MCP.directory

scanning-for-vulnerabilities

by jeremylongshore
0
0
Source

This skill enables comprehensive vulnerability scanning using the vulnerability-scanner plugin. It identifies security vulnerabilities in code, dependencies, and configurations, including CVE detection. Use this skill when the user asks to scan for vulnerabilities, security issues, or CVEs in their project. Trigger phrases include "scan for vulnerabilities", "find security issues", "check for CVEs", "/scan", or "/vuln". The plugin performs static analysis, dependency checking, and configuration analysis to provide a detailed vulnerability report.

Install

mkdir -p .claude/skills/scanning-for-vulnerabilities && curl -L -o skill.zip "https://mcp.directory/api/skills/download/9434" && unzip -o skill.zip -d .claude/skills/scanning-for-vulnerabilities && rm skill.zip

Installs to .claude/skills/scanning-for-vulnerabilities

About this skill

Overview

This skill empowers Claude to automatically scan your codebase for security vulnerabilities. It leverages the vulnerability-scanner plugin to identify potential risks, including code-level flaws, vulnerable dependencies, and insecure configurations.

How It Works

  1. Initiate Scan: The skill activates the vulnerability-scanner plugin based on user input.
  2. Perform Analysis: The plugin scans the codebase, dependencies, and configurations for vulnerabilities, including CVE detection.
  3. Generate Report: The plugin creates a detailed vulnerability report with findings, severity levels, and remediation guidance.

When to Use This Skill

This skill activates when you need to:

  • Identify security vulnerabilities in your code.
  • Check your project's dependencies for known CVEs.
  • Review your project's configurations for security weaknesses.

Examples

Example 1: Identifying SQL Injection Risks

User request: "Scan my code for SQL injection vulnerabilities."

The skill will:

  1. Activate the vulnerability-scanner plugin.
  2. Analyze the codebase for potential SQL injection flaws.
  3. Generate a report highlighting any identified SQL injection risks and providing remediation steps.

Example 2: Checking for Vulnerable npm Packages

User request: "Check my project's npm dependencies for known vulnerabilities."

The skill will:

  1. Activate the vulnerability-scanner plugin.
  2. Scan the project's package.json file and identify any npm packages with known CVEs.
  3. Generate a report listing the vulnerable packages, their CVE identifiers, and recommended updates.

Best Practices

  • Regular Scanning: Run vulnerability scans regularly, especially before deployments.
  • Prioritize Remediation: Focus on addressing critical and high-severity vulnerabilities first.
  • Validate Fixes: After applying fixes, run another scan to ensure the vulnerabilities are resolved.

Integration

This skill integrates with the core Claude Code environment by providing automated vulnerability scanning capabilities. It can be used in conjunction with other plugins to create a comprehensive security workflow, such as integrating with a ticketing system to automatically create tickets for identified vulnerabilities.

More by jeremylongshore

View all skills by jeremylongshore

d2-diagram-creator

jeremylongshore

D2 Diagram Creator - Auto-activating skill for Visual Content. Triggers on: d2 diagram creator, d2 diagram creator Part of the Visual Content skill category.

6832

svg-icon-generator

jeremylongshore

Svg Icon Generator - Auto-activating skill for Visual Content. Triggers on: svg icon generator, svg icon generator Part of the Visual Content skill category.

9229

automating-mobile-app-testing

jeremylongshore

This skill enables automated testing of mobile applications on iOS and Android platforms using frameworks like Appium, Detox, XCUITest, and Espresso. It generates end-to-end tests, sets up page object models, and handles platform-specific elements. Use this skill when the user requests mobile app testing, test automation for iOS or Android, or needs assistance with setting up device farms and simulators. The skill is triggered by terms like "mobile testing", "appium", "detox", "xcuitest", "espresso", "android test", "ios test".

16122

performing-penetration-testing

jeremylongshore

This skill enables automated penetration testing of web applications. It uses the penetration-tester plugin to identify vulnerabilities, including OWASP Top 10 threats, and suggests exploitation techniques. Use this skill when the user requests a "penetration test", "pentest", "vulnerability assessment", or asks to "exploit" a web application. It provides comprehensive reporting on identified security flaws.

5015

designing-database-schemas

jeremylongshore

Design and visualize efficient database schemas, normalize data, map relationships, and generate ERD diagrams and SQL statements.

12014

ollama-setup

jeremylongshore

Configure auto-configure Ollama when user needs local LLM deployment, free AI alternatives, or wants to eliminate hosted API costs. Trigger phrases: "install ollama", "local AI", "free LLM", "self-hosted AI", "replace OpenAI", "no API costs". Use when appropriate context detected. Trigger with relevant phrases based on skill purpose.

5210

You might also like

flutter-development

aj-geddes

Build beautiful cross-platform mobile apps with Flutter and Dart. Covers widgets, state management with Provider/BLoC, navigation, API integration, and material design.

1,4211,305

drawio-diagrams-enhanced

jgtolentino

Create professional draw.io (diagrams.net) diagrams in XML format (.drawio files) with integrated PMP/PMBOK methodologies, extensive visual asset libraries, and industry-standard professional templates. Use this skill when users ask to create flowcharts, swimlane diagrams, cross-functional flowcharts, org charts, network diagrams, UML diagrams, BPMN, project management diagrams (WBS, Gantt, PERT, RACI), risk matrices, stakeholder maps, or any other visual diagram in draw.io format. This skill includes access to custom shape libraries for icons, clipart, and professional symbols.

1,2361,030

ui-ux-pro-max

nextlevelbuilder

"UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient."

9151,017

godot

bfollington

This skill should be used when working on Godot Engine projects. It provides specialized knowledge of Godot's file formats (.gd, .tscn, .tres), architecture patterns (component-based, signal-driven, resource-based), common pitfalls, validation tools, code templates, and CLI workflows. The `godot` command is available for running the game, validating scripts, importing resources, and exporting builds. Use this skill for tasks involving Godot game development, debugging scene/resource files, implementing game systems, or creating new Godot components.

975666

nano-banana-pro

garg-aayush

Generate and edit images using Google's Nano Banana Pro (Gemini 3 Pro Image) API. Use when the user asks to generate, create, edit, modify, change, alter, or update images. Also use when user references an existing image file and asks to modify it in any way (e.g., "modify this image", "change the background", "replace X with Y"). Supports both text-to-image generation and image-to-image editing with configurable resolution (1K default, 2K, or 4K for high resolution). DO NOT read the image file first - use this skill directly with the --input-image parameter.

979609

pdf-to-markdown

aliceisjustplaying

Convert entire PDF documents to clean, structured Markdown for full context loading. Use this skill when the user wants to extract ALL text from a PDF into context (not grep/search), when discussing or analyzing PDF content in full, when the user mentions "load the whole PDF", "bring the PDF into context", "read the entire PDF", or when partial extraction/grepping would miss important context. This is the preferred method for PDF text extraction over page-by-page or grep approaches.

1,046505

Related MCP Servers

Browse all servers
Desktop CommanderDesktop Commander

Desktop Commander MCP unifies code management with advanced source control, git, and svn support—streamlining developmen

5,63026 tools
Meta AdsMeta Ads

Optimize Facebook ad campaigns with AI-driven insights, creative analysis, and campaign control in Meta Ads Manager for

5940 tools
Solana AgentSolana Agent

Solana Agent: a server for blockchain interactions on Solana, offering asset retrieval, token deployment, wallet managem

1530 tools
Snowfort Circuit MCPSnowfort Circuit MCP

Snowfort Circuit MCP — MCP server for AI coding agents enabling browser automation, electron automation and AI test auto

540 tools
Firebird SQLFirebird SQL

Firebird SQL empowers safe database access, protects from sql injection, and supports natural language queries with adva

470 tools
CoolifyCoolify

Coolify is a robust application deployment tool and deployment software for managing servers, applications, and team res

360 tools

Stay ahead of the MCP ecosystem

Get weekly updates on new skills and servers.