Vulny Code Static Analysis
Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex
Supply asset profile
Research and knowledge work
Deep research, source comparison, literature review, RAG, knowledge search, and reports.
Scenario
RAG and knowledge
I need my agent to build a RAG workflow over documents and retrieve reliable context.
Agent fit
Claude Code + CLI + Codex
Codex, Claude Code, Cursor, CLI, or custom agents.
Install
Ready
npx skills add swisskyrepo/Vulny-Code-Static-Analysis
Maintenance
stale
1y since push
Risk
Needs review
License is unclear
GitHub quality
423
47/100 quality · 73/100 trust
Coverage tags
Review notes
License is unclear · Repository appears stale
Agent adoption scorecard
Trust, audit, and install readiness at a glance
These scores combine public repository metadata, OpenAgentSkill review signals, maintenance freshness, and install readiness. They are a shortlist signal, not a replacement for human review.
Quality
Needs reviewInspect the repository carefully before adding it to an agent workflow.
Trust
Strong shortlistGood trust signals with a few areas worth checking before rollout.
Audit
Needs reviewInstall readiness, security metadata, maintenance, and adoption risk.
Trust Score v3
Human review before install
Test in a sandbox workflow and compare its install path with close alternatives.
Stars
423 GitHub stars
Repo activity
423 stars, 142 forks
Maintenance
1y since push
License
Unknown
Install
npx skills add swisskyrepo/Vulny-Code-Static-Analysis
Install safety
standard package or runtime install path
Permission surface
filesystem or document access
Docs
Strong README/SKILL.md context
Risk summary
Review before production
- License is unclear
- Repository looks stale
- Quality score needs review
- Recent maintenance: 1y since push
Install readiness
Install path available
- Install path is available
- Repository evidence is available
- License is unclear
- 1y since push
Agent-readable metadata
Machine-readable decision data for this skill.
Use this block or the embedded JSON to decide whether an agent should install this skill, choose an alternative, or ask for human review first.
Suited tasks
- Coding agents workflows
- Claude Code teams
- builders willing to evaluate younger projects
- Inspect source files
- Explain architecture
Suited agents
Trust and risk
- Trust score
- 73/100
- Risk level
- Needs review
- Auto install
- review
Install command
npx skills add swisskyrepo/Vulny-Code-Static-AnalysisDo not use when
- teams that require actively maintained dependencies
- production agents without a repository review
- Repository looks stale
- License is unclear
- Repository appears stale
Agent safety v2
48/100 · Avoid automatic install
Sparse or mixed signals. Useful for discovery, but not for autonomous installation.
Test manually in an isolated workspace and compare against safer alternatives.
medium
Network access
Skill likely fetches remote pages, APIs, repositories, or external services.
medium
Filesystem access
Skill may read or write project files, documents, generated artifacts, or local workspace state.
- License is unclear
Install targets
Install this skill in your agent workflow
Copy the registry command or an agent-specific install prompt for Codex, Claude Code, and Cursor.
OpenAgentSkill CLI
Use the registry command when your workflow supports the OpenAgentSkill installer.
$ npx skills add swisskyrepo/Vulny-Code-Static-AnalysisAgent resolve plan
Let an agent verify fit before installing.
The Resolve API returns the selected skill, alternatives, safety policy, audit notes, install target, and copy-paste prompt an agent can follow without scraping this page.
Resolve JSON
/api/agent/resolve?task=Use%20Vulny%20Code%20Static%20Analysis%20for%20an%20agent%20workflow&agent=codex&max_risk=medium
Resolve text
/api/agent/resolve?task=Use%20Vulny%20Code%20Static%20Analysis%20for%20an%20agent%20workflow&agent=codex&max_risk=medium&format=text
Install handoff
/api/skills/swisskyrepo-vulny-code-static-analysis/install
Agent should check
- Task fit and alternatives from Resolve API.
- Audit score, trust score, and safety policy warnings.
- Install target compatibility for Codex, Claude Code, Cursor, or CLI.
Copy prompt
Task: Use Vulny Code Static Analysis in this workspace.
Resolve first: https://www.openagentskill.com/api/agent/resolve?task=Use%20Vulny%20Code%20Static%20Analysis%20for%20an%20agent%20workflow&agent=codex&max_risk=medium
Review install handoff: https://www.openagentskill.com/api/skills/swisskyrepo-vulny-code-static-analysis/install
Install command: npx skills add swisskyrepo/Vulny-Code-Static-Analysis
Before running it, summarize audit warnings, required permissions, and the fallback skill if install is risky.Agent handoff
Give an agent the install path, not another directory page.
Use the public install endpoint to fetch the command, safety checklist, target prompts, and canonical links for this skill.
Install handoff
/api/skills/swisskyrepo-vulny-code-static-analysis/install
LLM text format
/api/skills/swisskyrepo-vulny-code-static-analysis/install?format=text
Find alternatives
/api/skills/search?q=Vulny%20Code%20Static%20Analysis&limit=3
Agent prompt
Use Vulny Code Static Analysis for this task. Review https://www.openagentskill.com/api/skills/swisskyrepo-vulny-code-static-analysis/install, then install with: npx skills add swisskyrepo/Vulny-Code-Static-AnalysisRegistry metadata
Agent-readable profile for automatic skill selection.
This page exposes the same decision, trust, audit, use-case, and install signals through the Registry API, so agents can rank this skill without scraping the UI.
Manifest
/api/registry/manifest/swisskyrepo-vulny-code-static-analysis
LLM text
/api/registry/manifest/swisskyrepo-vulny-code-static-analysis?format=text
Install alias
/api/registry/install/swisskyrepo-vulny-code-static-analysis
Recommend
/api/registry/recommend?task=Use%20Vulny%20Code%20Static%20Analysis%20in%20an%20agent%20workflow&limit=3
Agent fit
Coding agents
Platforms
PHP, Security, Claude Code
Audit report
Needs review · 64/100
Review install readiness, maintenance, trust, quality, and metadata warnings before adding this skill to an agent workflow.
Agent decision cockpit
Needs validation for Coding agents
Do a manual repository review before adding this to an agent workflow.
Role in stack
Needs validation
Primary fit
Coding agents
Trust label
Needs manual review
Install path
Command ready
Use when
- Coding agents workflows
- Claude Code teams
- builders willing to evaluate younger projects
Evidence
- install command or GitHub repo available
- 47/100 quality profile
- 1 OpenAgentSkill engagement events
Review first
- Repository looks stale
Implementation path
- 1Install it in a sandbox agent and run one Coding agents task end to end.
- 2Compare output quality, latency, and failure behavior against at least one alternative.
- 3Promote it into production only after reviewing repository permissions, license, and maintenance signals.
Trust profile
Strong shortlist
Good trust signals with a few areas worth checking before rollout.
GitHub adoption
INFO423 GitHub stars
Stars/forks activity
INFO423 stars, 142 forks; issue activity unavailable in current metadata
Recent maintenance
FIX1y since push
License clarity
CHECKUnknown
Good signals
- AI review approved
- Install path is available
- Repository evidence is available
- Install command has no obvious high-risk pattern
Review before install
- License is unclear
- Repository looks stale
- Quality score needs review
- Recent maintenance: 1y since push
- License clarity: Unknown
Recommended action
Test in a sandbox workflow and compare its install path with close alternatives.
Quality profile
Needs review candidate for agent workflows
Inspect the repository carefully before adding it to an agent workflow.
Workflow fit
Use this skill in these scenarios
Build and ship code
Coding agents
I need a coding agent that can understand a repository, edit code, and review pull requests.
Reduce risk
Security and compliance
I need my agent to scan a project for security risks and summarize what needs attention.
Search private knowledge
RAG and knowledge
I need my agent to build a RAG workflow over documents and retrieve reliable context.
Stack fit
Add it to a complete workflow
Inspect, patch, and verify code
Coding review agent
A stack for software agents that inspect repositories, review pull requests, generate tests, and turn findings into shippable patches.
Turn skills into distribution
Content growth agent
A stack for turning newly indexed skills into SEO briefs, social drafts, comparison pages, and reusable publishing workflows.
Ingest, retrieve, and cite
RAG knowledge base
A stack for document-heavy agents that ingest files, create searchable knowledge, retrieve relevant context, and answer with grounded sources.
Alternative shortlist
Compare before you install
Similar skills in this category, ranked with the same readiness and quality signals.
Maigret
🕵️♂️ Collect a dossier on a person by username from 3000+ sites
Nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
Wazuh
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Zaproxy
The ZAP by Checkmarx Core project
Overview
Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex
Imported by the skill-only GitHub discovery pipeline because it matches agent skill, automation, domain workflow, RAG, document-processing, data, finance, security, or developer-tool signals. Protocol-server projects are excluded from automated imports.
Platform Compatibility
Technical Details
- Version
- 1.0.0
- License
- Unknown
- Last Updated
- 6/16/2026
- Published
- 6/16/2026
Frameworks & Tools
Decision snapshot
Needs validation
install command or GitHub repo available
Audit Snapshot
Install and adoption review
- Security
- 81/100
- Maintenance
- 38/100
- Install
- 92/100
Growth loop
Share this skill
Scenario-led draft for Vulny Code Static Analysis, with the OpenAgentSkill Update theme and canonical URL.
OpenAgentSkill Update Today: Vulny Code Static Analysis Use it when you want your coding agent to carry more repo context and ship repetiti... 423 stars - security Link: https://www.openagentskill.com/skills/swisskyrepo-vulny-code-static-analysis?ref=x #AIAgents #OpenAgentSkill
Optional reply with install command
Link for Vulny Code Static Analysis: https://www.openagentskill.com/skills/swisskyrepo-vulny-code-static-analysis?ref=x Install: npx skills add swisskyrepo/Vulny-Code-Static-Analysis
Listing source
Community indexed
This listing was indexed from public sources and is not marked official until a maintainer claim is approved.
- Creator
- swisskyrepo
- Indexed by
- OpenAgentSkill community index
Attribution links to the public repository or creator profile. Creators can claim the listing to update ownership signals.
Claim this skillOwner claim
Claim this skill listing
This community indexed listing is attributed to swisskyrepo but is not marked official yet. Claim it to add a verified owner signal and make future launch, install, and audit updates easier to trust.
README badge
Add this badge to your GitHub README to show the listing, trust score, and install handoff.
[](https://www.openagentskill.com/skills/swisskyrepo-vulny-code-static-analysis)Author
swisskyrepo
@swisskyrepo
Tags
Platform Fit
Health Signals
- GitHub stars
- 423
- Quality score
- 37/100
- Last GitHub push
- Feb 27, 2025
- Framework hints
- 2
- OpenAgentSkill views
- 1
- Install copies
- 0
- Outbound clicks
- 0
Community Signal
Share whether this skill looks useful for your agent workflow. Aggregated feedback improves rankings over time.
Trust & Safety
Strong shortlist
- GitHub adoption423 GitHub starsINFO
- Stars/forks activity423 stars, 142 forks; issue activity unavailable in current metadataINFO
- Recent maintenance1y since pushFIX
- License clarityUnknownCHECK
- README/SKILL.md completenessMetadata includes enough usage and workflow contextPASS
- Dependency/runtime riskno major dependency risk hints in public metadataPASS
Related Skills
Maigret
🕵️♂️ Collect a dossier on a person by username from 3000+ sites
32.9K stars · 0 installsNuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
29.2K stars · 0 installsWazuh
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
15.9K stars · 0 installsZaproxy
The ZAP by Checkmarx Core project
15.3K stars · 0 installs