{ "schemaVersion": "1.0", "item": { "slug": "vulnerability-scanner", "name": "Vulnerability Scanner", "source": "tencent", "type": "skill", "category": "ε…Άδ»–", "sourceUrl": "https://clawhub.ai/brandonwise/vulnerability-scanner", "canonicalUrl": "https://clawhub.ai/brandonwise/vulnerability-scanner", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/vulnerability-scanner", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=vulnerability-scanner", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md", "checklists.md", "scripts/security_scan.py" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "slug": "vulnerability-scanner", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-29T13:50:14.045Z", "expiresAt": "2026-05-06T13:50:14.045Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=vulnerability-scanner", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=vulnerability-scanner", "contentDisposition": "attachment; filename=\"vulnerability-scanner-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null, "slug": "vulnerability-scanner" }, "scope": "item", "summary": "Item download looks usable.", "detail": "Yavira can redirect you to the upstream package for this item.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/vulnerability-scanner" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/vulnerability-scanner", "agentPageUrl": "https://openagent3.xyz/skills/vulnerability-scanner/agent", "manifestUrl": "https://openagent3.xyz/skills/vulnerability-scanner/agent.json", "briefUrl": "https://openagent3.xyz/skills/vulnerability-scanner/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Vulnerability Scanner", "body": "Advanced vulnerability analysis for OWASP 2025, supply chain security, attack surface mapping, and risk prioritization." }, { "title": "Description", "body": "USE WHEN:\n\nAuditing code for security vulnerabilities\nReviewing dependencies for supply chain risks\nScanning for hardcoded secrets or credentials\nIdentifying dangerous code patterns (injection, XSS, deserialization)\nPreparing for security audits or penetration tests\nPrioritizing vulnerability remediation by risk\n\nDON'T USE WHEN:\n\nNeed runtime dynamic analysis (use actual pentest tools)\nScanning compiled binaries (this is source-code focused)\nNeed compliance-specific audits (PCI-DSS, HIPAA have dedicated tools)" }, { "title": "Scripts", "body": "ScriptPurposeUsagescripts/security_scan.pyFull security scanpython scripts/security_scan.py [--scan-type all|deps|secrets|patterns|config]" }, { "title": "Quick Start", "body": "# Full scan\npython scripts/security_scan.py /path/to/project\n\n# Just check for secrets\npython scripts/security_scan.py /path/to/project --scan-type secrets\n\n# Summary output\npython scripts/security_scan.py /path/to/project --output summary" }, { "title": "Reference Files", "body": "FilePurposechecklists.mdOWASP Top 10, Auth, API, Data protection checklists" }, { "title": "Core Principles", "body": "PrincipleApplicationAssume BreachDesign as if attacker already insideZero TrustNever trust, always verifyDefense in DepthMultiple layers, no single pointLeast PrivilegeMinimum required access onlyFail SecureOn error, deny access" }, { "title": "Threat Modeling Questions", "body": "Before scanning, ask:\n\nWhat are we protecting? (Assets)\nWho would attack? (Threat actors)\nHow would they attack? (Attack vectors)\nWhat's the impact? (Business risk)" }, { "title": "Risk Categories", "body": "RankCategoryThink AboutA01Broken Access ControlWho can access what? IDOR, SSRFA02Security MisconfigurationDefaults, headers, exposed servicesA03Software Supply Chain πŸ†•Dependencies, CI/CD, build integrityA04Cryptographic FailuresWeak crypto, exposed secretsA05InjectionUser input β†’ system commandsA06Insecure DesignFlawed architectureA07Authentication FailuresSession, credential managementA08Integrity FailuresUnsigned updates, tampered dataA09Logging & AlertingBlind spots, no monitoringA10Exceptional Conditions πŸ†•Error handling, fail-open states" }, { "title": "2025 Key Changes", "body": "2021 β†’ 2025 Shifts:\nβ”œβ”€β”€ SSRF merged into A01 (Access Control)\nβ”œβ”€β”€ A02 elevated (Cloud/Container configs)\nβ”œβ”€β”€ A03 NEW: Supply Chain (major focus)\nβ”œβ”€β”€ A10 NEW: Exceptional Conditions\n└── Focus shift: Root causes > Symptoms" }, { "title": "Attack Surface", "body": "VectorRiskQuestion to AskDependenciesMalicious packagesDo we audit new deps?Lock filesIntegrity attacksAre they committed?Build pipelineCI/CD compromiseWho can modify?RegistryTyposquattingVerified sources?" }, { "title": "Defense Principles", "body": "Verify package integrity (checksums)\nPin versions, audit updates\nUse private registries for critical deps\nSign and verify artifacts" }, { "title": "What to Map", "body": "CategoryElementsEntry PointsAPIs, forms, file uploadsData FlowsInput β†’ Process β†’ OutputTrust BoundariesWhere auth/authz checkedAssetsSecrets, PII, business data" }, { "title": "Prioritization Matrix", "body": "Risk = Likelihood Γ— Impact\n\nHigh Impact + High Likelihood β†’ CRITICAL\nHigh Impact + Low Likelihood β†’ HIGH\nLow Impact + High Likelihood β†’ MEDIUM\nLow Impact + Low Likelihood β†’ LOW" }, { "title": "CVSS + Context", "body": "FactorWeightQuestionCVSS ScoreBase severityHow severe is the vuln?EPSS ScoreExploit likelihoodIs it being exploited?Asset ValueBusiness contextWhat's at risk?ExposureAttack surfaceInternet-facing?" }, { "title": "Prioritization Decision Tree", "body": "Is it actively exploited (EPSS >0.5)?\nβ”œβ”€β”€ YES β†’ CRITICAL: Immediate action\n└── NO β†’ Check CVSS\n β”œβ”€β”€ CVSS β‰₯9.0 β†’ HIGH\n β”œβ”€β”€ CVSS 7.0-8.9 β†’ Consider asset value\n └── CVSS <7.0 β†’ Schedule for later" }, { "title": "Fail-Open vs Fail-Closed", "body": "ScenarioFail-Open (BAD)Fail-Closed (GOOD)Auth errorAllow accessDeny accessParsing failsAccept inputReject inputTimeoutRetry foreverLimit + abort" }, { "title": "What to Check", "body": "Exception handlers that catch-all and ignore\nMissing error handling on security operations\nRace conditions in auth/authz\nResource exhaustion scenarios" }, { "title": "Phase-Based Approach", "body": "1. RECONNAISSANCE\n └── Understand the target\n β”œβ”€β”€ Technology stack\n β”œβ”€β”€ Entry points\n └── Data flows\n\n2. DISCOVERY\n └── Identify potential issues\n β”œβ”€β”€ Configuration review\n β”œβ”€β”€ Dependency analysis\n └── Code pattern search\n\n3. ANALYSIS\n └── Validate and prioritize\n β”œβ”€β”€ False positive elimination\n β”œβ”€β”€ Risk scoring\n └── Attack chain mapping\n\n4. REPORTING\n └── Actionable findings\n β”œβ”€β”€ Clear reproduction steps\n β”œβ”€β”€ Business impact\n └── Remediation guidance" }, { "title": "High-Risk Patterns", "body": "PatternRiskLook ForString concat in queriesInjection\"SELECT * FROM \" + user_inputDynamic code executionRCEeval(), exec(), Function()Unsafe deserializationRCEpickle.loads(), unserialize()Path manipulationTraversalUser input in file pathsDisabled securityVariousverify=False, --insecure" }, { "title": "Secret Patterns", "body": "TypeIndicatorsAPI Keysapi_key, apikey, high entropyTokenstoken, bearer, jwtCredentialspassword, secret, keyCloudAWS_, AZURE_, GCP_ prefixes" }, { "title": "Shared Responsibility", "body": "LayerYou OwnProvider OwnsDataβœ…βŒApplicationβœ…βŒOS/RuntimeDependsDependsInfrastructureβŒβœ…" }, { "title": "Cloud-Specific Checks", "body": "IAM: Least privilege applied?\nStorage: Public buckets?\nNetwork: Security groups tightened?\nSecrets: Using secrets manager?" }, { "title": "10. Anti-Patterns", "body": "❌ Don'tβœ… DoScan without understandingMap attack surface firstAlert on every CVEPrioritize by exploitability + assetIgnore false positivesMaintain verified baselineFix symptoms onlyAddress root causesScan once before deployContinuous scanningTrust third-party deps blindlyVerify integrity, audit code" }, { "title": "Finding Structure", "body": "Each finding should answer:\n\nWhat? - Clear vulnerability description\nWhere? - Exact location (file, line, endpoint)\nWhy? - Root cause explanation\nImpact? - Business consequence\nHow to fix? - Specific remediation" }, { "title": "Severity Classification", "body": "SeverityCriteriaCriticalRCE, auth bypass, mass data exposureHighData exposure, privilege escalationMediumLimited scope, requires conditionsLowInformational, best practice\n\nRemember: Vulnerability scanning finds issues. Expert thinking prioritizes what matters. Always ask: \"What would an attacker do with this?\"" } ], "body": "Vulnerability Scanner\n\nAdvanced vulnerability analysis for OWASP 2025, supply chain security, attack surface mapping, and risk prioritization.\n\nDescription\n\nUSE WHEN:\n\nAuditing code for security vulnerabilities\nReviewing dependencies for supply chain risks\nScanning for hardcoded secrets or credentials\nIdentifying dangerous code patterns (injection, XSS, deserialization)\nPreparing for security audits or penetration tests\nPrioritizing vulnerability remediation by risk\n\nDON'T USE WHEN:\n\nNeed runtime dynamic analysis (use actual pentest tools)\nScanning compiled binaries (this is source-code focused)\nNeed compliance-specific audits (PCI-DSS, HIPAA have dedicated tools)\nScripts\nScript\tPurpose\tUsage\nscripts/security_scan.py\tFull security scan\tpython scripts/security_scan.py [--scan-type all|deps|secrets|patterns|config]\nQuick Start\n# Full scan\npython scripts/security_scan.py /path/to/project\n\n# Just check for secrets\npython scripts/security_scan.py /path/to/project --scan-type secrets\n\n# Summary output\npython scripts/security_scan.py /path/to/project --output summary\n\nReference Files\nFile\tPurpose\nchecklists.md\tOWASP Top 10, Auth, API, Data protection checklists\n1. Security Expert Mindset\nCore Principles\nPrinciple\tApplication\nAssume Breach\tDesign as if attacker already inside\nZero Trust\tNever trust, always verify\nDefense in Depth\tMultiple layers, no single point\nLeast Privilege\tMinimum required access only\nFail Secure\tOn error, deny access\nThreat Modeling Questions\n\nBefore scanning, ask:\n\nWhat are we protecting? (Assets)\nWho would attack? (Threat actors)\nHow would they attack? (Attack vectors)\nWhat's the impact? (Business risk)\n2. OWASP Top 10:2025\nRisk Categories\nRank\tCategory\tThink About\nA01\tBroken Access Control\tWho can access what? IDOR, SSRF\nA02\tSecurity Misconfiguration\tDefaults, headers, exposed services\nA03\tSoftware Supply Chain πŸ†•\tDependencies, CI/CD, build integrity\nA04\tCryptographic Failures\tWeak crypto, exposed secrets\nA05\tInjection\tUser input β†’ system commands\nA06\tInsecure Design\tFlawed architecture\nA07\tAuthentication Failures\tSession, credential management\nA08\tIntegrity Failures\tUnsigned updates, tampered data\nA09\tLogging & Alerting\tBlind spots, no monitoring\nA10\tExceptional Conditions πŸ†•\tError handling, fail-open states\n2025 Key Changes\n2021 β†’ 2025 Shifts:\nβ”œβ”€β”€ SSRF merged into A01 (Access Control)\nβ”œβ”€β”€ A02 elevated (Cloud/Container configs)\nβ”œβ”€β”€ A03 NEW: Supply Chain (major focus)\nβ”œβ”€β”€ A10 NEW: Exceptional Conditions\n└── Focus shift: Root causes > Symptoms\n\n3. Supply Chain Security (A03)\nAttack Surface\nVector\tRisk\tQuestion to Ask\nDependencies\tMalicious packages\tDo we audit new deps?\nLock files\tIntegrity attacks\tAre they committed?\nBuild pipeline\tCI/CD compromise\tWho can modify?\nRegistry\tTyposquatting\tVerified sources?\nDefense Principles\nVerify package integrity (checksums)\nPin versions, audit updates\nUse private registries for critical deps\nSign and verify artifacts\n4. Attack Surface Mapping\nWhat to Map\nCategory\tElements\nEntry Points\tAPIs, forms, file uploads\nData Flows\tInput β†’ Process β†’ Output\nTrust Boundaries\tWhere auth/authz checked\nAssets\tSecrets, PII, business data\nPrioritization Matrix\nRisk = Likelihood Γ— Impact\n\nHigh Impact + High Likelihood β†’ CRITICAL\nHigh Impact + Low Likelihood β†’ HIGH\nLow Impact + High Likelihood β†’ MEDIUM\nLow Impact + Low Likelihood β†’ LOW\n\n5. Risk Prioritization\nCVSS + Context\nFactor\tWeight\tQuestion\nCVSS Score\tBase severity\tHow severe is the vuln?\nEPSS Score\tExploit likelihood\tIs it being exploited?\nAsset Value\tBusiness context\tWhat's at risk?\nExposure\tAttack surface\tInternet-facing?\nPrioritization Decision Tree\nIs it actively exploited (EPSS >0.5)?\nβ”œβ”€β”€ YES β†’ CRITICAL: Immediate action\n└── NO β†’ Check CVSS\n β”œβ”€β”€ CVSS β‰₯9.0 β†’ HIGH\n β”œβ”€β”€ CVSS 7.0-8.9 β†’ Consider asset value\n └── CVSS <7.0 β†’ Schedule for later\n\n6. Exceptional Conditions (A10 - New)\nFail-Open vs Fail-Closed\nScenario\tFail-Open (BAD)\tFail-Closed (GOOD)\nAuth error\tAllow access\tDeny access\nParsing fails\tAccept input\tReject input\nTimeout\tRetry forever\tLimit + abort\nWhat to Check\nException handlers that catch-all and ignore\nMissing error handling on security operations\nRace conditions in auth/authz\nResource exhaustion scenarios\n7. Scanning Methodology\nPhase-Based Approach\n1. RECONNAISSANCE\n └── Understand the target\n β”œβ”€β”€ Technology stack\n β”œβ”€β”€ Entry points\n └── Data flows\n\n2. DISCOVERY\n └── Identify potential issues\n β”œβ”€β”€ Configuration review\n β”œβ”€β”€ Dependency analysis\n └── Code pattern search\n\n3. ANALYSIS\n └── Validate and prioritize\n β”œβ”€β”€ False positive elimination\n β”œβ”€β”€ Risk scoring\n └── Attack chain mapping\n\n4. REPORTING\n └── Actionable findings\n β”œβ”€β”€ Clear reproduction steps\n β”œβ”€β”€ Business impact\n └── Remediation guidance\n\n8. Code Pattern Analysis\nHigh-Risk Patterns\nPattern\tRisk\tLook For\nString concat in queries\tInjection\t\"SELECT * FROM \" + user_input\nDynamic code execution\tRCE\teval(), exec(), Function()\nUnsafe deserialization\tRCE\tpickle.loads(), unserialize()\nPath manipulation\tTraversal\tUser input in file paths\nDisabled security\tVarious\tverify=False, --insecure\nSecret Patterns\nType\tIndicators\nAPI Keys\tapi_key, apikey, high entropy\nTokens\ttoken, bearer, jwt\nCredentials\tpassword, secret, key\nCloud\tAWS_, AZURE_, GCP_ prefixes\n9. Cloud Security Considerations\nShared Responsibility\nLayer\tYou Own\tProvider Owns\nData\tβœ…\t❌\nApplication\tβœ…\t❌\nOS/Runtime\tDepends\tDepends\nInfrastructure\t❌\tβœ…\nCloud-Specific Checks\nIAM: Least privilege applied?\nStorage: Public buckets?\nNetwork: Security groups tightened?\nSecrets: Using secrets manager?\n10. Anti-Patterns\n❌ Don't\tβœ… Do\nScan without understanding\tMap attack surface first\nAlert on every CVE\tPrioritize by exploitability + asset\nIgnore false positives\tMaintain verified baseline\nFix symptoms only\tAddress root causes\nScan once before deploy\tContinuous scanning\nTrust third-party deps blindly\tVerify integrity, audit code\n11. Reporting Principles\nFinding Structure\n\nEach finding should answer:\n\nWhat? - Clear vulnerability description\nWhere? - Exact location (file, line, endpoint)\nWhy? - Root cause explanation\nImpact? - Business consequence\nHow to fix? - Specific remediation\nSeverity Classification\nSeverity\tCriteria\nCritical\tRCE, auth bypass, mass data exposure\nHigh\tData exposure, privilege escalation\nMedium\tLimited scope, requires conditions\nLow\tInformational, best practice\n\nRemember: Vulnerability scanning finds issues. Expert thinking prioritizes what matters. Always ask: \"What would an attacker do with this?\"" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/brandonwise/vulnerability-scanner", "publisherUrl": "https://clawhub.ai/brandonwise/vulnerability-scanner", "owner": "brandonwise", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/vulnerability-scanner", "downloadUrl": "https://openagent3.xyz/downloads/vulnerability-scanner", "agentUrl": "https://openagent3.xyz/skills/vulnerability-scanner/agent", "manifestUrl": "https://openagent3.xyz/skills/vulnerability-scanner/agent.json", "briefUrl": "https://openagent3.xyz/skills/vulnerability-scanner/agent.md" } }