Stats
Actions
Available In
Tags
Plugin
secdb-skills
Vulnerability scanning skills powered by ZEN SecDB. Provides purl_audit-powered dependency auditing for npm, pypi, gem, golang, maven, cargo, composer, and nuget ecosystems.
What's Inside
Skills3
secdb-audit-package
/secdb-audit-package
Check a specific package, PURL, or manifest file for known vulnerabilities using ZEN SecDB purl_audit. Use when the user asks about a specific package version, provides a PURL string, or wants to check a single dependency file.
secdb-sbom-audit
/secdb-sbom-audit
Audit a CycloneDX Software Bill of Materials (SBOM) file for known vulnerabilities using ZEN SecDB purl_audit. Use when the user provides or mentions a bom.json or bom.xml CycloneDX file and wants to check it for vulnerabilities.
secdb-security-audit
/secdb-security-audit
Scan the current project for vulnerable application dependencies using ZEN SecDB purl_audit. Detects manifest files automatically (package.json, requirements.txt, Cargo.lock, go.mod, Gemfile.lock, pom.xml, composer.lock, *.csproj) and audits all dependencies. Use when the user asks about dependency vulnerabilities, security audit, or wants to check if the project has known CVEs.
MCP Servers1
README
ZEN SecDB Skills
Vulnerability scanning skills powered by ZEN SecDB.
Compatible with Claude Code, Codex CLI, Gemini CLI, GitHub Copilot, Cursor, and any agent that supports the SKILL.md open standard.
Install
npx skills (recommended — works with all agents):
npx skills add giterlizzi/secdb-skills
Manual install
Copy skills to your agent's directory:
| Agent | Directory |
|---|---|
| Claude Code | .claude/skills/ (project) or ~/.claude/skills/ (global) |
| Codex CLI | .codex/skills/ or ~/.codex/skills/ |
| Gemini CLI | .gemini/skills/ or ~/.gemini/skills/ |
| GitHub Copilot | .github/skills/ |
| Cursor | .cursor/skills/ |
git clone https://github.com/giterlizzi/secdb-skills
# Example: Claude Code global install
cp -r secdb-skills/skills/* ~/.claude/skills/
cp secdb-skills/CLAUDE.md ~/.claude/CLAUDE.md
Skills
| Skill | Command | Description |
|---|---|---|
secdb-security-audit | /secdb-security-audit | Scan all project dependencies for vulnerabilities |
secdb-sbom-audit | /secdb-sbom-audit [path] | Audit a CycloneDX SBOM file |
secdb-audit-package | /secdb-audit-package [target] | Check a specific package, PURL, or manifest file |
Supported ecosystems
| Ecosystem | PURL type |
|---|---|
| Node.js | pkg:npm |
| Python | pkg:pypi |
| Ruby | pkg:gem |
| Go | pkg:golang |
| Java/JVM | pkg:maven |
| Rust | pkg:cargo |
| PHP | pkg:composer |
| .NET | pkg:nuget |
MCP server
The skills require the ZEN SecDB MCP server.
Automatic (Claude Code): the .mcp.json in this repo configures the server automatically when you open the directory in Claude Code. No manual steps needed.
Manual install:
claude mcp add zen-secdb https://secdb.nttzen.cloud/mcp
Or add to ~/.claude/mcp.json (global) or .mcp.json (project):
{
"mcpServers": {
"zen-secdb": {
"url": "https://secdb.nttzen.cloud/mcp"
}
}
}
Additional info
- ZEN SecDB - Vulnerability intelligence platform
- ZEN SecDB MCP Server — endpoint:
https://secdb.nttzen.cloud/mcp· docs
License
MIT
Stats
Version1.0.0
Stars0
MaintenanceExcellent
LicenseMIT
Last Commit
Added
Available In
Safety Signals
Caution
External network access
Connects to servers outside your machine
Tags
Categories
