Security Scanner

What it does

This skill performs security scans on provided URLs, identifying potential vulnerabilities and risks. It analyzes web pages to detect common issues like cross-site scripting (XSS), SQL injection, and other OWASP Top 10 threats. The results are presented in a structured format highlighting the identified problems and providing recommendations for remediation.

When to use it

• Website Security Audits: Regularly scan your websites or those of clients to proactively identify vulnerabilities before they can be exploited.
• Penetration Testing Support: Use as part of a broader penetration testing process to automate initial vulnerability discovery.
• Code Review Assistance: Integrate into code review workflows to automatically flag potential security flaws in web applications.
• Security Awareness Training: Demonstrate common vulnerabilities and educate developers on secure coding practices.

Key capabilities

• URL scanning for common web vulnerabilities
• Identification of XSS, SQL injection, and OWASP Top 10 threats
• Structured reporting of identified issues with remediation recommendations

Example prompts

• "Scan the website https://example.com for security vulnerabilities."
• "Perform a security scan on https://mywebapp.test/login and report any potential XSS risks."
• "Analyze https://vulnerable-site.org and identify SQL injection vulnerabilities."

Tips & gotchas

The skill's effectiveness depends on the accuracy of its vulnerability detection algorithms, which may not cover all possible attack vectors. Always combine automated scanning with manual security reviews for comprehensive assessments.