← Back to Skills

Vulnerability Scanning

🌐Community
by aj-geddes · vlatest · Repository

This tool automatically identifies potential security weaknesses in your systems and applications, proactively protecting against threats and improving resilience.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add vulnerability-scanning npx -- -y @trustedskills/vulnerability-scanning
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "vulnerability-scanning": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/vulnerability-scanning"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

vulnerability-scanning

What it does

This skill enables AI agents to automatically scan codebases and infrastructure for known security vulnerabilities, misconfigurations, and weak cryptographic implementations. It leverages tools like Trivy and Semgrep to provide actionable reports on potential risks before deployment.

When to use it

  • Before deploying new containers or images to production environments.
  • During the CI/CD pipeline to block builds containing critical CVEs.
  • When auditing third-party dependencies for outdated or insecure packages.
  • To identify configuration errors in cloud infrastructure-as-code files.

Key capabilities

  • Scans container images and Dockerfiles for vulnerabilities using Trivy.
  • Analyzes codebases for security issues with Semgrep rules.
  • Detects weak cryptographic implementations and hardcoded secrets.
  • Generates structured reports detailing severity levels and remediation steps.

Example prompts

  • "Scan my latest Docker image for any known CVEs and list the high-severity findings."
  • "Run a Semgrep analysis on my Python repository to find potential SQL injection vulnerabilities."
  • "Check my infrastructure-as-code configuration for misconfigurations that expose sensitive data."

Tips & gotchas

Ensure your AI agent has read access to the relevant repositories or container registries before initiating scans. While this skill identifies known issues, it should be combined with manual code reviews and penetration testing for comprehensive security coverage.

View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
aj-geddes
Installs
118
Repository (canonical source) →

🌐 Community

Passed automated security scans.