vulnfinder

vulnfinder

Source-to-sink vulnerability research for Claude Code. A disciplined eight-phase methodology that hunts reportable, non-duplicate, CVSS v4 ≥ 4.0 bugs — and stops before the noise. 21 assigned CVEs and counting.

→ vulnfinderio.github.io

Install

Claude Code (recommended):

/plugin marketplace add vulnfinderio/vulnfinder
/plugin install vulnfinder@vulnfinder

One-liner (wraps the two commands above):

# macOS / Linux
curl -fsSL https://vulnfinderio.github.io/install.sh | bash

# Windows (PowerShell)
irm https://vulnfinderio.github.io/install.ps1 | iex

# any OS, via npm
npx vulnfinder@latest

Restart Claude Code after installing.

Use

/vulnfinder:vulnfinder owner/repo

Point it at a public repo, a git URL, or a local path. It runs the methodology in one warm session using native read / search / git tools and writes a structured report.md (under reports/<owner>-<repo>/). Findings are public-only and ≥ Medium severity. You can also just tell Claude vulnfinder owner/repo and the skill loads on its own.

What's inside

Path	What
skills/vulnfinder/SKILL.md	the eight-phase methodology + eleven archetypes
skills/vulnfinder/references/rejection-patterns.md	the calibration that keeps findings reportable
commands/vulnfinder.md	/vulnfinder — the orchestrator
commands/pre-report-check.md	/pre-report-check — the validation gate
commands/python-web-audit.md	/python-web-audit — Python web deep-dive
tools/ghsa-for-repo.py	GHSA dedupe checker
bin/cli.js, install.sh, install.ps1	the installers

License

Code is Apache-2.0. The methodology content (the .md instruction files) is CC-BY-4.0 — use it, build on it, keep the attribution.

Built and maintained by Sneh Bavarva.