The Nuclei Vulnerability Template Runner automates security scanning using ProjectDiscovery Nuclei engine with its extensive template ecosystem. It manages the nuclei-templates repository containing thousands of detection signatures for CVEs, misconfigurations, exposed panels, and default credentials.

Custom template authoring is supported with YAML-based DSL for defining HTTP requests, matchers, extractors, and conditional workflows. Templates can chain multiple requests with dynamic variable extraction between steps, enabling complex multi-step vulnerability validation.

The runner integrates rate limiting and concurrency controls to prevent target disruption, with configurable threads per host and global request rate caps. Output formats include JSON, SARIF for direct GitHub Security tab integration, and Markdown reports suitable for penetration testing deliverables. Results can be piped to notification channels via Nuclei interactsh for out-of-band detection confirmation. The skill also manages template updates, custom template directories, and severity-based scan profiles for different engagement types.