Web Vulnerability Analysis Skill
Analyzes web vulnerabilities using AI agents and tools for effective security assessments and penetration testing.
Install this skill
Security score
The Web Vulnerability Analysis Skill skill was audited on May 12, 2026 and we found 33 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Curl to non-GitHub URL
| 113 | curl -s -I http://target.com | grep Server # ❌ 不专业 |
Curl to non-GitHub URL
| 115 | # 错误:自己规划 tasks 用 curl |
Curl to non-GitHub URL
| 117 | Task 2: curl http://target.com/robots.txt # ❌ |
Curl to non-GitHub URL
| 686 | curl http://localhost:5000/health |
Access to hidden dotfiles in home directory
| 51 | source ~/.claude/skills/web-vuln-analyzer/docker/.env |
Access to hidden dotfiles in home directory
| 54 | cd ~/.claude/skills/web-vuln-analyzer |
Access to hidden dotfiles in home directory
| 674 | cd ~/.claude/skills/web-vuln-analyzer |
Access to .env file
| 51 | source ~/.claude/skills/web-vuln-analyzer/docker/.env |
Access to .env file
| 94 | **重要**: 在 `docker/.env` 中设置: |
Access to .env file
| 677 | cat > docker/.env << 'EOF' |
Access to .env file
| 830 | 解决: 在 docker/.env 中设置 CAI_TIMEOUT=1800 |
Access to .env file
| 836 | 解决: 在 docker/.env 中设置 CAI_MAX_TURNS=200 |
External URL reference
| 70 | prompt='识别 http://target.com 的技术指纹', |
External URL reference
| 71 | target='http://target.com', |
External URL reference
| 104 | | `/web-vuln-analyze http://target.com "识别指纹"` | 调用 `bug_bounty_agent`,让它用 whatweb/nmap | |
External URL reference
| 105 | | `/web-vuln-analyze http://target.com` (无报告) | 调用 `redteam_agent`,自动渗透 | |
External URL reference
| 106 | | `/web-vuln-analyze http://target.com report.xml` | 调用 `bug_bounty_agent`,验证报告 | |
External URL reference
| 107 | | `/web-vuln-analyze http://target.com "SQL注入测试"` | 调用 `bug_bounty_agent`,让它用 sqlmap | |
External URL reference
| 113 | curl -s -I http://target.com | grep Server # ❌ 不专业 |
External URL reference
| 116 | Task 1: curl http://target.com # ❌ 应该调用 CAI |
External URL reference
| 117 | Task 2: curl http://target.com/robots.txt # ❌ |
External URL reference
| 577 | target: "https://example.com/login" |
External URL reference
| 686 | curl http://localhost:5000/health |
External URL reference
| 689 | /web-vuln-analyze http://dvwa.local /path/to/burp-report.xml # Mode 1 |
External URL reference
| 690 | /web-vuln-analyze http://dvwa.local /path/to/sonarqube.json # Mode 2 |
External URL reference
| 691 | /web-vuln-analyze http://dvwa.local # Mode 3 |
External URL reference
| 692 | /web-vuln-analyze http://dvwa.local "test for sql injection" # Mode 4 |
External URL reference
| 733 | **PoC**: `https://phemex.com/%5cgoogle.com/%2f%2e%2e` |
External URL reference
| 740 | /web-vuln-analyze https://phemex.com ~/report/phemexwm-140/report.md |
External URL reference
| 747 | - Target: https://phemex.com |
External URL reference
| 748 | - PoC URL: https://phemex.com/%5cgoogle.com/%2f%2e%2e |
External URL reference
| 780 | Final URL: https://phemex.com/404 |
External URL reference
| 786 | Final URL: https://www.google.com/ |