文件内容
SKILL.md
---
name: agent-bom-vulnerability-intel
description: >-
Use agent-bom to check package, SBOM, inventory, and agent dependency
exposure against OSV, GitHub Security Advisories, NVD, EPSS, and CISA KEV
with explicit data-boundary choices. Use when a user asks for CVE lookup,
advisory intelligence, exploitability context, fix versions, GHSA/OSV/NVD
enrichment, or package vulnerability triage.
version: 0.88.4
license: Apache-2.0
compatibility: >-
Requires Python 3.11+ and agent-bom installed from this repository or PyPI.
No credentials are required for basic public advisory lookups. Optional
NVD_API_KEY and GITHUB_TOKEN values only raise provider rate limits.
metadata:
author: msaad00
homepage: https://github.com/msaad00/agent-bom
source: https://github.com/msaad00/agent-bom
pypi: https://pypi.org/project/agent-bom/
openclaw:
requires:
bins:
- agent-bom
env: []
credentials: none
credential_policy: "Do not ask users to paste credentials. Optional NVD_API_KEY and GITHUB_TOKEN values may be present in the operator environment for rate limits, but their values must never be displayed, logged, or copied into prompts."
optional_env:
- NVD_API_KEY
- GITHUB_TOKEN
optional_bins: []
emoji: "\U0001F6E1"
homepage: https://github.com/msaad00/agent-bom
source: https://github.com/msaad00/agent-bom
license: Apache-2.0
os:
- darwin
- linux
- windows
credential_handling: "No cloud or source-control credentials are needed. Advisory API tokens stay in the operator environment and are used only by agent-bom's existing advisory clients; do not echo or persist token values."
data_flow: "Default package checks send package names, versions, ecosystems, PURLs, and CVE/advisory IDs to public advisory databases. Source code, raw config files, secrets, env values, and full scan reports are not sent to advisory providers. Use offline/cache-approved mode when private package names are sensitive."
file_reads:
- "operator-provided inventory JSON"
- "operator-provided CycloneDX/SPDX SBOM files"
- "local agent configuration paths only when the operator chooses a local scan"
file_writes:
- "operator-selected JSON/SARIF/report output path"
network_endpoints:
- url: "https://api.osv.dev/v1"
purpose: "OSV package vulnerability lookup"
auth: false
- url: "https://api.github.com/advisories"
purpose: "GitHub Security Advisories lookup; optional token only raises rate limits"
auth: false
- url: "https://services.nvd.nist.gov/rest/json/cves/2.0"
purpose: "NVD CVSS, CWE, and publication metadata enrichment"
auth: false
- url: "https://api.first.org/data/v1/epss"
purpose: "EPSS exploit probability enrichment"
auth: false
- url: "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"
purpose: "CISA Known Exploited Vulnerabilities enrichment"
auth: false
telemetry: false
persistence: false
privilege_escalation: false
always: false
autonomous_invocation: restricted
---
# agent-bom-vulnerability-intel
Use this skill to answer vulnerability-intelligence questions through
agent-bom's existing scanners and canonical evidence model. Do not create
one-off OSV, GHSA, NVD, EPSS, or KEV clients in the agent session; route through
agent-bom so advisory provenance, aliases, severity gates, cache behavior,
redaction, and output schemas stay consistent.
## Modes
Start with the smallest mode that answers the user:
| Mode | Use When | Data Boundary |
|------|----------|---------------|
| `explain-only` | User wants to know what would be queried | No advisory calls |
| `check-package` | User names one package/version/ecosystem | Only that package identifier is queried |
| `scan-local` | User wants findings from local agents or a local inventory file | Local parse first; advisory calls use package identifiers only |
| `offline-review` | Private package names cannot leave the environment | Use local/cache-approved data only; disclose reduced coverage |
| `export` | User wants PR gate, SARIF, JSON, or audit evidence | Write only to an operator-selected path |
## Guardrails
- Ask before scanning a broad filesystem path or local agent configs.
- Do not paste or reveal `NVD_API_KEY`, `GITHUB_TOKEN`, package-registry
credentials, cloud credentials, or env values.
- Do not send full source files, lockfiles, config contents, secrets, or scan
reports to advisory providers. agent-bom extracts package identifiers first.
- Treat unknown or unresolvable versions as coverage gaps, not clean results.
- Preserve advisory provenance. Do not collapse OSV, GHSA, NVD, EPSS, and KEV
into a single unlabelled severity.
- Do not modify dependencies or install fixes unless the user explicitly asks
for a remediation workflow.
## Workflows
### Explain the Boundary
When the user asks "what leaves my environment?", answer before running:
```text
This lookup sends package identifiers (name, version, ecosystem/PURL) and CVE
IDs to public advisory databases. It does not send source code, raw configs,
secrets, env values, credentials, or full scan reports. Use offline-review if
private package names are sensitive.
```
### Check One Package
```bash
agent-bom check flask==2.0.0 --ecosystem pypi
```
Use this for quick triage and fix-version checks. If the package name belongs
to a private registry or internal project, use `explain-only` first and let the
operator decide whether the identifier may be queried externally.
### Scan a Canonical Inventory
```bash
agent-bom agents --inventory inventory.json --format json --output findings.json
```
Use this after an operator-pull adapter or discovery skill emits canonical
inventory. The inventory can stop at the file boundary; scanning is an explicit
operator handoff.
### Export for a PR Gate
```bash
agent-bom agents --inventory inventory.json --format sarif --output agent-bom.sarif
```
Use SARIF only when the user wants GitHub code-scanning or AppSec PR-gate
evidence. Keep JSON for local analysis and audit trails.
### Offline Review
If external advisory calls are not allowed, run with the project's offline or
cache-approved mode and say clearly that coverage depends on the locally
available vulnerability database. Do not call a clean offline result equivalent
to a fresh OSV/GHSA/NVD lookup.
## Output Rules
- Show CVE/GHSA/PYSEC aliases together when available.
- Include severity source, fix version, EPSS, KEV status, CWE, and advisory
source chain when present.
- Separate "no vulnerabilities found" from "not enough data to evaluate."
- Keep raw credentials and credential-bearing URLs out of output, logs, prompts,
SARIF locations, and exported reports.