Initial commit
This commit is contained in:
Zhongwei Li
15
.claude-plugin/plugin.json
Normal file
15
.claude-plugin/plugin.json
Normal file
@@ -0,0 +1,15 @@
|
||||
{
|
||||
"name": "vulnerability-scanner",
|
||||
"description": "Comprehensive vulnerability scanning for code, dependencies, and configurations with CVE detection",
|
||||
"version": "1.0.0",
|
||||
"author": {
|
||||
"name": "Jeremy Longshore",
|
||||
"email": "[email protected]"
|
||||
},
|
||||
"skills": [
|
||||
"./skills"
|
||||
],
|
||||
"commands": [
|
||||
"./commands"
|
||||
]
|
||||
}
|
||||
3
README.md
Normal file
3
README.md
Normal file
@@ -0,0 +1,3 @@
|
||||
# vulnerability-scanner
|
||||
|
||||
Comprehensive vulnerability scanning for code, dependencies, and configurations with CVE detection
|
||||
48
commands/scan.md
Normal file
48
commands/scan.md
Normal file
@@ -0,0 +1,48 @@
|
||||
---
|
||||
description: Scan codebase for security vulnerabilities
|
||||
shortcut: vuln
|
||||
---
|
||||
|
||||
# Vulnerability Scanner
|
||||
|
||||
Perform comprehensive vulnerability scanning on the current codebase to identify security issues, CVEs, and potential attack vectors.
|
||||
|
||||
## Scan Process
|
||||
|
||||
1. **Code Analysis (SAST)**
|
||||
- Scan for common vulnerability patterns
|
||||
- Identify insecure code practices
|
||||
- Check for hardcoded secrets
|
||||
- Analyze authentication/authorization flaws
|
||||
|
||||
2. **Dependency Scanning**
|
||||
- Check npm/pip/composer dependencies for known CVEs
|
||||
- Identify outdated packages with security patches
|
||||
- Report transitive dependency vulnerabilities
|
||||
|
||||
3. **Configuration Review**
|
||||
- Analyze security-sensitive configurations
|
||||
- Check for insecure defaults
|
||||
- Validate SSL/TLS settings
|
||||
- Review access control configurations
|
||||
|
||||
4. **Report Generation**
|
||||
- Severity-based categorization (Critical, High, Medium, Low)
|
||||
- CVE identifiers and CVSS scores
|
||||
- Remediation recommendations
|
||||
- Affected files and line numbers
|
||||
|
||||
## Output Format
|
||||
|
||||
Generate a structured vulnerability report with:
|
||||
- Executive summary with vulnerability counts by severity
|
||||
- Detailed findings with code snippets
|
||||
- Remediation steps for each vulnerability
|
||||
- Links to CVE databases and security advisories
|
||||
|
||||
## Security Best Practices
|
||||
|
||||
- Never expose vulnerability details in public repositories
|
||||
- Prioritize Critical and High severity issues
|
||||
- Retest after applying fixes
|
||||
- Document false positives for future scans
|
||||
61
plugin.lock.json
Normal file
61
plugin.lock.json
Normal file
@@ -0,0 +1,61 @@
|
||||
{
|
||||
"$schema": "internal://schemas/plugin.lock.v1.json",
|
||||
"pluginId": "gh:jeremylongshore/claude-code-plugins-plus:plugins/security/vulnerability-scanner",
|
||||
"normalized": {
|
||||
"repo": null,
|
||||
"ref": "refs/tags/v20251128.0",
|
||||
"commit": "2aa628a9fc281d84e694e841e8f92d1624e0c1de",
|
||||
"treeHash": "fd24e34a561f9cd62f68bb510f9487efdc6f771e928a696a5ba581369907bef7",
|
||||
"generatedAt": "2025-11-28T10:18:51.690610Z",
|
||||
"toolVersion": "publish_plugins.py@0.2.0"
|
||||
},
|
||||
"origin": {
|
||||
"remote": "git@github.com:zhongweili/42plugin-data.git",
|
||||
"branch": "master",
|
||||
"commit": "aa1497ed0949fd50e99e70d6324a29c5b34f9390",
|
||||
"repoRoot": "/Users/zhongweili/projects/openmind/42plugin-data"
|
||||
},
|
||||
"manifest": {
|
||||
"name": "vulnerability-scanner",
|
||||
"description": "Comprehensive vulnerability scanning for code, dependencies, and configurations with CVE detection",
|
||||
"version": "1.0.0"
|
||||
},
|
||||
"content": {
|
||||
"files": [
|
||||
{
|
||||
"path": "README.md",
|
||||
"sha256": "9249e69a72ca51ea5a5ba686221216da04974d5442b8ef7ab3affcad91bb3d5f"
|
||||
},
|
||||
{
|
||||
"path": ".claude-plugin/plugin.json",
|
||||
"sha256": "b9ece0248160b81fbe3cd84617739d40d1890810c44c70b82aeb7c110cbcb705"
|
||||
},
|
||||
{
|
||||
"path": "commands/scan.md",
|
||||
"sha256": "2a4ce3c3d5449280257500442b65b4a7e97b0c447fc6b3eb806a34efff12719c"
|
||||
},
|
||||
{
|
||||
"path": "skills/vulnerability-scanner/SKILL.md",
|
||||
"sha256": "c10977d1eff6d20956cdc1d16f08714b112556aff297c1113aac629c7f21be6f"
|
||||
},
|
||||
{
|
||||
"path": "skills/vulnerability-scanner/references/README.md",
|
||||
"sha256": "afdcb3c468e72d38cdadfd903a77518d44f9eb8a7474f9b64b6778311f1ad35e"
|
||||
},
|
||||
{
|
||||
"path": "skills/vulnerability-scanner/scripts/README.md",
|
||||
"sha256": "4c3474ff72c11de2e3b88de2ae0117fa44e8d7242ac0758b761ea5e2de175d5f"
|
||||
},
|
||||
{
|
||||
"path": "skills/vulnerability-scanner/assets/README.md",
|
||||
"sha256": "9824eb37e0436ea3e8b3c641998d63d91f9fe1b4d32b54be581d6975afc3f6af"
|
||||
}
|
||||
],
|
||||
"dirSha256": "fd24e34a561f9cd62f68bb510f9487efdc6f771e928a696a5ba581369907bef7"
|
||||
},
|
||||
"security": {
|
||||
"scannedAt": null,
|
||||
"scannerVersion": null,
|
||||
"flags": []
|
||||
}
|
||||
}
|
||||
54
skills/vulnerability-scanner/SKILL.md
Normal file
54
skills/vulnerability-scanner/SKILL.md
Normal file
@@ -0,0 +1,54 @@
|
||||
---
|
||||
name: scanning-for-vulnerabilities
|
||||
description: |
|
||||
This skill enables comprehensive vulnerability scanning using the vulnerability-scanner plugin. It identifies security vulnerabilities in code, dependencies, and configurations, including CVE detection. Use this skill when the user asks to scan for vulnerabilities, security issues, or CVEs in their project. Trigger phrases include "scan for vulnerabilities", "find security issues", "check for CVEs", "/scan", or "/vuln". The plugin performs static analysis, dependency checking, and configuration analysis to provide a detailed vulnerability report.
|
||||
allowed-tools: Read, Write, Edit, Grep, Glob, Bash
|
||||
version: 1.0.0
|
||||
---
|
||||
|
||||
## Overview
|
||||
|
||||
This skill empowers Claude to automatically scan your codebase for security vulnerabilities. It leverages the vulnerability-scanner plugin to identify potential risks, including code-level flaws, vulnerable dependencies, and insecure configurations.
|
||||
|
||||
## How It Works
|
||||
|
||||
1. **Initiate Scan**: The skill activates the vulnerability-scanner plugin based on user input.
|
||||
2. **Perform Analysis**: The plugin scans the codebase, dependencies, and configurations for vulnerabilities, including CVE detection.
|
||||
3. **Generate Report**: The plugin creates a detailed vulnerability report with findings, severity levels, and remediation guidance.
|
||||
|
||||
## When to Use This Skill
|
||||
|
||||
This skill activates when you need to:
|
||||
- Identify security vulnerabilities in your code.
|
||||
- Check your project's dependencies for known CVEs.
|
||||
- Review your project's configurations for security weaknesses.
|
||||
|
||||
## Examples
|
||||
|
||||
### Example 1: Identifying SQL Injection Risks
|
||||
|
||||
User request: "Scan my code for SQL injection vulnerabilities."
|
||||
|
||||
The skill will:
|
||||
1. Activate the vulnerability-scanner plugin.
|
||||
2. Analyze the codebase for potential SQL injection flaws.
|
||||
3. Generate a report highlighting any identified SQL injection risks and providing remediation steps.
|
||||
|
||||
### Example 2: Checking for Vulnerable npm Packages
|
||||
|
||||
User request: "Check my project's npm dependencies for known vulnerabilities."
|
||||
|
||||
The skill will:
|
||||
1. Activate the vulnerability-scanner plugin.
|
||||
2. Scan the project's `package.json` file and identify any npm packages with known CVEs.
|
||||
3. Generate a report listing the vulnerable packages, their CVE identifiers, and recommended updates.
|
||||
|
||||
## Best Practices
|
||||
|
||||
- **Regular Scanning**: Run vulnerability scans regularly, especially before deployments.
|
||||
- **Prioritize Remediation**: Focus on addressing critical and high-severity vulnerabilities first.
|
||||
- **Validate Fixes**: After applying fixes, run another scan to ensure the vulnerabilities are resolved.
|
||||
|
||||
## Integration
|
||||
|
||||
This skill integrates with the core Claude Code environment by providing automated vulnerability scanning capabilities. It can be used in conjunction with other plugins to create a comprehensive security workflow, such as integrating with a ticketing system to automatically create tickets for identified vulnerabilities.
|
||||
7
skills/vulnerability-scanner/assets/README.md
Normal file
7
skills/vulnerability-scanner/assets/README.md
Normal file
@@ -0,0 +1,7 @@
|
||||
# Assets
|
||||
|
||||
Bundled resources for vulnerability-scanner skill
|
||||
|
||||
- [ ] report_template.html: HTML template for generating visually appealing vulnerability reports.
|
||||
- [ ] example_report.md: Example of a complete vulnerability scan report.
|
||||
- [ ] logo.png: Company logo to include in the report.
|
||||
7
skills/vulnerability-scanner/references/README.md
Normal file
7
skills/vulnerability-scanner/references/README.md
Normal file
@@ -0,0 +1,7 @@
|
||||
# References
|
||||
|
||||
Bundled resources for vulnerability-scanner skill
|
||||
|
||||
- [ ] vulnerability_types.md: Detailed descriptions of common vulnerability types (SQL injection, XSS, etc.).
|
||||
- [ ] cve_database_schema.md: Schema of the CVE database used by the cve_lookup.py script.
|
||||
- [ ] configuration_best_practices.md: Best practices for secure configuration of common applications and services.
|
||||
7
skills/vulnerability-scanner/scripts/README.md
Normal file
7
skills/vulnerability-scanner/scripts/README.md
Normal file
@@ -0,0 +1,7 @@
|
||||
# Scripts
|
||||
|
||||
Bundled resources for vulnerability-scanner skill
|
||||
|
||||
- [ ] scan.sh: Script to execute the vulnerability scan with configurable parameters.
|
||||
- [ ] report_formatter.py: Python script to format the raw scan output into a user-friendly report.
|
||||
- [ ] cve_lookup.py: Python script to fetch CVE details from a public database.
|
||||
Reference in New Issue
Block a user