vuln-assessment-methodology

Official

Accurate vuln assessments, zero false positives.

Authordreadnode
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill solves the pervasive problem of low-quality vulnerability assessments that produce false positives, inflated severity ratings, and incomplete analysis, leading to wasted remediation effort, missed critical risks, and reduced trust in security testing outputs.

Core Features & Use Cases

  • Full Source-to-Sink Tracing: Enforces complete data flow analysis from attacker-controlled input to dangerous sinks, eliminating sink-only false positives.
  • Disprove-First Validation: Requires active search for evidence of non-exploitability before reporting, ensuring only valid findings are escalated.
  • Threat-Model-Aware Severity Scoring: Assigns severity based on input source, access requirements, and deployment context rather than generic vulnerability class labels.
  • Confidence Classification & CWE Mapping: Requires explicit confidence levels for all findings and maps to specific leaf-level CWE IDs for accurate remediation guidance.
  • Use Case: When assessing a public-facing web application, this Skill prevents reporting an internal-only configuration parameter injection as a critical finding, and ensures you trace the full data flow to confirm if existing sanitization can be bypassed before escalating the issue.

Quick Start

Use the vuln-assessment-methodology skill to evaluate the reported SQL injection in the public user login endpoint, trace the complete data flow from the HTTP request parameter to the database query sink, validate any existing input sanitization for bypasses, assign severity based on unauthenticated internet-facing access, and include the specific CWE-89 mapping with a confirmed confidence level.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: vuln-assessment-methodology
Download link: https://github.com/dreadnode/capabilities/archive/main.zip#vuln-assessment-methodology

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.