ghost-validate
SolidThis skill should be used when the user asks to "validate a finding", "check if a vulnerability is real", "triage a security finding", "confirm a vulnerability", "determine if a finding is a true positive or false positive", or provides a security finding for review. It validates security vulnerability findings by tracing data flows, verifying exploit conditions, analyzing security controls, and optionally testing attack vectors against a live application.
Install
Quality Score: 88/100
Skill Content
Details
- Author
- ghostsecurity
- Repository
- ghostsecurity/skills
- Created
- 3 months ago
- Last Updated
- 2 months ago
- Language
- Shell
- License
- Apache-2.0
Similar Skills
Semantically similar based on skill content — not just same category
security-check
Vulnerability assessment by a senior application security engineer for a skill, agent, or plugin (Claude Code or Codex marketplace item) before installation. Domain expertise — prompt injection, credential exfiltration, supply-chain compromise, hook abuse, indirection attacks, encoded payloads, social engineering in technical artifacts, tool-model bypass. Deep content review across SKILL.md/agent.md body + ALL dependencies (scripts/, references/, assets/, bundled plugin files). Threat detection by expert reasoning, not regex. Returns structured verdict (GREEN/YELLOW/RED) with cited evidence (file + excerpt + concern). Invoked by the security-auditor agent in parallel per selected item. Use before installing ANY third-party skill, agent, or plugin.
fp-check
Systematic false positive verification for security findings. Provides structured methodology to confirm or dismiss scanner results, manual audit findings, and automated alerts. Adapted from Trail of Bits. Use when triaging security scan results or verifying audit findings.
scanning-input-validation-practices
This skill enables Claude to automatically scan source code for potential input validation vulnerabilities. It identifies areas where user-supplied data is not properly sanitized or validated before being used in operations, which could lead to security exploits like SQL injection, cross-site scripting (XSS), or command injection. Use this skill when the user asks to "scan for input validation issues", "check input sanitization", "find potential XSS vulnerabilities", or similar requests related to securing user input. It is particularly useful during code reviews, security audits, and when hardening applications against common web vulnerabilities. The skill leverages the input-validation-scanner plugin to perform the analysis.
appsec-vulnerability-auditor
Audit application source code for security vulnerabilities with a focus on AI-generated and "vibe-coded" software. Use this skill when the user asks to "review for security", "audit for vulnerabilities", "find security bugs", "do a security review", "check for OWASP Top 10", "look for injection / XSS / SSRF / IDOR / authz issues", or pastes/uploads source code (or a repo, diff, PR) and asks whether it is safe to ship. Also trigger on requests to evaluate AI-generated code, LLM-produced patches, copy-pasted Stack Overflow snippets, or rapidly prototyped MVPs for security risks. Produces a prioritized findings report (Critical / High / Medium / Low / Informational) with reproduction notes, exploit sketches, and concrete remediation patches. Also trigger on "auditar segurança", "revisar segurança", "encontrar vulnerabilidades", "é seguro para o deploy?".
validating-csrf-protection
This skill helps to identify Cross-Site Request Forgery (CSRF) vulnerabilities in web applications. It validates the implementation of CSRF protection mechanisms, such as synchronizer tokens, double-submit cookies, SameSite attributes, and origin validation. Use this skill when you need to analyze your application's security posture against CSRF attacks or when asked to "validate csrf", "check for csrf vulnerabilities", or "test csrf protection".