security-analyzer — community security-analyzer, community, ide skills, Claude Code, Cursor, Windsurf

v1.0.0
GitHub

About this Skill

Ideal for Cybersecurity Agents requiring advanced vulnerability assessment and remediation planning capabilities using Python and CVE data Security analyzer skill for Claude Code

Cornjebus Cornjebus
[0]
[0]
Updated: 3/5/2026

Agent Capability Analysis

The security-analyzer skill by Cornjebus is an open-source community AI agent skill for Claude Code and other IDE workflows, helping agents execute tasks with better context, repeatability, and domain-specific guidance.

Ideal Agent Persona

Ideal for Cybersecurity Agents requiring advanced vulnerability assessment and remediation planning capabilities using Python and CVE data

Core Value

Empowers agents to analyze environments for vulnerabilities, fetch current CVE and exploit data, and generate phased remediation plans with TDD validation using scripts like discover_env.py and fetch_vulns.py, outputting to JSON files like inventory.json and scan_results.json

Capabilities Granted for security-analyzer

Automating environment discovery for vulnerability assessment
Generating remediation plans based on current CVE data
Validating security scan results with TDD

! Prerequisites & Limits

  • Requires Python environment
  • Needs filesystem access for script execution and output
  • Dependent on external CVE and exploit data sources
Labs Demo

Browser Sandbox Environment

⚡️ Ready to unleash?

Experience this Agent in a zero-setup browser environment powered by WebContainers. No installation required.

Boot Container Sandbox

security-analyzer

Install security-analyzer, an AI agent skill for AI agent workflows and automation. Works with Claude Code, Cursor, and Windsurf with one-command setup.

SKILL.md
Readonly

Security Analyzer

Analyze environments for vulnerabilities, fetch current CVE/exploit data, and generate phased remediation plans with TDD validation.

Quick Start

When the user requests a security scan:

  1. Run environment discovery: python .claude/skills/security-analyzer/scripts/discover_env.py .
  2. Save output to inventory.json
  3. Run vulnerability scan: python .claude/skills/security-analyzer/scripts/fetch_vulns.py inventory.json
  4. Save output to scan_results.json
  5. Generate reports: python .claude/skills/security-analyzer/scripts/generate_report.py scan_results.json inventory.json

Workflow

Phase 1: Environment Discovery

Scan working directory for:

  • Dependencies: package.json, requirements.txt, Gemfile, go.mod, Cargo.toml, pom.xml
  • Containers: Dockerfile, docker-compose.yml, kubernetes/*.yaml
  • Cloud IaC: terraform/*.tf, cloudformation/*.yaml, *.bicep
  • Secrets: .env* files (flag exposure risk, never log values)

Run the discovery script:

bash
1python .claude/skills/security-analyzer/scripts/discover_env.py /path/to/project > inventory.json

Phase 2: Vulnerability Intelligence

Fetch current threat data using the vulnerability scanner:

bash
1python .claude/skills/security-analyzer/scripts/fetch_vulns.py inventory.json > scan_results.json
SourcePriorityUse For
CISA KEV1Actively exploited vulns (use WebSearch)
NVD2CVE details + CVSS scores (use WebSearch)
GitHub Advisories3Package-specific vulns (use WebSearch)
OSV.dev4Open source vulns (API in script)

For CISA KEV and additional context, supplement with:

WebSearch: "CVE-XXXX-YYYY CISA KEV exploit"

Phase 3: Risk Scoring

The scanner calculates risk scores using:

Risk = (CVSS * 0.3) + (Exploitability * 0.3) + (Criticality * 0.2) + (Exposure * 0.2)

Exploitability: 10=CISA KEV, 7=public exploit, 3=theoretical
Criticality: 10=auth/payment, 5=core business, 2=logging
Exposure: 10=internet-facing, 5=internal, 2=air-gapped

Phase 4: Phased Remediation

Generate reports with fix commands and validation tests:

bash
1python .claude/skills/security-analyzer/scripts/generate_report.py scan_results.json inventory.json

Each finding includes:

  1. Vulnerability details + risk score
  2. Actual fix code/patch (not just recommendations)
  3. Pre-fix test (proves vuln exists)
  4. Remediation unit tests (tests the fix code)
  5. Post-fix validation (proves vuln resolved)

Phase 5: Reports

Output two reports:

  • security-report-technical.md — Full details for engineers
  • security-report-executive.md — Summary for leadership

See references/report-templates.md for output structure.

TDD Pattern

For each vulnerability, generate three test types:

python
1def test_vuln_exists():
2    """PASS before fix, FAIL after"""
3    assert is_vulnerable("component") == True
4
5def test_fix_works():
6    """Unit test for remediation code"""
7    result = apply_fix(vulnerable_config)
8    assert result.is_secure()
9
10def test_vuln_resolved():
11    """FAIL before fix, PASS after"""
12    assert is_vulnerable("component") == False

Fix Types by Finding

FindingOutput
Dependency CVEVersion bump command + lockfile update
Container issueDockerfile patch
IaC misconfigurationTerraform/K8s fix
Code vulnerabilitySource patch + test
Secret exposureRotation commands + .gitignore update

Example Interaction

User: "Run a security scan on this project"

Claude:

  1. Discovers 47 npm dependencies, 3 Dockerfiles, 2 Terraform configs
  2. Fetches current CVE data from OSV.dev
  3. Identifies 12 vulnerabilities (2 critical, 4 high, 6 medium)
  4. Generates phased remediation plan with:
    • Actual fix commands (npm install lodash@4.17.21)
    • Code patches for IaC misconfigurations
    • TDD tests proving each fix works
  5. Outputs technical and executive reports

FAQ & Installation Steps

These questions and steps mirror the structured data on this page for better search understanding.

? Frequently Asked Questions

What is security-analyzer?

Ideal for Cybersecurity Agents requiring advanced vulnerability assessment and remediation planning capabilities using Python and CVE data Security analyzer skill for Claude Code

How do I install security-analyzer?

Run the command: npx killer-skills add Cornjebus/security-analyzer. It works with Cursor, Windsurf, VS Code, Claude Code, and 19+ other IDEs.

What are the use cases for security-analyzer?

Key use cases include: Automating environment discovery for vulnerability assessment, Generating remediation plans based on current CVE data, Validating security scan results with TDD.

Which IDEs are compatible with security-analyzer?

This skill is compatible with Cursor, Windsurf, VS Code, Trae, Claude Code, OpenClaw, Aider, Codex, OpenCode, Goose, Cline, Roo Code, Kiro, Augment Code, Continue, GitHub Copilot, Sourcegraph Cody, and Amazon Q Developer. Use the Killer-Skills CLI for universal one-command installation.

Are there any limitations for security-analyzer?

Requires Python environment. Needs filesystem access for script execution and output. Dependent on external CVE and exploit data sources.

How To Install

  1. 1. Open your terminal

    Open the terminal or command line in your project directory.

  2. 2. Run the install command

    Run: npx killer-skills add Cornjebus/security-analyzer. The CLI will automatically detect your IDE or AI agent and configure the skill.

  3. 3. Start using the skill

    The skill is now active. Your AI agent can use security-analyzer immediately in the current project.

Related Skills

Looking for an alternative to security-analyzer or another community skill for your workflow? Explore these related open-source skills.

View All

widget-generator

Logo of f
f

f.k.a. Awesome ChatGPT Prompts. Share, discover, and collect prompts from the community. Free and open source — self-host for your organization with complete privacy.

149.6k
0
AI

flags

Logo of vercel
vercel

flags is a Next.js feature management skill that enables developers to efficiently add or modify framework feature flags, streamlining React application development.

138.4k
0
Browser

zustand

Logo of lobehub
lobehub

The ultimate space for work and life — to find, build, and collaborate with agent teammates that grow with you. We are taking agent harness to the next level — enabling multi-agent collaboration, effortless agent team design, and introducing agents as the unit of work interaction.

72.8k
0
AI

data-fetching

Logo of lobehub
lobehub

The ultimate space for work and life — to find, build, and collaborate with agent teammates that grow with you. We are taking agent harness to the next level — enabling multi-agent collaboration, effortless agent team design, and introducing agents as the unit of work interaction.

72.8k
0
AI