Agent-Skills.md

Agent Skills: CVE Research Skill

Research CVEs and security advisories for project dependencies. Uses Exa, NVD API, OSV.dev, and GitHub Advisory Database to find known vulnerabilities.

UncategorizedID: fusengine/agents/cve-research

Repository

fusengine/agents
fusengineLicense: MIT
7

Install this agent skill to your local

pnpm dlx add-skill https://github.com/fusengine/agents/tree/HEAD/plugins/security-expert/skills/cve-research

Skill Files

Browse the full folder contents for cve-research.

Download Skill

Loading file tree…

plugins/security-expert/skills/cve-research/SKILL.md

Skill Metadata

Name
cve-research
Description
Research CVEs and security advisories for project dependencies. Uses Exa, NVD API, OSV.dev, and GitHub Advisory Database to find known vulnerabilities.

CVE Research Skill

Overview

Research known vulnerabilities for project dependencies using multiple sources.

Data Sources

| Source | API | Coverage | |--------|-----|----------| | NVD | nvd.nist.gov/vuln/api | All CVEs | | OSV.dev | api.osv.dev | npm, PyPI, Go, crates, Maven | | GitHub Advisory | github.com/advisories | npm, pip, composer, cargo | | Exa Search | Via MCP | Real-time web search |

Workflow

  1. Extract dependencies from project (package.json, etc.)
  2. Query each source for known CVEs
  3. Cross-reference findings across sources
  4. Prioritize by CVSS score and exploitability
  5. Report with fix versions and workarounds

Query Strategy

For each dependency:

  1. Search OSV.dev first (fastest, most accurate for packages)
  2. Cross-check NVD for CVSS scoring
  3. Use Exa for recent advisories not yet in databases
  4. Check GitHub Advisory for maintainer responses

Severity Mapping

| CVSS Score | Severity | Action | |------------|----------|--------| | 9.0 - 10.0 | CRITICAL | Fix immediately | | 7.0 - 8.9 | HIGH | Fix before merge | | 4.0 - 6.9 | MEDIUM | Plan fix | | 0.1 - 3.9 | LOW | Document |

References