陌讯skills聚合平台

cve-research

📁 fusengine/agents 📅 Today
2
总安装量
2
周安装量
#69221
全站排名
安装命令
npx skills add https://github.com/fusengine/agents --skill cve-research

Agent 安装分布

amp 2
cline 2
opencode 2
cursor 2
continue 2
kimi-cli 2

Skill 文档

CVE Research Skill

Overview

Research known vulnerabilities for project dependencies using multiple sources.

Data Sources

Source API Coverage
NVD nvd.nist.gov/vuln/api All CVEs
OSV.dev api.osv.dev npm, PyPI, Go, crates, Maven
GitHub Advisory github.com/advisories npm, pip, composer, cargo
Exa Search Via MCP Real-time web search

Workflow

  1. Extract dependencies from project (package.json, etc.)
  2. Query each source for known CVEs
  3. Cross-reference findings across sources
  4. Prioritize by CVSS score and exploitability
  5. Report with fix versions and workarounds

Query Strategy

For each dependency:

  1. Search OSV.dev first (fastest, most accurate for packages)
  2. Cross-check NVD for CVSS scoring
  3. Use Exa for recent advisories not yet in databases
  4. Check GitHub Advisory for maintainer responses

Severity Mapping

CVSS Score Severity Action
9.0 – 10.0 CRITICAL Fix immediately
7.0 – 8.9 HIGH Fix before merge
4.0 – 6.9 MEDIUM Plan fix
0.1 – 3.9 LOW Document

References

GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台
本页面由 陌讯 Skills 聚合平台 收录整理,数据定期更新。