aeon-vuln-scanner
Installation
SKILL.md
aeon-vuln-scanner
A scanner that dumps zero-days into public PRs isn't a helper — it's a publisher. This skill triages every finding by reading the code and routes to the right disclosure channel.
Inputs
| Param | Description |
|---|---|
var |
Optional owner/repo. If empty, auto-picks from chained github-trending output or fresh trending API. |
Target selection
- Language: JS/TS, Python, Go, Rust, or Solidity.
- ≥ 50 stars, not a fork, active in last 6 months.
- Handles untrusted input (auth, crypto, network, file I/O, templating).
- Skip: intentionally vulnerable teaching repos (juice-shop, webgoat, *-ctf).
- Skip if no PVR enabled AND no
SECURITY.md— no safe channel. - Skip if scanned in last 30 days (dedup via
vuln-scanned.json).