apiliumcode/code-security
skills/official/code-security/SKILL.md
Classifies code vulnerabilities by OWASP Top 10 and CWE identifiers
$ install --global
skillsauthnpx skillsauth add apiliumcode/mayros code-securityInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 4, 2026, 4:15 AM6.1s8 files scanned
SKILL.md
- name:
- code-security
- description:
- Classifies code vulnerabilities by OWASP Top 10 and CWE identifiers
- type:
- semantic
- user-invocable:
- true
- skillVersion:
- 1
- graph:
- [read, write]
- proofs:
- [request]
- memory:
- [recall]
- - predicate:
- security:history
- requireProof:
- false
- scope:
- agent
code-security
Classifies code vulnerabilities by OWASP Top 10 categories and CWE identifiers, providing severity ratings for each finding.
When to Use
Use this skill when:
- Reviewing code snippets stored in the knowledge graph for security vulnerabilities
- Performing automated security audits on code content
- Classifying findings by CWE identifier and severity level before human review
Vulnerability Coverage
The skill detects 12 vulnerability classes:
| CWE | Category | Severity | | ------- | ---------------------------------- | -------- | | CWE-89 | SQL Injection | critical | | CWE-79 | Cross-Site Scripting (XSS) | high | | CWE-78 | Command Injection | critical | | CWE-22 | Path Traversal | high | | CWE-502 | Insecure Deserialization | high | | CWE-798 | Hardcoded Secrets | critical | | CWE-95 | Code Injection | critical | | CWE-918 | Server-Side Request Forgery (SSRF) | high | | CWE-327 | Weak Cryptography | medium | | CWE-601 | Open Redirect | medium | | CWE-209 | Information Exposure | low | | CWE-306 | Missing Authentication | medium |
Instructions
- Store code content in the graph using
skill_assertor other write tools - Query with predicate
security:findingto trigger the code-security runtime - The skill enriches each result with a
findingsarray containing CWE IDs and severity levels - Use
security:vulnerability(with proof) to record confirmed vulnerabilities - Query
security:historyto review past audit results for the current agent
Related Skills
apiliumcode/xurl
tools
VerifiedTrustedCommunity
A CLI tool for making authenticated requests to the X (Twitter) API. Use this skill when you need to post tweets, reply, quote, search, read posts, manage followers, send DMs, upload media, or interact with any X API v2 endpoint.
10SKILL.mdUpdated Apr 4, 2026
apiliumcode/weather
development
VerifiedTrustedCommunity
Get current weather and forecasts via wttr.in or Open-Meteo. Use when: user asks about weather, temperature, or forecasts for any location. NOT for: historical weather data, severe weather alerts, or detailed meteorological analysis. No API key needed.
10SKILL.mdUpdated Apr 4, 2026
apiliumcode/wacli
tools
VerifiedTrustedCommunity
Send WhatsApp messages to other people or search/sync WhatsApp history via the wacli CLI (not for normal user chats).
10SKILL.mdUpdated Apr 4, 2026
apiliumcode/voice-call
tools
VerifiedTrustedCommunity
Start voice calls via the Mayros voice-call plugin.
10SKILL.mdUpdated Apr 4, 2026