vulnerability-assessment — community vulnerability-assessment, CyberStrikeAI, community, ide skills, Claude Code, Cursor, Windsurf

v1.0.0
GitHub

About this Skill

Perfect for Cybersecurity Agents needing advanced vulnerability assessment and penetration testing capabilities. CyberStrikeAI is an AI-native security testing platform built in Go. It integrates 100+ security tools, an intelligent orchestration engine, role-based testing with predefined security roles, a skills system with specialized testing skills, and comprehensive lifecycle management capabilities.

Ed1s0nZ Ed1s0nZ
[0]
[0]
Updated: 3/5/2026

Agent Capability Analysis

The vulnerability-assessment skill by Ed1s0nZ is an open-source community AI agent skill for Claude Code and other IDE workflows, helping agents execute tasks with better context, repeatability, and domain-specific guidance.

Ideal Agent Persona

Perfect for Cybersecurity Agents needing advanced vulnerability assessment and penetration testing capabilities.

Core Value

Empowers agents to identify and evaluate system vulnerabilities using tools like Nessus, OpenVAS, and Nmap, and provides comprehensive risk assessment and management capabilities, including network scanning, host scanning, application scanning, and configuration scanning.

Capabilities Granted for vulnerability-assessment

Automating vulnerability scanning and reporting for compliance
Generating risk assessments and recommendations for remediation
Validating vulnerability exploits using manual and automated testing methods

! Prerequisites & Limits

  • Requires network and system access for scanning
  • Dependent on tool availability and configuration, such as Nessus and OpenVAS
  • May require additional setup and configuration for optimal results
Labs Demo

Browser Sandbox Environment

⚡️ Ready to unleash?

Experience this Agent in a zero-setup browser environment powered by WebContainers. No installation required.

Boot Container Sandbox

vulnerability-assessment

Install vulnerability-assessment, an AI agent skill for AI agent workflows and automation. Works with Claude Code, Cursor, and Windsurf with one-command...

SKILL.md
Readonly

漏洞评估

概述

漏洞评估是识别和评估系统漏洞的重要环节。本技能提供漏洞评估的方法、工具和最佳实践。

评估流程

1. 范围确定

确定范围:

  • 目标系统
  • 网络范围
  • 应用范围
  • 测试深度

2. 信息收集

收集信息:

  • 系统信息
  • 网络拓扑
  • 服务信息
  • 应用信息

3. 漏洞扫描

扫描类型:

  • 网络扫描
  • 主机扫描
  • 应用扫描
  • 配置扫描

4. 漏洞验证

验证方法:

  • 手动验证
  • 工具验证
  • 概念验证
  • 影响评估

5. 风险评估

评估因素:

  • 漏洞严重性
  • 利用难度
  • 影响范围
  • 业务影响

扫描工具

网络扫描

使用Nessus:

bash
1# 启动Nessus
2# 创建扫描任务
3# 配置扫描策略
4# 执行扫描
5# 分析结果

使用OpenVAS:

bash
1# 启动OpenVAS
2gvm-setup
3
4# 创建扫描任务
5# 执行扫描
6# 分析结果

使用Nmap:

bash
1# 漏洞扫描
2nmap --script vuln target
3
4# 特定漏洞
5nmap --script smb-vuln-ms17-010 target

应用扫描

使用Burp Suite:

bash
1# 配置代理
2# 浏览应用
3# 被动扫描
4# 主动扫描
5# 分析结果

使用OWASP ZAP:

bash
1# 启动ZAP
2zap.sh
3
4# 快速扫描
5zap-cli quick-scan http://target.com
6
7# 完整扫描
8zap-cli full-scan http://target.com

使用Acunetix:

bash
1# 启动Acunetix
2# 创建扫描任务
3# 配置扫描选项
4# 执行扫描
5# 分析结果

代码扫描

使用SonarQube:

bash
1# 运行扫描
2sonar-scanner
3
4# 分析结果
5# 查看报告

使用Checkmarx:

bash
1# 使用Web界面
2# 上传代码
3# 执行扫描
4# 分析结果

漏洞分类

按严重性

严重(Critical):

  • 远程代码执行
  • SQL注入
  • 认证绕过
  • 敏感数据泄露

高危(High):

  • 权限提升
  • 信息泄露
  • 业务逻辑漏洞
  • 配置错误

中危(Medium):

  • XSS漏洞
  • CSRF漏洞
  • 弱密码
  • 不安全的配置

低危(Low):

  • 信息泄露
  • 配置建议
  • 最佳实践
  • 信息收集

按类型

注入漏洞:

  • SQL注入
  • 命令注入
  • LDAP注入
  • XPath注入

认证漏洞:

  • 弱密码
  • 会话固定
  • 认证绕过
  • 密码重置

授权漏洞:

  • 权限提升
  • IDOR
  • 水平权限
  • 垂直权限

配置错误:

  • 默认配置
  • 错误配置
  • 不安全的存储
  • 敏感信息泄露

风险评估

CVSS评分

基础指标:

  • 攻击向量(AV)
  • 攻击复杂度(AC)
  • 所需权限(PR)
  • 用户交互(UI)

影响指标:

  • 机密性影响(C)
  • 完整性影响(I)
  • 可用性影响(A)

计算CVSS:

bash
1# 使用CVSS计算器
2# 输入指标
3# 计算分数
4# 确定等级

业务影响

评估因素:

  • 数据敏感性
  • 系统重要性
  • 业务影响
  • 合规要求

风险矩阵:

           低影响    中影响    高影响
高可能性    中       高       严重
中可能性    低       中       高
低可能性    低       低       中

报告编写

报告结构

执行摘要:

  • 评估概述
  • 关键发现
  • 风险评级
  • 建议措施

详细发现:

  • 漏洞描述
  • 影响分析
  • 利用步骤
  • 修复建议

附录:

  • 扫描配置
  • 工具版本
  • 参考链接
  • 术语表

报告模板

markdown
1# 漏洞评估报告
2
3## 执行摘要
4- 评估时间:2024-01-01
5- 评估范围:xxx
6- 发现漏洞:xx个
7- 严重漏洞:x个
8
9## 漏洞列表
10
11### VULN-001: SQL注入
12- 严重性:严重
13- CVSS评分:9.8
14- 描述:...
15- 影响:...
16- 修复建议:...
17
18## 总结
19...

最佳实践

1. 扫描前

  • 获得授权
  • 确定范围
  • 准备工具
  • 通知相关人员

2. 扫描中

  • 系统化扫描
  • 记录操作
  • 验证漏洞
  • 评估影响

3. 扫描后

  • 分析结果
  • 编写报告
  • 提供建议
  • 跟踪修复

注意事项

  • 获得明确授权
  • 避免对系统造成影响
  • 保护扫描数据
  • 及时报告关键漏洞

FAQ & Installation Steps

These questions and steps mirror the structured data on this page for better search understanding.

? Frequently Asked Questions

What is vulnerability-assessment?

Perfect for Cybersecurity Agents needing advanced vulnerability assessment and penetration testing capabilities. CyberStrikeAI is an AI-native security testing platform built in Go. It integrates 100+ security tools, an intelligent orchestration engine, role-based testing with predefined security roles, a skills system with specialized testing skills, and comprehensive lifecycle management capabilities.

How do I install vulnerability-assessment?

Run the command: npx killer-skills add Ed1s0nZ/CyberStrikeAI/vulnerability-assessment. It works with Cursor, Windsurf, VS Code, Claude Code, and 19+ other IDEs.

What are the use cases for vulnerability-assessment?

Key use cases include: Automating vulnerability scanning and reporting for compliance, Generating risk assessments and recommendations for remediation, Validating vulnerability exploits using manual and automated testing methods.

Which IDEs are compatible with vulnerability-assessment?

This skill is compatible with Cursor, Windsurf, VS Code, Trae, Claude Code, OpenClaw, Aider, Codex, OpenCode, Goose, Cline, Roo Code, Kiro, Augment Code, Continue, GitHub Copilot, Sourcegraph Cody, and Amazon Q Developer. Use the Killer-Skills CLI for universal one-command installation.

Are there any limitations for vulnerability-assessment?

Requires network and system access for scanning. Dependent on tool availability and configuration, such as Nessus and OpenVAS. May require additional setup and configuration for optimal results.

How To Install

  1. 1. Open your terminal

    Open the terminal or command line in your project directory.

  2. 2. Run the install command

    Run: npx killer-skills add Ed1s0nZ/CyberStrikeAI/vulnerability-assessment. The CLI will automatically detect your IDE or AI agent and configure the skill.

  3. 3. Start using the skill

    The skill is now active. Your AI agent can use vulnerability-assessment immediately in the current project.

Related Skills

Looking for an alternative to vulnerability-assessment or another community skill for your workflow? Explore these related open-source skills.

View All

widget-generator

Logo of f
f

f.k.a. Awesome ChatGPT Prompts. Share, discover, and collect prompts from the community. Free and open source — self-host for your organization with complete privacy.

149.6k
0
AI

flags

Logo of vercel
vercel

flags is a Next.js feature management skill that enables developers to efficiently add or modify framework feature flags, streamlining React application development.

138.4k
0
Browser

zustand

Logo of lobehub
lobehub

The ultimate space for work and life — to find, build, and collaborate with agent teammates that grow with you. We are taking agent harness to the next level — enabling multi-agent collaboration, effortless agent team design, and introducing agents as the unit of work interaction.

72.8k
0
AI

data-fetching

Logo of lobehub
lobehub

The ultimate space for work and life — to find, build, and collaborate with agent teammates that grow with you. We are taking agent harness to the next level — enabling multi-agent collaboration, effortless agent team design, and introducing agents as the unit of work interaction.

72.8k
0
AI