{"slug":"swisskyrepo-vulny-code-static-analysis","name":"Vulny Code Static Analysis","description":"Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex","tagline":"Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex","category":"security","tags":["security","scanner","audit","detect-vulnerabilities","hacktoberfest","php","php-source","security-scanner","security-tools","static-analysis"],"author":{"name":"swisskyrepo","verified":false,"url":"https://github.com/swisskyrepo"},"attribution":{"status":"community_indexed","statusLabel":"Community indexed","shortLabel":"COMMUNITY INDEXED","sourceLabel":"GitHub star discovery","sourceDetail":"swisskyrepo/Vulny-Code-Static-Analysis","creatorName":"swisskyrepo","creatorUrl":"https://github.com/swisskyrepo","sourceUrl":"https://github.com/swisskyrepo/Vulny-Code-Static-Analysis","indexedBy":"OpenAgentSkill community index","claimUrl":"https://www.openagentskill.com/skills/swisskyrepo-vulny-code-static-analysis#claim-this-skill","claimCta":"Claim this skill","trustNote":"This listing was indexed from public sources and is not marked official until a maintainer claim is approved.","publicNote":"Attribution links to the public repository or creator profile. Creators can claim the listing to update ownership signals."},"stats":{"stars":423,"forks":142,"downloads":0,"rating":0,"review_count":0,"quality_score":37.09},"quality":{"score":47,"tier":"review","label":"Needs review","summary":"Inspect the repository carefully before adding it to an agent workflow.","signals":[{"label":"GitHub stars","value":"423","tone":"neutral"},{"label":"Freshness","value":"1y ago","tone":"warning"},{"label":"Install ready","value":"Yes","tone":"positive"},{"label":"License","value":"Unknown","tone":"neutral"}],"warnings":["Repository looks stale"]},"trust":{"version":"trust-score-v3","score":73,"tier":"strong","label":"Strong shortlist","summary":"Good trust signals with a few areas worth checking before rollout.","recommendedAction":"Test in a sandbox workflow and compare its install path with close alternatives.","dimensions":[{"id":"github_adoption","label":"GitHub adoption","score":62,"weight":0.13,"status":"info","detail":"423 GitHub stars"},{"id":"repo_activity","label":"Stars/forks activity","score":62,"weight":0.08,"status":"info","detail":"423 stars, 142 forks; issue activity unavailable in current metadata"},{"id":"maintenance","label":"Recent maintenance","score":38,"weight":0.14,"status":"fail","detail":"1y since push"},{"id":"license","label":"License clarity","score":42,"weight":0.09,"status":"warn","detail":"Unknown"},{"id":"documentation","label":"README/SKILL.md completeness","score":90,"weight":0.14,"status":"pass","detail":"Metadata includes enough usage and workflow context"},{"id":"dependency_risk","label":"Dependency/runtime risk","score":90,"weight":0.12,"status":"pass","detail":"no major dependency risk hints in public metadata"},{"id":"installability","label":"Install availability","score":92,"weight":0.1,"status":"pass","detail":"npx skills add swisskyrepo/Vulny-Code-Static-Analysis"},{"id":"install_safety","label":"Install command safety","score":92,"weight":0.1,"status":"pass","detail":"standard package or runtime install path"},{"id":"permission_surface","label":"Permission surface","score":86,"weight":0.07,"status":"pass","detail":"filesystem or document access"},{"id":"repository","label":"Repository evidence","score":86,"weight":0.04,"status":"pass","detail":"https://github.com/swisskyrepo/Vulny-Code-Static-Analysis"},{"id":"review_status","label":"Review status","score":88,"weight":0.05,"status":"pass","detail":"AI review data available"}],"checks":[{"status":"info","label":"GitHub adoption","detail":"423 GitHub stars"},{"status":"info","label":"Stars/forks activity","detail":"423 stars, 142 forks; issue activity unavailable in current metadata"},{"status":"fail","label":"Recent maintenance","detail":"1y since push"},{"status":"warn","label":"License clarity","detail":"Unknown"},{"status":"pass","label":"README/SKILL.md completeness","detail":"Metadata includes enough usage and workflow context"},{"status":"pass","label":"Dependency/runtime risk","detail":"no major dependency risk hints in public metadata"},{"status":"pass","label":"Install availability","detail":"npx skills add swisskyrepo/Vulny-Code-Static-Analysis"},{"status":"pass","label":"Install command safety","detail":"standard package or runtime install path"},{"status":"pass","label":"Permission surface","detail":"filesystem or document access"},{"status":"pass","label":"Repository evidence","detail":"https://github.com/swisskyrepo/Vulny-Code-Static-Analysis"},{"status":"pass","label":"Review status","detail":"AI review data available"},{"status":"warn","label":"Ownership","detail":"No approved owner claim yet"},{"status":"info","label":"OpenAgentSkill usage","detail":"No local usage activity yet"}],"strengths":["AI review approved","Install path is available","Repository evidence is available","Install command has no obvious high-risk pattern"],"warnings":["License is unclear","Repository looks stale","Quality score needs review","Recent maintenance: 1y since push","License clarity: Unknown"],"evidence":{"stars":"423 GitHub stars","repoActivity":"423 stars, 142 forks","lastPushed":"1y since push","license":"Unknown","repository":"https://github.com/swisskyrepo/Vulny-Code-Static-Analysis","install":"npx skills add swisskyrepo/Vulny-Code-Static-Analysis","installSafety":"standard package or runtime install path","permissionSurface":"filesystem or document access","documentation":"Strong README/SKILL.md context"},"installReadiness":{"ready":true,"command":"npx skills add swisskyrepo/Vulny-Code-Static-Analysis","policy":"human_review_before_install","label":"Human review before install","notes":["Install path is available","Repository evidence is available","License is unclear","1y since push"]},"agentCompatibility":["PHP","Security","Codex","Claude Code","Cursor","OpenAgentSkill CLI"],"riskSummary":{"level":"medium","label":"Review before production","notes":["License is unclear","Repository looks stale","Quality score needs review","Recent maintenance: 1y since push","License clarity: Unknown"]}},"safety":{"score":48,"level":"avoid_auto_install","label":"Avoid automatic install","safety_tier":{"tier":"experimental","label":"Experimental","badge":"EXPERIMENTAL","summary":"Sparse or mixed signals. Useful for discovery, but not for autonomous installation.","recommended_action":"Test manually in an isolated workspace and compare against safer alternatives.","auto_install_policy":"review","reasons":["License is unclear","48/100 agent safety score"]},"auto_install_allowed":false,"human_review_required":true,"blocked":false,"audit_risk":"needs_review","permission_hints":[{"id":"network","label":"Network access","reason":"Skill likely fetches remote pages, APIs, repositories, or external services.","severity":"medium"},{"id":"filesystem","label":"Filesystem access","reason":"Skill may read or write project files, documents, generated artifacts, or local workspace state.","severity":"medium"}],"policy_warnings":["License is unclear"],"constraints_applied":{"max_risk":"medium","needs_install_command":true,"min_stars":0}},"safety_gate":{"tier":"experimental","label":"Experimental","badge":"EXPERIMENTAL","auto_install_policy":"review","auto_install_allowed":false,"human_review_required":true,"blocked":false,"recommended_action":"Test manually in an isolated workspace and compare against safer alternatives.","reasons":["License is unclear","48/100 agent safety score"]},"supply_profile":{"track":{"slug":"research","label":"Research and knowledge work","shortLabel":"Research","description":"Deep research, source comparison, literature review, RAG, knowledge search, and reports."},"scenario":{"label":"RAG and knowledge","description":"I need my agent to build a RAG workflow over documents and retrieve reliable context.","useCases":[{"slug":"coding-agents","title":"Coding agents"},{"slug":"security-compliance","title":"Security and compliance"},{"slug":"rag-knowledge","title":"RAG and knowledge"}]},"applicableAgents":["Claude Code","CLI","Codex","Cursor","PHP"],"install":{"ready":true,"command":"npx skills add swisskyrepo/Vulny-Code-Static-Analysis","primaryTarget":"CLI","targetCount":4},"githubQuality":{"stars":423,"starsLabel":"423","forks":142,"license":"Unknown","qualityScore":47,"trustScore":73,"auditScore":64},"maintenance":{"status":"stale","label":"1y since push","daysSincePush":474,"lastPushedAt":"2025-02-27T16:11:07+00:00"},"risk":{"level":"needs_review","label":"Needs review","requiresReview":true,"notes":["License is unclear","Repository appears stale","Repository looks stale","Quality score needs review","Recent maintenance: 1y since push"]},"coverageTags":["Research","RAG and knowledge","security","scanner","audit","detect-vulnerabilities","hacktoberfest","php"]},"audit":{"audit_score":64,"risk_level":"needs_review","risk_label":"Needs review","warnings":["License is unclear","Repository appears stale","Repository looks stale","Quality score needs review","Recent maintenance: 1y since push"]},"decision":{"readiness_score":37,"readiness_label":"Needs manual review","headline":"Needs validation for Coding agents","role":"Needs validation","primary_fit":"Coding agents","best_for":["Coding agents workflows","Claude Code teams","builders willing to evaluate younger projects"],"risks":["Repository looks stale","No OpenAgentSkill engagement data yet"],"next_steps":["Install it in a sandbox agent and run one Coding agents task end to end.","Compare output quality, latency, and failure behavior against at least one alternative.","Promote it into production only after reviewing repository permissions, license, and maintenance signals."]},"platforms":["PHP","Security","Claude Code"],"use_cases":[{"slug":"coding-agents","title":"Coding agents","url":"https://www.openagentskill.com/use-cases/coding-agents"},{"slug":"security-compliance","title":"Security and compliance","url":"https://www.openagentskill.com/use-cases/security-compliance"},{"slug":"rag-knowledge","title":"RAG and knowledge","url":"https://www.openagentskill.com/use-cases/rag-knowledge"},{"slug":"research-agents","title":"Research agents","url":"https://www.openagentskill.com/use-cases/research-agents"}],"install":"npx skills add swisskyrepo/Vulny-Code-Static-Analysis","install_targets":[{"id":"openagentskill-cli","label":"CLI","title":"OpenAgentSkill CLI","kind":"command","value":"npx skills add swisskyrepo/Vulny-Code-Static-Analysis","description":"Use the registry command when your workflow supports the OpenAgentSkill installer.","copyLabel":"Copy command"},{"id":"codex","label":"Codex","title":"Codex install prompt","kind":"agent-prompt","value":"Install the \"Vulny Code Static Analysis\" agent skill from https://github.com/swisskyrepo/Vulny-Code-Static-Analysis. Read its SKILL.md or equivalent instructions first, install only the files needed for this workspace, and summarize any required setup before using it. Skill purpose: Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex","description":"Give Codex a repo-aware install prompt when the skill is not available through a local CLI.","copyLabel":"Copy prompt"},{"id":"claude-code","label":"Claude Code","title":"Claude Code skill prompt","kind":"agent-prompt","value":"Add \"Vulny Code Static Analysis\" as a Claude Code skill from https://github.com/swisskyrepo/Vulny-Code-Static-Analysis. Inspect the skill instructions, place the reusable skill files in the appropriate local skills location for this project, and report the activation steps. Skill purpose: Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex","description":"Use this prompt to ask Claude Code to add the skill and explain the local activation steps.","copyLabel":"Copy prompt"},{"id":"cursor","label":"Cursor","title":"Cursor rule prompt","kind":"agent-prompt","value":"Turn \"Vulny Code Static Analysis\" from https://github.com/swisskyrepo/Vulny-Code-Static-Analysis into a reusable Cursor project rule or agent instruction. Preserve the core workflow, adapt paths to this repo, and keep the rule scoped to tasks where it is relevant. Skill purpose: Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex","description":"Use this when installing as Cursor project rules or reusable agent instructions.","copyLabel":"Copy prompt"}],"repository":"https://github.com/swisskyrepo/Vulny-Code-Static-Analysis","github_repo":"swisskyrepo/Vulny-Code-Static-Analysis","version":"1.0.0","license":"Unknown","updated_at":"2026-06-16T09:53:17.563494+00:00","canonical_key":"swisskyrepo/vulny-code-static-analysis","recommendation_reasons":["Install handoff is available","Repository freshness signal is available"],"urls":{"web":"https://www.openagentskill.com/skills/swisskyrepo-vulny-code-static-analysis","api":"https://www.openagentskill.com/api/agent/skills/swisskyrepo-vulny-code-static-analysis","install_api":"https://www.openagentskill.com/api/skills/swisskyrepo-vulny-code-static-analysis/install","audit":"https://www.openagentskill.com/skills/swisskyrepo-vulny-code-static-analysis/audit","repository":"https://github.com/swisskyrepo/Vulny-Code-Static-Analysis"},"meta":{"endpoint":"/api/registry/manifest/{slug}","canonical_agent_endpoint":"/api/agent/skills/swisskyrepo-vulny-code-static-analysis","agent_friendly":true,"api_version":"1.0","generated_at":"2026-06-17T13:01:19.701Z"}}