/vuln-scan Static vulnerability review of a source tree. Produces (+ a human-readable ) that ingests directly. This skill does not execute code. It reads source and reasons about it. For execution-verified findings (ASAN crashes, reproducing PoCs), point the user at — see README Step 2. Tool fallbacks. Prefer the dedicated Glob and Grep tools. Some sessions do not provision them — is a permission filter, not a loader, so listing them here does not make them appear. When Glob/Grep are unavailable, fall back to the read-only Bash commands whitelisted above: / for enumeration, / for search, / /…