name: agent-bom-vulnerability-intel
description: >-
Use agent-bom to check package, SBOM, inventory, and agent dependency
exposure against OSV, GitHub Security Advisories, NVD, EPSS, and CISA KEV
with explicit data-boundary choices. Use when a user asks for CVE lookup,
advisory intelligence, exploitability context, fix versions, GHSA/OSV/NVD
enrichment, or package vulnerability triage.
version: 0.88.4
license: Apache-2.0
compatibility: >-
Requires Python 3.11+ and agent-bom installed from this repository or PyPI.
No credentials are required for basic public advisory lookups. Optional
NVDAPIKEY and GITHUB_TOKEN values only raise provider rate limits.
metadata:
author: msaad00
homepage: https://github.com/msaad00/agent-bom
source: https://github.com/msaad00/agent-bom
pypi: https://pypi.org/project/agent-bom/
openclaw:
requires:
bins:

• agent-bom

env: []
credentials: none
credentialpolicy: "Do not ask users to paste credentials. Optional NVDAPIKEY and GITHUBTOKEN values may be present in the operator environment for rate limits, but their values must never be displayed, logged, or copied into prompts."
optional_env:

• NVDAPIKEY
• GITHUB_TOKEN

optional_bins: []
emoji: "\U0001F6E1"
homepage: https://github.com/msaad00/agent-bom
source: https://github.com/msaad00/agent-bom
license: Apache-2.0
os:

• darwin
• linux
• windows

credential_handling: "No cloud or source-control credentials are needed. Advisory API tokens stay in the operator environment and are used only by agent-bom's existing advisory clients; do not echo or persist token values."
data_flow: "Default package checks send package names, versions, ecosystems, PURLs, and CVE/advisory IDs to public advisory databases. Source code, raw config files, secrets, env values, and full scan reports are not sent to advisory providers. Use offline/cache-approved mode when private package names are sensitive."
file_reads:

• "operator-provided inventory JSON"
• "operator-provided CycloneDX/SPDX SBOM files"
• "local agent configuration paths only when the operator chooses a local scan"

file_writes:

• "operator-selected JSON/SARIF/report output path"

network_endpoints:

• url: "https://api.osv.dev/v1"

purpose: "OSV package vulnerability lookup"
auth: false

• url: "https://api.github.com/advisories"

purpose: "GitHub Security Advisories lookup; optional token only raises rate limits"
auth: false

• url: "https://services.nvd.nist.gov/rest/json/cves/2.0"

purpose: "NVD CVSS, CWE, and publication metadata enrichment"
auth: false

• url: "https://api.first.org/data/v1/epss"

purpose: "EPSS exploit probability enrichment"
auth: false

• url: "https://www.cisa.gov/sites/default/files/feeds/knownexploitedvulnerabilities.json"

purpose: "CISA Known Exploited Vulnerabilities enrichment"
auth: false
telemetry: false
persistence: false
privilege_escalation: false
always: false
autonomous_invocation: restricted

agent-bom-vulnerability-intel

Use this skill to answer vulnerability-intelligence questions through
agent-bom's existing scanners and canonical evidence model. Do not create
one-off OSV, GHSA, NVD, EPSS, or KEV clients in the agent session; route through
agent-bom so advisory provenance, aliases, severity gates, cache behavior,
redaction, and output schemas stay consistent.

Modes

Start with the smallest mode that answers the user:

| Mode | Use When | Data Boundary |
|------|----------|---------------|
| explain-only | User wants to know what would be queried | No advisory calls |
| check-package | User names one package/version/ecosystem | Only that package identifier is queried |
| scan-local | User wants findings from local agents or a local inventory file | Local parse first; advisory calls use package identifiers only |
| offline-review | Private package names cannot leave the environment | Use local/cache-approved data only; disclose reduced coverage |
| export | User wants PR gate, SARIF, JSON, or audit evidence | Write only to an operator-selected path |

Guardrails

• Ask before scanning a broad filesystem path or local agent configs.
• Do not paste or reveal NVD_API_KEY, GITHUB_TOKEN, package-registry

credentials, cloud credentials, or env values.

• Do not send full source files, lockfiles, config contents, secrets, or scan

reports to advisory providers. agent-bom extracts package identifiers first.

• Treat unknown or unresolvable versions as coverage gaps, not clean results.
• Preserve advisory provenance. Do not collapse OSV, GHSA, NVD, EPSS, and KEV

into a single unlabelled severity.

• Do not modify dependencies or install fixes unless the user explicitly asks

for a remediation workflow.

Workflows

Explain the Boundary

When the user asks "what leaves my environment?", answer before running:

This lookup sends package identifiers (name, version, ecosystem/PURL) and CVE
IDs to public advisory databases. It does not send source code, raw configs,
secrets, env values, credentials, or full scan reports. Use offline-review if
private package names are sensitive.

Check One Package

agent-bom check flask==2.0.0 --ecosystem pypi

Use this for quick triage and fix-version checks. If the package name belongs
to a private registry or internal project, use explain-only first and let the
operator decide whether the identifier may be queried externally.

Scan a Canonical Inventory

agent-bom agents --inventory inventory.json --format json --output findings.json

Use this after an operator-pull adapter or discovery skill emits canonical
inventory. The inventory can stop at the file boundary; scanning is an explicit
operator handoff.

Export for a PR Gate

agent-bom agents --inventory inventory.json --format sarif --output agent-bom.sarif

Use SARIF only when the user wants GitHub code-scanning or AppSec PR-gate
evidence. Keep JSON for local analysis and audit trails.

Offline Review

If external advisory calls are not allowed, run with the project's offline or
cache-approved mode and say clearly that coverage depends on the locally
available vulnerability database. Do not call a clean offline result equivalent
to a fresh OSV/GHSA/NVD lookup.

Output Rules

• Show CVE/GHSA/PYSEC aliases together when available.
• Include severity source, fix version, EPSS, KEV status, CWE, and advisory

source chain when present.

• Separate "no vulnerabilities found" from "not enough data to evaluate."
• Keep raw credentials and credential-bearing URLs out of output, logs, prompts,

SARIF locations, and exported reports.