Does this skill provide fix recommendations?

Yes, the reporting workflow includes identifying specific versions that contain fixes for the discovered CVEs and providing manual workarounds if a patch is not yet available.

How does it prioritize different security vulnerabilities?

It uses the standard CVSS (Common Vulnerability Scoring System) scores. Findings are mapped to severity levels: Critical (9.0-10.0), High (7.0-8.9), Medium (4.0-6.9), and Low (0.1-3.9) to help you prioritize fixes.

Which package managers does this skill support?

The CVE Research skill supports a wide range of ecosystems including npm (JavaScript), PyPI (Python), Go, Maven (Java), Cargo (Rust), and Composer (PHP) by leveraging the OSV.dev and GitHub Advisory databases.

Can it find newly disclosed vulnerabilities not yet in the NVD?

Yes, by utilizing Exa Search, the skill performs real-time web searches to identify recent security advisories and maintainer responses that may not have been fully indexed in official databases yet.

CVE Research Expert

Name: CVE Research Expert
Author: fusengine

byfusengine

•

安全与测试

Researches and analyzes project dependencies for known vulnerabilities and security advisories across multiple global databases.

The CVE Research skill empowers developers to proactively secure their projects by identifying known security vulnerabilities within their dependency stack. By aggregating data from the National Vulnerability Database (NVD), OSV.dev, GitHub Advisory Database, and real-time web searches via Exa, it provides a comprehensive security profile for any package. The skill automatically extracts project dependencies, cross-references findings, prioritizes risks based on CVSS scores, and suggests actionable remediation steps, including fix versions and workarounds, to ensure your software remains resilient against exploits.

主要功能

01CVSS-based risk prioritization and severity mapping for efficient triaging

024 GitHub stars

03Real-time security advisory lookup via Exa web search for zero-day awareness

04Comprehensive reporting with recommended fix versions and mitigation strategies

05Automated dependency extraction from manifests like package.json and requirements.txt

06Multi-source vulnerability scanning using NVD, OSV, and GitHub Advisory

使用场景

01Auditing project dependencies for security risks before a major production release

02Investigating the security posture of a third-party library before integration

03Performing regular security maintenance and patch management on existing codebases

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add fusengine/agents cve-research

For use in Claude.ai and ChatGPT

Download Skill