs, or debugging security issues.