VibeRune
Skills

Security Testing

OWASP Top 10, secret detection, dependency scanning, and security patterns. Use when performing security scans, vulnerability assessments, or code security reviews.

Security Testing

Factory

Version: 1.0.0 | License: MIT

Tags: security owasp vulnerabilities scanning

Security Testing Skill

Comprehensive knowledge for application security testing, vulnerability detection, and secure coding practices.

When to Activate

Activate this skill when:

  • Performing security scans
  • Reviewing code for vulnerabilities
  • Detecting hardcoded secrets
  • Assessing OWASP Top 10 risks
  • Scanning dependencies for CVEs

Core Capabilities

Vulnerability Detection

  • OWASP Top 10 coverage
  • Injection flaws (SQL, NoSQL, Command, XSS)
  • Authentication/Authorization issues
  • Cryptographic weaknesses

Secret Detection

  • API keys and tokens
  • Database credentials
  • Cloud provider secrets (AWS, GCP, Azure)
  • Private keys and certificates

Dependency Scanning

  • Known CVEs in packages
  • Outdated dependencies
  • License compliance

Security Patterns

  • Secure coding practices
  • Input validation
  • Output encoding
  • Secure configuration

References

Quick Reference

Common Vulnerability Patterns

SQL Injection

// VULNERABLE
db.query(`SELECT * FROM users WHERE id = ${userId}`);

// SAFE
db.query('SELECT * FROM users WHERE id = $1', [userId]);

XSS

// VULNERABLE
element.innerHTML = userInput;

// SAFE
element.textContent = userInput;

Command Injection

// VULNERABLE
exec(`ls ${userPath}`);

// SAFE
execFile('ls', [userPath]);

Secret Patterns

# AWS Access Key
AKIA[0-9A-Z]{16}

# GitHub Token
ghp_[a-zA-Z0-9]{36}

# Generic API Key
[aA][pP][iI][_-]?[kK][eE][yY].*['\"][a-zA-Z0-9]{16,}

CLI Tools

Optional (graceful degradation if missing):

  • semgrep - Static analysis
  • trivy - Vulnerability scanning
  • gitleaks - Secret detection

Installation (macOS):

brew install semgrep trivy gitleaks

Installation (Linux):

# Semgrep
pip install semgrep

# Trivy
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin

# Gitleaks
curl -sSfL https://github.com/gitleaks/gitleaks/releases/latest/download/gitleaks_linux_x64.tar.gz | tar xz

Fallback (No Tools): Use Grep patterns from references when tools unavailable.

References

Dependency Scanning

Reference documentation

Security Checklist

Reference documentation

Owasp Top 10

Reference documentation

Secret Detection

Reference documentation

Semgrep Patterns

Reference documentation

Docs Seeker

Search technical documentation using executable scripts to detect query type, fetch from llms.txt sources (context7.com), and analyze results. Use when user needs: (1) Topic-specific documentation (fe

AI Multimodal

Process and generate multimedia content using Google Gemini API for better vision capabilities. Capabilities include analyze audio files (transcription with timestamps, summarization, speech understan

On this page

Security TestingSecurity Testing SkillWhen to ActivateCore CapabilitiesVulnerability DetectionSecret DetectionDependency ScanningSecurity PatternsReferencesQuick ReferenceCommon Vulnerability PatternsSecret PatternsCLI ToolsReferences