Skills

cve-research

Installation
SKILL.md

CVE Research Skill

Overview

Research known vulnerabilities for project dependencies using multiple sources.

Data Sources

Source API Coverage
NVD nvd.nist.gov/vuln/api All CVEs
OSV.dev api.osv.dev npm, PyPI, Go, crates, Maven
GitHub Advisory github.com/advisories npm, pip, composer, cargo
Exa Search Via MCP Real-time web search

Workflow

  1. Extract dependencies from project (package.json, etc.)
  2. Query each source for known CVEs
  3. Cross-reference findings across sources
  4. Prioritize by CVSS score and exploitability
  5. Report with fix versions and workarounds

Query Strategy

For each dependency:

  1. Search OSV.dev first (fastest, most accurate for packages)
  2. Cross-check NVD for CVSS scoring
  3. Use Exa for recent advisories not yet in databases
  4. Check GitHub Advisory for maintainer responses

Severity Mapping

CVSS Score Severity Action
9.0 - 10.0 CRITICAL Fix immediately
7.0 - 8.9 HIGH Fix before merge
4.0 - 6.9 MEDIUM Plan fix
0.1 - 3.9 LOW Document

References

Related skills

More from fusengine/agents

Installs
42
Repository
fusengine/agents
GitHub Stars
11
First Seen
Feb 28, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykWarn