Vuln Scanner
Audits trending GitHub repositories for security vulnerabilities and submits fixes through pull requests.
Install this skill
or
0/100
Security score
The Vuln Scanner skill was audited on Jun 14, 2026 and we found 7 security issues across 2 threat categories, including 1 critical. Review the findings below before installing.
Categories Tested
Security Issues
high line 10
Template literal with variable interpolation in command context
SourceSKILL.md
| 10 | > **${var}** — Target repo in `owner/repo`. If empty, auto-select from `.outputs/github-trending.md` or GitHub's trending API. |
high line 26
Template literal with variable interpolation in command context
SourceSKILL.md
| 26 | If `${var}` is set, use it. Otherwise: |
high line 215
Template literal with variable interpolation in command context
SourceSKILL.md
| 215 | Save to `articles/vuln-scan-${today}.md` with sections for: repo metadata, scanner sources (ok/fail per tool), candidate count, confirmed findings with severity and channel, dedup note. Do **not** inc |
high line 236
Template literal with variable interpolation in command context
SourceSKILL.md
| 236 | Append to `memory/logs/${today}.md`: |
high line 73
Piping content to sh shell
SourceSKILL.md
| 73 | | sh -s -- -b /tmp/bin 2>/dev/null || true |
critical line 249
Piping content to sh shell
SourceSKILL.md
| 249 | Scanner binaries (`semgrep`, `trufflehog`, `osv-scanner`, `slither`) are **not pre-installed** in the GitHub Actions sandbox, and outbound `pip install` / `curl | sh` downloads may be blocked. Operato |
low line 151
External URL reference
SourceSKILL.md
| 151 | Detected by [osv-scanner](https://google.github.io/osv-scanner/). No code changes outside the lockfile/manifest. |
Scanned on Jun 14, 2026
View Security DashboardGitHub Stars 14
Rate this skill
Categorydevelopment
UpdatedJune 15, 2026
claudefrontenddocxgitapidatabasetestingbackendsecurity-engineerbackend-developerdevops-sregithubdevelopment
aaronjmars/miroshark-aeon