一键导入
cve-risk-score
Retrieve CVE risk scores from NVD. Auto-invoked whenever a CVE ID is mentioned to display CVSS score, severity, CWE, and description.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Retrieve CVE risk scores from NVD. Auto-invoked whenever a CVE ID is mentioned to display CVSS score, severity, CWE, and description.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Threat Intelligence Report Design System — ReportLab-based PDF generation for A4 reports with Transilience branding, typography, and layout standards.
Authentication security testing - auth bypass, JWT attacks, OAuth flaws, password attacks, 2FA bypass, CAPTCHA bypass, and bot detection evasion.
Cloud and container security testing - AWS, Azure, GCP, Docker, and Kubernetes misconfigurations and exploitation.
Detect and break the cloud post-compromise attack chain (AWS / Azure / GCP) — per-stage CloudTrail / Activity-Log / Audit-Log detection signals and the preventive controls that close each step. Use for cloud detection engineering, hardening, remediation write-ups, or blue-team posture review of the lateral-movement -> privilege-escalation -> exfiltration -> evasion chain.
HackTheBox platform operations and automations to solve challenges, machines and capture the flags hacking competitions
Injection vulnerability testing - SQL, NoSQL, OS Command, SSTI, XXE, and LDAP/XPath injection techniques.
| name | cve-risk-score |
| description | Retrieve CVE risk scores from NVD. Auto-invoked whenever a CVE ID is mentioned to display CVSS score, severity, CWE, and description. |
Fetch and display CVE risk scores from the National Vulnerability Database (NVD) whenever a CVE ID appears in conversation.
This skill MUST be invoked automatically whenever a CVE ID (pattern CVE-YYYY-NNNNN) is mentioned by the user or discovered during research/scanning. Do not wait for explicit invocation.
Extract CVE IDs from the user's message or tool output (regex: CVE-\d{4}-\d{4,})
Run the lookup script:
python3 tools/nvd-lookup.py CVE-XXXX-XXXXX [CVE-YYYY-YYYYY ...]
Present the results in a concise table format:
| CVE ID | Score | Severity | CWE | Description |
|---|---|---|---|---|
| CVE-XXXX-XXXXX | 9.8 | CRITICAL | CWE-79 | ... |
Continue with the user's original task — the score lookup is supplementary context, not a blocking step.
When presenting CVE risk scores inline, use this compact format:
CVE-2024-12345: 9.8 CRITICAL (CWE-79) — Remote code execution via ...
For multiple CVEs, use a markdown table.
NVD_API_KEY is set in .env, the script uses it for higher rate limits.This skill complements other skills: