Claude Code Plugins

Community-maintained marketplace

Feedback

vulnerability-assessor

@matteocervelli/llms
1
0

Assess identified vulnerabilities for exploitability, impact, and risk. Provide CVSS scoring and remediation strategies. Use when analyzing security findings.

Install Skill

1Download skill
2Enable skills in Claude

Open claude.ai/settings/capabilities and find the "Skills" section

3Upload to Claude

Click "Upload skill" and select the downloaded ZIP file

Note: Please verify skill by going through its instructions before using it.

SKILL.md

name vulnerability-assessor
description Assess identified vulnerabilities for exploitability, impact, and risk. Provide CVSS scoring and remediation strategies. Use when analyzing security findings.
allowed-tools Read, Grep, Glob, Bash

Vulnerability Assessor Skill

Purpose

This skill provides deep analysis of security vulnerabilities, evaluating exploitability, assessing business impact, calculating risk scores, and providing detailed remediation strategies.

When to Use

  • After security scanning identifies vulnerabilities
  • Need to prioritize security findings
  • Assessing exploitability of vulnerabilities
  • Calculating CVSS scores
  • Creating remediation roadmaps
  • Risk assessment for security issues

Assessment Workflow

1. Vulnerability Classification

Categorize by Type:

Injection Vulnerabilities:

  • SQL Injection (SQLi)
  • Command Injection
  • Code Injection
  • LDAP Injection
  • XPath Injection
  • NoSQL Injection
  • OS Command Injection

Broken Authentication:

  • Weak password policies
  • Session fixation
  • Credential stuffing vulnerabilities
  • Insecure authentication tokens
  • Missing MFA

Sensitive Data Exposure:

  • Unencrypted data in transit
  • Unencrypted data at rest
  • Exposed credentials
  • PII leakage
  • API keys in code

XML External Entities (XXE):

  • XML parsing vulnerabilities
  • External entity injection
  • DTD injection

Broken Access Control:

  • Insecure direct object references (IDOR)
  • Missing authorization checks
  • Privilege escalation
  • CORS misconfiguration

Security Misconfiguration:

  • Default credentials
  • Unnecessary features enabled
  • Error messages leaking information
  • Missing security headers

Cross-Site Scripting (XSS):

  • Reflected XSS
  • Stored XSS
  • DOM-based XSS

Insecure Deserialization:

  • Pickle in Python
  • Unsafe YAML loading
  • JSON deserialization issues

Using Components with Known Vulnerabilities:

  • Outdated dependencies
  • Unpatched libraries
  • Known CVEs

Insufficient Logging & Monitoring:

  • Missing security event logging
  • No alerting on suspicious activity
  • Inadequate audit trails

Deliverable: Categorized vulnerability list

2. Exploitability Assessment

Evaluate Ease of Exploitation:

Easy (High Exploitability):

  • Publicly available exploits
  • No authentication required
  • Automated tools can exploit
  • Simple proof of concept
  • Wide attack surface

Medium Exploitability:

  • Requires some technical knowledge
  • Authentication needed but weak
  • Manual exploitation required
  • Specific conditions must be met
  • Limited attack surface

Hard (Low Exploitability):

  • Deep technical expertise required
  • Strong authentication needed
  • Complex exploitation chain
  • Rare conditions required
  • Very limited attack surface

Assessment Criteria:

  • Attack vector (Network, Adjacent, Local, Physical)
  • Attack complexity (Low, High)
  • Privileges required (None, Low, High)
  • User interaction (None, Required)
  • Available exploit code
  • Known exploitation in the wild

Deliverable: Exploitability rating for each vulnerability

3. Impact Analysis

Assess Business Impact:

Confidentiality Impact:

  • None: No information disclosure
  • Low: Minimal sensitive data exposed
  • High: Significant sensitive data exposed (PII, credentials, business secrets)

Integrity Impact:

  • None: No data modification
  • Low: Limited data modification
  • High: Significant data can be modified/deleted

Availability Impact:

  • None: No service disruption
  • Low: Minimal performance degradation
  • High: Service can be completely disrupted (DoS)

Business Impact Examples:

Critical Business Impact:

  • Customer data breach
  • Financial fraud
  • Regulatory compliance violation
  • Brand reputation damage
  • Complete service outage

High Business Impact:

  • Internal data exposure
  • Service degradation
  • Limited compliance issues
  • Moderate reputation risk

Medium Business Impact:

  • Information disclosure (non-sensitive)
  • Temporary service issues
  • Minor compliance concerns

Low Business Impact:

  • Minimal data exposure
  • No service impact
  • Best practice violations

Deliverable: Impact assessment for each vulnerability

4. CVSS Scoring

Calculate CVSS v3.1 Score:

Base Metrics:

  1. Attack Vector (AV):

    • Network (N): 0.85
    • Adjacent (A): 0.62
    • Local (L): 0.55
    • Physical (P): 0.2

  2. Attack Complexity (AC):

    • Low (L): 0.77
    • High (H): 0.44

  3. Privileges Required (PR):

    • None (N): 0.85
    • Low (L): 0.62 (0.68 if scope changed)
    • High (H): 0.27 (0.50 if scope changed)

  4. User Interaction (UI):

    • None (N): 0.85
    • Required (R): 0.62

  5. Scope (S):

    • Unchanged (U)
    • Changed (C)

  6. Confidentiality Impact (C):

    • None (N): 0.0
    • Low (L): 0.22
    • High (H): 0.56

  7. Integrity Impact (I):

    • None (N): 0.0
    • Low (L): 0.22
    • High (H): 0.56

  8. Availability Impact (A):

    • None (N): 0.0
    • Low (L): 0.22
    • High (H): 0.56

CVSS Score Ranges:

  • 0.0: None
  • 0.1-3.9: Low
  • 4.0-6.9: Medium
  • 7.0-8.9: High
  • 9.0-10.0: Critical

Example CVSS Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Score: 9.8 (Critical)

Use CVSS Calculator:

# If available, use online calculator:
# https://www.first.org/cvss/calculator/3.1

Deliverable: CVSS score and vector for each vulnerability

5. Risk Prioritization

Risk Matrix:

Severity Exploitability Priority SLA
Critical Easy P0 24 hours
Critical Medium P0 24 hours
Critical Hard P1 7 days
High Easy P0 24 hours
High Medium P1 7 days
High Hard P2 30 days
Medium Easy P2 30 days
Medium Medium P2 30 days
Medium Hard P3 90 days
Low Any P3 90 days

Priority Definitions:

  • P0: Emergency - Fix immediately
  • P1: Urgent - Fix this week
  • P2: Important - Fix this month
  • P3: Normal - Schedule for next release

Additional Risk Factors:

  • Publicly disclosed vulnerability
  • Active exploitation in the wild
  • Compliance requirements (PCI-DSS, HIPAA, GDPR)
  • Customer-facing systems
  • Access to sensitive data

Deliverable: Prioritized vulnerability list with SLAs

6. Proof of Concept (Safe)

Demonstrate Impact (Safely):

SQL Injection Example:

Input: ' OR '1'='1
Expected: Authentication bypass or data exposure
Actual: [observed behavior]

XSS Example:

Input: <script>alert('XSS')</script>
Expected: Script execution
Actual: [observed behavior]

Path Traversal Example:

Input: ../../etc/passwd
Expected: Access to restricted files
Actual: [observed behavior]

IMPORTANT:

  • Only demonstrate in test/dev environments
  • Never exploit production systems
  • Use safe payloads (alert, not actual malicious code)
  • Document all testing activity
  • Get authorization before testing

Deliverable: Safe proof of concept for high-priority vulnerabilities

7. Remediation Strategies

Provide Fix Recommendations:

SQL Injection:

# VULNERABLE
cursor.execute(f"SELECT * FROM users WHERE id = {user_id}")

# SECURE
cursor.execute("SELECT * FROM users WHERE id = %s", (user_id,))

Command Injection:

# VULNERABLE
os.system(f"ping {user_input}")

# SECURE
import subprocess
subprocess.run(["ping", "-c", "1", user_input], check=True)

XSS:

// VULNERABLE
element.innerHTML = userInput;

// SECURE
element.textContent = userInput;
// Or use DOMPurify for HTML
element.innerHTML = DOMPurify.sanitize(userInput);

Weak Cryptography:

# VULNERABLE
import hashlib
hash = hashlib.md5(password.encode()).hexdigest()

# SECURE
from passlib.hash import argon2
hash = argon2.hash(password)

Insecure Deserialization:

# VULNERABLE
import pickle
data = pickle.loads(user_data)

# SECURE
import json
data = json.loads(user_data)

Path Traversal:

# VULNERABLE
with open(f"/uploads/{filename}", 'r') as f:
    content = f.read()

# SECURE
import os
safe_path = os.path.join("/uploads", os.path.basename(filename))
if not safe_path.startswith("/uploads/"):
    raise ValueError("Invalid path")
with open(safe_path, 'r') as f:
    content = f.read()

Remediation Strategy Components:

  1. Immediate Fix: Quick patch to mitigate
  2. Proper Fix: Correct implementation
  3. Verification: How to test the fix
  4. Prevention: How to avoid in future
  5. Detection: How to catch similar issues

Deliverable: Detailed remediation guide for each vulnerability

8. Dependency Vulnerability Assessment

Assess Third-Party Dependencies:

Evaluate CVEs:

# Get CVE details
curl https://nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-XXXXX

# Check fix availability
pip show <package-name>
pip index versions <package-name>

Assessment Checklist:

  • CVE severity (CVSS score)
  • Affected versions
  • Fixed versions available
  • Upgrade path complexity
  • Breaking changes in fix
  • Workarounds available
  • Exploitation likelihood

Remediation Options:

  1. Upgrade: Best option if available
  2. Patch: Apply security patch
  3. Workaround: Mitigate without upgrade
  4. Replace: Use alternative package
  5. Accept Risk: Document and monitor (rare)

Example Assessment:

### CVE-2024-12345 - requests package

**Severity**: High (CVSS 7.5)
**Affected**: requests < 2.31.0
**Current Version**: 2.28.0
**Fixed In**: 2.31.0

**Vulnerability**: SSRF via redirect handling

**Exploitability**: Medium
- Requires attacker to control redirect URLs
- Application must follow redirects

**Impact**: High
- Can access internal network resources
- Potential data exfiltration

**Recommendation**: Upgrade to 2.31.0+
**Breaking Changes**: None
**Upgrade Risk**: Low

**Action**: Upgrade immediately (P1)

Deliverable: Dependency vulnerability assessment with upgrade plan

Assessment Report Format

# Vulnerability Assessment Report

**Date**: [YYYY-MM-DD]
**Assessed By**: Vulnerability Assessor
**Scope**: [Application/Component]

## Executive Summary

Total Vulnerabilities: [count]
- Critical: [count] (P0: [count], P1: [count])
- High: [count] (P0: [count], P1: [count], P2: [count])
- Medium: [count]
- Low: [count]

Immediate Actions Required: [count]

## Detailed Assessments

### [Vulnerability ID] - [Title]

**Category**: [OWASP Category]
**Severity**: [Critical/High/Medium/Low]
**CVSS Score**: [score] ([vector])
**Priority**: [P0/P1/P2/P3]
**SLA**: [timeframe]

**Location**: [file:line]

**Description**:
[What is the vulnerability]

**Exploitability**: [Easy/Medium/Hard]
[Rationale for exploitability rating]

**Impact**:
- Confidentiality: [None/Low/High]
- Integrity: [None/Low/High]
- Availability: [None/Low/High]
- Business Impact: [description]

**Proof of Concept**:

[Safe PoC]


**Remediation**:

*Immediate Mitigation*:
[Quick fix to reduce risk]

*Proper Fix*:
```python
[Code example]

Verification: [How to test fix works]

Prevention: [How to avoid in future]

References:

Risk Summary

P0 - Immediate Action (24h)

  1. [Vulnerability 1] - Critical SQL Injection
  2. [Vulnerability 2] - Critical Authentication Bypass

P1 - This Week (7d)

  1. [Vulnerability 3] - High XSS
  2. [Vulnerability 4] - High IDOR

P2 - This Month (30d)

[List]

P3 - Next Release (90d)

[List]

Remediation Roadmap

Week 1:

  • Fix P0 items 1-2
  • Begin P1 items

Week 2:

  • Complete P1 items
  • Begin P2 items

Month 2-3:

  • Address P2 and P3 items
  • Implement preventive measures

Metrics

  • Total Risk Reduction: [estimated %]
  • Estimated Effort: [hours/days]
  • Dependencies: [blocking items]

Conclusion

[Overall assessment and next steps]


---

## Best Practices

**Assessment**:
- Use consistent scoring methodology
- Document all assumptions
- Consider environmental factors
- Account for compensating controls
- Review with security team

**Prioritization**:
- Business context matters
- Exploit availability increases priority
- Compliance requirements elevate risk
- Customer data > internal data
- Authentication/authorization issues are critical

**Remediation**:
- Fix root cause, not symptoms
- Defense in depth - multiple controls
- Test fixes thoroughly
- Document changes
- Share lessons learned

**Communication**:
- Be clear and concise
- Avoid fear-mongering
- Provide actionable guidance
- Educate developers
- Track progress

---

## Integration with Security Workflow

**Input**: Security scan results
**Process**: Detailed vulnerability analysis and risk assessment
**Output**: Prioritized remediation roadmap
**Next Step**: OWASP compliance checking or implementation

---

## Remember

- **Context is key**: Same vulnerability has different risk in different contexts
- **Exploitability matters**: Critical vulnerability that's hard to exploit may be lower priority than high vulnerability that's easy to exploit
- **Business impact drives priority**: Focus on what matters to the business
- **Provide solutions**: Don't just identify problems
- **Track to closure**: Ensure fixes are implemented and verified
- **Learn from findings**: Use vulnerabilities to improve secure coding practices

Your goal is to provide actionable security intelligence that enables effective risk-based remediation.