by user_3GAtoxVlTbRZba2vpTPaK2SzEMv
Vendor-neutral VAPT skill for AI agents: authorized recon, network & web scanning, OWASP Top 10 checks, attack-chain analysis, and remediation reports.
npx @qaskills/cli add web-infra-vapt-skillAuto-detects your AI agent and installs the skill. Works with Claude Code, Cursor, Copilot, and more.
Here's a full description you can paste into that box:
Web & Infra VAPT turns your AI coding agent into a methodical, safety-first penetration tester. It codifies a professional VAPT workflow — passive recon → active enumeration → analysis → reporting — so the agent scans in the right order, maps findings to the OWASP Top 10, correlates them into real attack chains, and hands back a prioritized, remediation-focused report instead of raw tool dumps.
Prerequisites
What it covers
Install
npx @qaskills/cli add web-infra-vapt-skill
Example usage
Ask your agent: "Run an authorized assessment of https://staging.example.com." It will confirm scope, start with passive recon (whois, DNS, subdomains), do a light nmap sweep before escalating, check TLS and security headers, run targeted nuclei/sqlmap probes on parameterized inputs, correlate results into attack chains, and produce an OWASP-mapped report ordered by severity.
Safety
Authorization-first by design — the skill refuses to scan targets the user doesn't own or have written permission to test, and warns before running intrusive scans against production.
- name: Install QA Skills
run: npx @qaskills/cli add web-infra-vapt-skill0 of 29 agents supported
Build AI agents that write, run, and fix tests. Playwright, LLM evals, and CI in one live cohort.
Use code AITESTER at checkout