amir-yogev-gh/cve-fix
cve-fix/SKILL.md
Automated CVE remediation that reads vulnerability details from a Jira ticket, applies multi-strategy dependency fixes, validates results, and creates pull requests with full justification. Language-agnostic: supports Go, Node.js, Python, Java, Rust, Ruby. Use when patching CVEs, updating vulnerable dependencies, or responding to Jira vulnerability tickets. Activated by commands: /start, /scan, /patch, /validate, /pr, /backport, /close.
development
Updated Jun 1, 2026
$ install --global
skillsauthnpx skillsauth add amir-yogev-gh/ai-workflows cve-fixInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 1, 2026, 2:13 AM387.0s22 files scanned
SKILL.md
- name:
- cve-fix
- description:
- >-
- requests with full justification. Language-agnostic:
- supports Go, Node.js,
- Activated by commands:
- /start, /scan, /patch, /validate, /pr, /backport, /close.
CVE Fix Workflow Orchestrator
Quick Start
- If the user invoked a specific command (e.g.
/patch,/pr), readcommands/{command}.mdand follow it. - Otherwise, read
skills/controller.mdto load the workflow controller and begin with/start.
If a step fails or produces unexpected output, stop and report the error to the user. Do not advance to the next phase. Offer to retry the failed step or escalate.
For principles, hard limits, safety, and escalation rules, see guidelines.md.
Related Skills
amir-yogev-gh/sizing
development
VerifiedTrustedCommunity
Pre-cycle Feature sizing workflow that assesses Features from Jira using T-shirt sizes (XS–XXL), produces per-team effort breakdowns (DEV, QE, UX, UI, DOCS), and writes results back to Jira. Accepts a single Feature or all Features in a Fix Version for batch sizing. Use when sizing Features for cycle planning, prioritizing a release backlog, or evaluating whether a Feature fits in a cycle. Activated by commands: /ingest, /assess, /apply.
SKILL.mdUpdated Jun 1, 2026
amir-yogev-gh/code-review
development
VerifiedTrustedCommunity
AI-driven code review workflow that reviews uncommitted changes using a discoverable reviewer profile, presents findings for human decision, and iterates until approved. Supports --unattended for automated iteration. Use when reviewing code before commit or PR. Activated by commands: /start, /continue, /clean.
SKILL.mdUpdated Apr 29, 2026
amir-yogev-gh/triage
development
VerifiedTrustedCommunity
Bulk-triage unresolved Jira bugs with AI-driven recommendations and an interactive HTML report. Scan also loads recently resolved bugs for regression matching in analyze. Use when triaging a project backlog, prioritizing bug fixes, identifying candidates for automated fixing, or reviewing stale issues. For one bug in depth (no artifacts), use /assess. Activated by commands: /run, /start, /scan, /analyze, /report, and /assess.
SKILL.mdUpdated Apr 25, 2026
amir-yogev-gh/skill-reviewer
testing
VerifiedTrustedCommunity
Deep review of an AI skill directory. Critically evaluates structure, clarity, completeness, and consistency of SKILL.md, skills/*.md, commands/*.md, and guidelines.md. Use when reviewing, auditing, or validating an AI workflow skill. Activated by commands: /review.
SKILL.mdUpdated Apr 25, 2026