fusengine/cve-research
plugins/security-expert/skills/cve-research/SKILL.md
Research CVEs and security advisories for project dependencies. Uses Exa, NVD API, OSV.dev, and GitHub Advisory Database to find known vulnerabilities.
$ install --global
skillsauthnpx skillsauth add fusengine/agents cve-researchInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 4, 2026, 11:44 PM76.0s3 files scanned
SKILL.md
- name:
- cve-research
- description:
- Research CVEs and security advisories for project dependencies. Uses Exa, NVD API, OSV.dev, and GitHub Advisory Database to find known vulnerabilities.
- argument-hint:
- <package-name> [version]
- user-invocable:
- true
CVE Research Skill
Overview
Research known vulnerabilities for project dependencies using multiple sources.
Data Sources
| Source | API | Coverage | |--------|-----|----------| | NVD | nvd.nist.gov/vuln/api | All CVEs | | OSV.dev | api.osv.dev | npm, PyPI, Go, crates, Maven | | GitHub Advisory | github.com/advisories | npm, pip, composer, cargo | | Exa Search | Via MCP | Real-time web search |
Workflow
- Extract dependencies from project (package.json, etc.)
- Query each source for known CVEs
- Cross-reference findings across sources
- Prioritize by CVSS score and exploitability
- Report with fix versions and workarounds
Query Strategy
For each dependency:
- Search OSV.dev first (fastest, most accurate for packages)
- Cross-check NVD for CVSS scoring
- Use Exa for recent advisories not yet in databases
- Check GitHub Advisory for maintainer responses
Severity Mapping
| CVSS Score | Severity | Action | |------------|----------|--------| | 9.0 - 10.0 | CRITICAL | Fix immediately | | 7.0 - 8.9 | HIGH | Fix before merge | | 4.0 - 6.9 | MEDIUM | Plan fix | | 0.1 - 3.9 | LOW | Document |
References
- CVE APIs Reference
- Query Templates
Related Skills
fusengine/seo-entity
development
VerifiedTrustedCommunity
Use when optimizing entity-based / semantic SEO 2026. Covers entity maps, Google Knowledge Graph resolution, salience scoring, passage-level ranking, about/sameAs/knowsAbout schema, Cloud Natural Language API validation.
13SKILL.mdUpdated Jun 4, 2026
fusengine/seo
development
VerifiedTrustedCommunity
Use when running SEO, GEO, schema, Core Web Vitals, sitemap, hreflang, E-E-A-T, AI Overviews, technical SEO, or structured data tasks. Covers full-site audits, single-page analysis, schema markup, content quality, AI search optimization, local SEO, sitemap/robots, internal linking, semantic clustering, and search experience.
13SKILL.mdUpdated May 17, 2026
fusengine/seo-sxo
development
VerifiedTrustedCommunity
Use when optimizing search experience (SXO). Covers intent matching, user personas, user stories, page-type analysis, dwell time, scroll depth, pogo-sticking prevention.
13SKILL.mdUpdated May 17, 2026
fusengine/seo-local
development
VerifiedTrustedCommunity
Use when optimizing local SEO. Covers Google Business Profile, NAP consistency, citations, reviews acquisition, Local Pack ranking, location pages, LocalBusiness schema.
13SKILL.mdUpdated May 17, 2026