cve-risk-score
CVE Risk Score
Fetch and display CVE risk scores from the National Vulnerability Database (NVD) whenever a CVE ID appears in conversation.
Trigger
This skill MUST be invoked automatically whenever a CVE ID (pattern CVE-YYYY-NNNNN) is mentioned by the user or discovered during research/scanning. Do not wait for explicit invocation.
Workflow
-
Extract CVE IDs from the user's message or tool output (regex:
CVE-\d{4}-\d{4,}) -
Run the lookup script:
python3 tools/nvd-lookup.py CVE-XXXX-XXXXX [CVE-YYYY-YYYYY ...] -
Present the results in a concise table format:
CVE ID Score Severity CWE Description CVE-XXXX-XXXXX 9.8 CRITICAL CWE-79 ... -
Continue with the user's original task — the score lookup is supplementary context, not a blocking step.
Output Format
When presenting CVE risk scores inline, use this compact format:
CVE-2024-12345: 9.8 CRITICAL (CWE-79) — Remote code execution via ...
For multiple CVEs, use a markdown table.
Rules
- Always invoke — every CVE ID mentioned triggers a lookup. No exceptions.
- Non-blocking — fetch scores in parallel with other work when possible.
- Accurate data only — display exactly what NVD returns. Never estimate or fabricate scores.
- Graceful degradation — if NVD is unreachable or the CVE has no score yet, say so explicitly (e.g., "Not yet scored by NVD").
- Rate limiting — the script handles rate limits internally. For bulk lookups (5+), warn that NVD throttles unauthenticated requests.
- API key — if
NVD_API_KEYis set in.env, the script uses it for higher rate limits.
Integration
This skill complements other skills:
- cve-poc-generator: After seeing the risk score, the user may want a full PoC and report
- reconnaissance / source-code-scanning: When these skills discover CVEs in dependencies, auto-lookup their scores
- pentester-spear / coordination: CVE scores inform priority and severity classification in findings
More from transilienceai/communitytools
hackerone
HackerOne bug bounty automation - parses scope CSVs, deploys parallel pentesting agents for each asset, validates PoCs, and generates platform-ready submission reports. Use when testing HackerOne programs or preparing professional vulnerability submissions.
53reconnaissance
Domain assessment and web application mapping - subdomain discovery, port scanning, endpoint enumeration, API discovery, and attack surface analysis.
43social-engineering
Social engineering testing - phishing, pretexting, vishing, and physical security assessment techniques.
41ai-threat-testing
Offensive AI security testing and exploitation framework. Systematically tests LLM applications for OWASP Top 10 vulnerabilities including prompt injection, model extraction, data poisoning, and supply chain attacks. Integrates with pentest workflows to discover and exploit AI-specific threats.
40osint
Open-source intelligence gathering - company repository enumeration, secret scanning, git history analysis, employee footprint, and code exposure discovery.
39source-code-scanning
Security-focused source code review and SAST. Scans for vulnerabilities (OWASP Top 10, CWE Top 25), CVEs in third-party dependencies/packages, hardcoded secrets, malicious code, and insecure patterns. Use when given source code, a repo path, or asked to "audit", "scan", "review" code security, or "check dependencies for CVEs".
37