EresusSecurity

Language-specific vulnerability hotspot reference for manual code audit. Trigger when the user asks to: "what sinks should I look for in Java?", "Python security hotspots", "dangerous functions in Go", "JavaScript injection patterns", or when starting a manual audit of a specific language and needing a sink/source checklist.

Deserialization vulnerability audit skill with gadget chain knowledge for all major languages. Trigger when the user asks to: "audit deserialization", "check for insecure deserialization", "find pickle vulnerabilities", "Marshal.load audit", "gadget chain analysis", "check for unsafe YAML loading", or when reviewing code that processes serialized data (JSON with type info, YAML, XML, binary format

Elite manual security code review skill for deep, adversarial vulnerability hunting and exploit-chain discovery. Trigger when the user asks to: "do a deep security audit", "manual code review", "find exploit chains", "hunt for logic bugs", "red-team this codebase", "do an offensive security review", "review this like a pentester", or needs a human-class manual code review that goes far beyond patt

Deep PHP-specific security audit skill covering injection, deserialization, file operations, auth bypass, POP chain discovery, and CMS-specific patterns. Trigger when auditing PHP code: "audit this PHP app", "find PHP security issues", "check Laravel/WordPress for vulnerabilities", "PHP SAST review", "check for PHP deserialization", "review this WordPress plugin". Includes scripts/rules.json for p

Security remediation skill for fixing confirmed or likely SAST findings in source code. Trigger when the user asks to: "fix a vulnerability", "patch this security bug", "remediate SAST findings", "harden this endpoint", "make this auth flow safe", or wants code changes that remove a confirmed security issue while preserving intended behavior. Best used alongside eresus-sast-scanner.

General-purpose Static Application Security Testing (SAST) skill for code vulnerability analysis. Trigger when the user asks to: "analyze code for vulnerabilities", "review code security", "find security bugs", "do a SAST scan", "check for [vulnerability type] in code", "audit source code", or requests a security code review of any language or framework. Covers 34 vulnerability classes across web,

GHSA/CVE variant analysis workflow for finding similar vulnerability patterns across a codebase. Trigger when the user asks to: "find variants of this CVE", "GHSA variant analysis", "find similar bugs", "hunt for the same pattern", "are there other places with this vulnerability?", or when a known vulnerability is discovered and the user wants to know if the same pattern exists elsewhere.

Security-focused pull request and diff review skill for finding newly introduced vulnerabilities, risky regressions, and missing security tests in changed code. Trigger when the user asks to: "review this PR for security", "check this diff for vulns", "do a security code review", "audit changed files", or wants findings on a patch instead of a full-repo scan. Best used alongside eresus-sast-scanne

Deep Python-specific security audit skill with 50+ vulnerability class coverage across 7 categories. Trigger when auditing Python code: "audit this Python app", "find Python security issues", "check Flask/Django for vulnerabilities", "Python SAST review", "check for pickle vulnerabilities", "review this FastAPI code". Covers misconfiguration, injection, crypto, XSS, deserialization, and ML/AI atta

Serialization and deserialization security review skill for object mappers, parser pipelines, message formats, and state transfer mechanisms. Trigger when the user asks to: "review serialization security", "check deserialization", "audit Jackson/Fastjson/YAML/XML parsing", "look for gadget-chain risk", "review session or message deserialization", or wants a focused audit of parser-driven attack su

Threat modeling skill for new features, services, endpoints, or repositories. Trigger when the user asks to: "threat model this", "analyze attack surface", "find abuse cases", "map trust boundaries", "prioritize security review", or wants a structured security design review before or alongside coding. Complements eresus-sast-scanner by turning architecture into a prioritized scan plan.