vuln-assessment-methodology
OfficialAccurate vuln assessments, zero false positives.
System Documentation
What problem does it solve?
This Skill solves the pervasive problem of low-quality vulnerability assessments that produce false positives, inflated severity ratings, and incomplete analysis, leading to wasted remediation effort, missed critical risks, and reduced trust in security testing outputs.
Core Features & Use Cases
- Full Source-to-Sink Tracing: Enforces complete data flow analysis from attacker-controlled input to dangerous sinks, eliminating sink-only false positives.
- Disprove-First Validation: Requires active search for evidence of non-exploitability before reporting, ensuring only valid findings are escalated.
- Threat-Model-Aware Severity Scoring: Assigns severity based on input source, access requirements, and deployment context rather than generic vulnerability class labels.
- Confidence Classification & CWE Mapping: Requires explicit confidence levels for all findings and maps to specific leaf-level CWE IDs for accurate remediation guidance.
- Use Case: When assessing a public-facing web application, this Skill prevents reporting an internal-only configuration parameter injection as a critical finding, and ensures you trace the full data flow to confirm if existing sanitization can be bypassed before escalating the issue.
Quick Start
Use the vuln-assessment-methodology skill to evaluate the reported SQL injection in the public user login endpoint, trace the complete data flow from the HTTP request parameter to the database query sink, validate any existing input sanitization for bypasses, assign severity based on unauthenticated internet-facing access, and include the specific CWE-89 mapping with a confirmed confidence level.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: vuln-assessment-methodology Download link: https://github.com/dreadnode/capabilities/archive/main.zip#vuln-assessment-methodology Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.