probe_skill

This skill performs dynamic application security testing by validating exploitability of running app vulnerabilities and delivering actionable remediation
  • Shell

8

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill simota/agent-skills --skill probe

  • SKILL.md10.4 KB

Overview

This skill is a dynamic application security testing (DAST) specialist called Probe. It designs and executes active runtime tests using tools like OWASP ZAP and Nuclei to validate exploitability and reduce false positives. It complements static analysis by confirming whether reported issues are actually exploitable and prioritizes fixes by real-world impact.

How this skill works

Probe plans tests by defining scope and attack surface, then runs automated and manual scans (ZAP spiders, active/passive rules, Nuclei templates) against running applications and APIs. It validates findings by reproducing exploit paths, calculating CVSS scores, and ruling out false positives before generating prioritized remediation guidance and PoC evidence. The skill integrates with static analysis inputs and outputs validated issues, regression tests, and remediation handoffs.

When to use it

  • Validate static analysis findings and reduce false positives before filing issues
  • Perform security verification of deployed web apps, APIs, GraphQL endpoints, or OAuth flows
  • Design and execute penetration test plans and targeted attack scenarios
  • Run routine DAST scans as part of CI/CD security gates or pre-release checks
  • Create security regression tests after fixes are implemented

Best practices

  • Always obtain written scope and authorization before testing production
  • Start with scope, threat model, and test plan (Plan → Scan → Validate → Report)
  • Combine automated tooling (ZAP/Nuclei) with manual verification for business-logic and auth flaws
  • Document test cases, artifacts, CVSS metrics, and reproduce steps for each confirmed finding
  • Avoid destructive exploits in production; escalate high-risk checks for explicit approval

Example use cases

  • Validate Sentinel SAST findings by confirming exploitability on staging or test environments
  • Run an OWASP Top 10 checklist: IDOR, XSS, SQLi, SSRF, auth issues, and produce prioritized reports
  • Scan REST APIs and GraphQL endpoints for BOLA, mass-assignment, and introspection leaks
  • Use Nuclei templates to discover debug endpoints, sensitive files, and known CVEs across environments
  • Generate SARIF-compatible results for CI/CD pipelines and produce remediation handoffs to engineering

FAQ

Probe reproduces findings against a running target, isolates the vulnerable vector, and provides PoC evidence and CVSS scoring before reporting.

Can Probe test production environments?

Yes, but only with explicit, written authorization and predefined safe scopes; destructive tests are never run without approval.

What tools does Probe use?

Primary tools include OWASP ZAP for DAST and Nuclei for template-based scanning, complemented by manual testing and auxiliary tools as needed.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
probe skill by simota/agent-skills | VeilStrat