Does it support the latest CVSS standards?

Yes, it provides detailed logic and metric groups for CVSS v3.1, including Base, Temporal, and Environmental score calculations.

Can I use this for patch management workflows?

Absolutely. The skill includes predefined SLA targets based on severity and templates for remediation lifecycles from discovery through verification.

Does it help with external security researchers?

Yes, it provides best practices and workflows for implementing Vulnerability Disclosure Programs (VDP) and managing bug bounty submissions.

How does this skill help prioritize vulnerabilities?

It uses a multi-factor prioritization framework that weighs CVSS base scores alongside EPSS probability, CISA KEV status, asset criticality, and data sensitivity to identify the most urgent risks.

What tools does this skill interact with?

It is designed to work with filesystem tools for policy documentation and search tools like Perplexity to fetch real-time exploit intelligence and CVE details.

Vulnerability Management

Name: Vulnerability Management
Author: melodic-software

bymelodic-software

•

セキュリティとテスト

Manages the end-to-end security vulnerability lifecycle from discovery and risk-based prioritization to remediation and disclosure.

概要

This skill equips Claude with specialized expertise for managing security vulnerabilities within professional software environments. It provides structured guidance for interpreting CVSS v3.1 metrics, applying advanced risk-based prioritization using EPSS and KEV data, and establishing robust remediation workflows. By integrating asset criticality and exposure context, it helps teams move beyond simple severity scores to address the threats that pose the highest actual risk to their infrastructure and users.

主な機能

Multi-factor risk prioritization using EPSS, KEV, and asset criticality
CVE and CWE tracking with structured data interpretation
CVSS v3.1 score calculation including temporal and environmental metrics
Standardized remediation workflow design and SLA policy creation
12 GitHub stars
Vulnerability disclosure and bug bounty program implementation guidance

ユースケース

Prioritizing security patches by combining CVSS scores with real-world exploit probability (EPSS)
Calculating contextual risk scores for vulnerabilities discovered in specific production environments
Designing a vulnerability management program for a new engineering organization

概要

主な機能

Multi-factor risk prioritization using EPSS, KEV, and asset criticality
CVE and CWE tracking with structured data interpretation
CVSS v3.1 score calculation including temporal and environmental metrics
Standardized remediation workflow design and SLA policy creation
12 GitHub stars
Vulnerability disclosure and bug bounty program implementation guidance

ユースケース

Prioritizing security patches by combining CVSS scores with real-world exploit probability (EPSS)
Calculating contextual risk scores for vulnerabilities discovered in specific production environments
Designing a vulnerability management program for a new engineering organization