askill
static-vulnerability-detector

static-vulnerability-detectorSafety 95Repository

Statically analyze code to detect security vulnerabilities including buffer overflows, injection risks (SQL, command, XSS), insecure deserialization, improper authentication, hard-coded credentials, and unsafe cryptography. Use when: (1) Performing security code review, (2) Analyzing code for OWASP Top 10 vulnerabilities, (3) Identifying CWE-classified weaknesses, (4) Generating security audit reports, (5) Reviewing code before deployment, or (6) Assessing third-party code security. Findings categorized by CWE ID and severity (Critical/High/Medium/Low).

static-vulnerability-detectorArabelaTso
10 stars
1.2k downloads
Updated 2/20/2026

Package Files

Loading files...
SKILL.md

Static Vulnerability Detector

Analyze code for security vulnerabilities with CWE classification and severity assessment.

Analysis Workflow

1. Code Scanning

Systematically examine code for vulnerability patterns:

Memory Safety (C/C++):

  • Buffer overflows (CWE-119)
  • Out-of-bounds access (CWE-125)
  • Use-after-free (CWE-416)
  • Double free (CWE-415)
  • Null pointer dereference (CWE-476)

Injection Vulnerabilities:

  • SQL injection (CWE-89)
  • Command injection (CWE-78)
  • Cross-site scripting (CWE-79)
  • XML injection (CWE-91)
  • LDAP injection (CWE-90)

Authentication & Authorization:

  • Missing authentication (CWE-306)
  • Improper authentication (CWE-287)
  • Missing authorization (CWE-862)
  • Hard-coded credentials (CWE-798)

Cryptographic Issues:

  • Weak algorithms (CWE-327)
  • Inadequate encryption (CWE-326)
  • Weak random values (CWE-330)
  • Missing encryption (CWE-311)

Deserialization:

  • Untrusted deserialization (CWE-502)
  • Mass assignment (CWE-915)

Input Validation:

  • Improper validation (CWE-20)
  • Path traversal (CWE-22)
  • SSRF (CWE-918)

2. Pattern Matching

For each vulnerability category, identify:

Dangerous Functions:

  • C/C++: strcpy, sprintf, gets, scanf
  • Python: pickle.loads, eval, exec
  • SQL: String concatenation in queries
  • Shell: os.system, subprocess with shell=True

Unsafe Patterns:

  • Unvalidated user input
  • Missing bounds checking
  • Weak cryptographic algorithms
  • Hard-coded secrets
  • Missing authentication decorators

Context Analysis:

  • Data flow from user input to sink
  • Sanitization and validation presence
  • Authentication/authorization checks
  • Error handling adequacy

3. Severity Assessment

Assign severity based on:

CRITICAL:

  • Remote code execution possible
  • Authentication bypass
  • SQL injection with admin access
  • Arbitrary file read/write

HIGH:

  • Privilege escalation
  • Sensitive data exposure
  • Hard-coded credentials
  • Weak cryptography for sensitive data

MEDIUM:

  • Information disclosure
  • Denial of service
  • Missing input validation
  • Insecure configuration

LOW:

  • Minor information leaks
  • Verbose error messages
  • Missing security headers

4. Confidence Level

Assess confidence in finding:

HIGH: Clear vulnerability pattern, no mitigating factors MEDIUM: Vulnerability likely but context unclear LOW: Potential issue requiring manual verification

5. Generate Report

Structure findings as:

## Vulnerability: [Title]

**ID**: VULN-[number]
**CWE**: CWE-[ID]
**Severity**: [CRITICAL/HIGH/MEDIUM/LOW]
**Confidence**: [HIGH/MEDIUM/LOW]
**Location**: [File:Line]

### Description
[What the vulnerability is]

### Code Snippet
```[language]
[vulnerable code]

Impact

  • [Potential consequences]

Remediation

[fixed code]

References

  • [CWE link]
  • [OWASP reference]

## Vulnerability Categories

### Memory Safety (C/C++)

**Buffer Overflow (CWE-119)**:
```c
// VULNERABLE
char buf[10];
strcpy(buf, user_input);  // No bounds check

Use-After-Free (CWE-416):

// VULNERABLE
free(ptr);
ptr->field = value;  // Use after free

Injection Attacks

SQL Injection (CWE-89):

# VULNERABLE
query = f"SELECT * FROM users WHERE id = {user_id}"
cursor.execute(query)

Command Injection (CWE-78):

# VULNERABLE
os.system("ping " + user_host)

XSS (CWE-79):

// VULNERABLE
element.innerHTML = user_input;

Authentication Issues

Missing Authentication (CWE-306):

# VULNERABLE
@app.route('/admin')
def admin_panel():
    return render_template('admin.html')  # No auth check

Hard-coded Credentials (CWE-798):

# VULNERABLE
PASSWORD = "admin123"
API_KEY = "sk-1234567890"

Cryptographic Weaknesses

Weak Algorithm (CWE-327):

# VULNERABLE
hash = hashlib.md5(password.encode()).hexdigest()

Weak Random (CWE-330):

# VULNERABLE
token = random.randint(1000, 9999)  # For security token

Deserialization

Untrusted Data (CWE-502):

# VULNERABLE
obj = pickle.loads(user_data)  # RCE possible

Input Validation

Path Traversal (CWE-22):

# VULNERABLE
with open(f'/uploads/{filename}', 'r') as f:  # ../../../etc/passwd
    content = f.read()

SSRF (CWE-918):

# VULNERABLE
response = requests.get(user_url)  # Can access internal services

Detection Heuristics

Data Flow Analysis

Track tainted data from source to sink:

Sources (user input):

  • HTTP parameters, headers, body
  • Command-line arguments
  • File contents
  • Environment variables
  • Database queries

Sinks (dangerous operations):

  • SQL query execution
  • System command execution
  • File operations
  • HTML output
  • Deserialization

Sanitization (check for):

  • Input validation
  • Escaping/encoding
  • Parameterized queries
  • Whitelist filtering

Pattern Recognition

Dangerous function calls:

  • Without input validation
  • With user-controlled arguments
  • In security-sensitive contexts

Missing security controls:

  • No authentication decorator
  • No authorization check
  • No CSRF protection
  • No rate limiting

Weak configurations:

  • Debug mode enabled
  • Verbose errors
  • Insecure defaults

CWE Reference

For detailed vulnerability patterns and remediation, see cwe_patterns.md.

Key CWE categories:

  • Memory safety (CWE-119, 125, 416, 415)
  • Injection (CWE-89, 78, 79, 91)
  • Authentication (CWE-287, 306, 798, 862)
  • Cryptography (CWE-327, 326, 330, 311)
  • Deserialization (CWE-502, 915)
  • Input validation (CWE-20, 22, 918)

Report Format

Summary Section

# Security Vulnerability Report

**Scan Date**: [Date]
**Code Base**: [Project]
**Total Findings**: [Count]

## Severity Breakdown
- Critical: [Count]
- High: [Count]
- Medium: [Count]
- Low: [Count]

Detailed Findings

For each vulnerability:

  • Unique ID
  • CWE classification
  • Severity and confidence
  • Location (file, line, function)
  • Description
  • Code snippet
  • Impact assessment
  • Remediation guidance
  • References

Recommendations

Prioritized action items:

  1. Fix critical vulnerabilities immediately
  2. Address high-severity issues
  3. Plan remediation for medium/low issues
  4. Implement security best practices

Examples

For complete vulnerability detection examples including:

  • SQL injection analysis
  • Buffer overflow detection
  • Hard-coded credentials
  • Insecure deserialization
  • Missing authentication
  • Weak cryptography

See examples.md.

Analysis Tips

  • Context matters: Consider surrounding code and mitigations
  • False positives: Mark uncertain findings as low confidence
  • Data flow: Trace user input to dangerous sinks
  • Defense in depth: Note multiple security layers
  • Language-specific: Apply appropriate patterns per language
  • Framework awareness: Consider framework protections
  • Configuration: Check for insecure settings
  • Dependencies: Note vulnerable library versions
  • Completeness: Scan all code paths
  • Prioritize: Focus on critical and high severity first

Install

Download ZIP
Requires askill CLI v1.0+

AI Quality Score

90/100Analyzed 2/24/2026

Comprehensive security vulnerability detection skill with detailed workflow, extensive vulnerability categories, CWE references, code examples, severity assessment, and report templates. Well-structured and highly actionable for security code reviews.

95
90
90
85
90

Metadata

Licenseunknown
Version-
Updated2/20/2026
PublisherArabelaTso

Tags

apidatabasegithub-actionssecurity