Agent Skills: CVE Research Skill

Research CVEs and security advisories for project dependencies. Uses Exa, NVD API, OSV.dev, and GitHub Advisory Database to find known vulnerabilities.

UncategorizedID: fusengine/agents/cve-research

Install this agent skill to your local

pnpm dlx add-skill https://github.com/fusengine/agents/tree/HEAD/plugins/security-expert/skills/cve-research

Skill Files

Browse the full folder contents for cve-research.

Download Skill

Loading file tree…

plugins/security-expert/skills/cve-research/SKILL.md

Skill Metadata

Name
cve-research
Description
"Research CVEs and security advisories for project dependencies. Uses Exa, NVD API, OSV.dev, and GitHub Advisory Database to find known vulnerabilities. Use when: checking a specific dependency or package version for known CVEs and security advisories."

CVE Research Skill

Overview

Research known vulnerabilities for project dependencies using multiple sources.

Data Sources

| Source | API | Coverage | |--------|-----|----------| | NVD | nvd.nist.gov/vuln/api | All CVEs | | OSV.dev | api.osv.dev | npm, PyPI, Go, crates, Maven | | GitHub Advisory | github.com/advisories | npm, pip, composer, cargo | | Exa Search | Via MCP | Real-time web search |

Workflow

  1. Extract dependencies from project (package.json, etc.)
  2. Query each source for known CVEs
  3. Cross-reference findings across sources
  4. Prioritize by CVSS score and exploitability
  5. Report with fix versions and workarounds

Query Strategy

For each dependency:

  1. Search OSV.dev first (fastest, most accurate for packages)
  2. Cross-check NVD for CVSS scoring
  3. Use Exa for recent advisories not yet in databases
  4. Check GitHub Advisory for maintainer responses

Severity Mapping

| CVSS Score | Severity | Action | |------------|----------|--------| | 9.0 - 10.0 | CRITICAL | Fix immediately | | 7.0 - 8.9 | HIGH | Fix before merge | | 4.0 - 6.9 | MEDIUM | Plan fix | | 0.1 - 3.9 | LOW | Document |

References