Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

killvxk/building-vulnerability-exception-tracking-system

Name: building-vulnerability-exception-tracking-system
Author: killvxk

skills/building-vulnerability-exception-tracking-system/SKILL.md

npx skillsauth add killvxk/cybersecurity-skills-zh building-vulnerability-exception-tracking-system

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

构建漏洞例外跟踪系统

概述

漏洞例外跟踪系统管理无法在 SLA 时间线内完成修复的漏洞情况。它提供结构化的工作流用于申请例外、记录补偿控制、获取风险接受批准，并在有效期结束时自动使例外失效。这确保组织在符合 PCI DSS、SOC 2 和 NIST CSF 等框架的同时，保持对已接受风险的可见性。

前置条件

Python 3.9+，包含 flask、sqlalchemy、requests、jinja2
PostgreSQL 或 SQLite 数据库
用于审批通知的邮件/Slack 集成
漏洞管理平台 API（DefectDojo、Qualys、Tenable）

例外申请工作流

例外类别

| 类别 | 描述 | 最长有效期 | 审批级别 | |----------|------------|-------------|----------------| | 修复延迟 | 补丁可用但部署受阻 | 30 天 | 团队负责人 + 安全团队 | | 无可用修复 | 供应商尚未发布补丁 | 90 天 | 安全总监 | | 业务关键 | 系统修补将导致停机 | 60 天 | VP 工程 + CISO | | 误报 | 发现结果并非真实漏洞 | 永久 | 安全分析师 | | 补偿控制 | 已部署替代缓解措施 | 180 天 | 安全架构师 |

例外申请必填字段

exception_schema = {
    "cve_id": "CVE-2024-XXXX",
    "finding_id": "unique-finding-reference",
    "asset_hostname": "prod-db-01.corp.local",
    "severity": "high",
    "cvss_score": 8.1,
    "category": "remediation_delay",
    "justification": "数据库升级完成前无法应用补丁",
    "compensating_controls": [
        "已部署封锁利用模式的 WAF 规则",
        "网络分段仅允许受信任 VLAN 访问",
        "通过 Splunk 告警对利用指标进行增强监控"
    ],
    "requested_expiration": "2024-06-15",
    "requestor_email": "[email protected]",
    "approver_emails": ["[email protected]", "[email protected]"],
    "risk_rating": "medium",
}

数据库模式

CREATE TABLE vulnerability_exceptions (
    id SERIAL PRIMARY KEY,
    cve_id VARCHAR(20) NOT NULL,
    finding_id VARCHAR(100) NOT NULL,
    asset_hostname VARCHAR(255),
    severity VARCHAR(20),
    cvss_score DECIMAL(3,1),
    category VARCHAR(50) NOT NULL,
    justification TEXT NOT NULL,
    compensating_controls TEXT,
    status VARCHAR(20) DEFAULT 'pending',
    requested_by VARCHAR(255) NOT NULL,
    approved_by VARCHAR(255),
    requested_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
    approved_at TIMESTAMP,
    expires_at TIMESTAMP NOT NULL,
    expired BOOLEAN DEFAULT FALSE,
    risk_rating VARCHAR(20),
    review_notes TEXT,
    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
    updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);

CREATE TABLE exception_audit_log (
    id SERIAL PRIMARY KEY,
    exception_id INTEGER REFERENCES vulnerability_exceptions(id),
    action VARCHAR(50) NOT NULL,
    actor VARCHAR(255) NOT NULL,
    details TEXT,
    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);

CREATE INDEX idx_exception_status ON vulnerability_exceptions(status);
CREATE INDEX idx_exception_expires ON vulnerability_exceptions(expires_at);
CREATE INDEX idx_exception_cve ON vulnerability_exceptions(cve_id);

实施

例外申请 API

from flask import Flask, request, jsonify
from datetime import datetime, timezone
import json

app = Flask(__name__)

@app.route("/api/exceptions", methods=["POST"])
def create_exception():
    data = request.json
    required = ["cve_id", "finding_id", "category", "justification", "expires_at", "requestor_email"]
    for field in required:
        if field not in data:
            return jsonify({"error": f"缺少必填字段：{field}"}), 400

    # 验证到期时间未超过类别最长有效期
    max_days = {"remediation_delay": 30, "no_fix": 90, "business_critical": 60,
                "false_positive": 365, "compensating_control": 180}
    # 插入数据库并通知审批人
    return jsonify({"status": "pending", "id": "exc-12345"})

@app.route("/api/exceptions/<exc_id>/approve", methods=["POST"])
def approve_exception(exc_id):
    approver = request.json.get("approver_email")
    notes = request.json.get("notes", "")
    # 更新状态为已批准，记录审批人和时间戳
    return jsonify({"status": "approved"})

@app.route("/api/exceptions/<exc_id>/reject", methods=["POST"])
def reject_exception(exc_id):
    reviewer = request.json.get("reviewer_email")
    reason = request.json.get("reason")
    # 更新状态为已拒绝，记录审核人和拒绝原因
    return jsonify({"status": "rejected"})

到期检查器（每日定时任务）

# 每日检查已过期的例外
python3 scripts/process.py --check-expirations

# 生成每月例外报告
python3 scripts/process.py --report --output exception_report.json

补偿控制文档

每项例外的补偿控制必须覆盖以下方面：

检测：如何检测利用尝试？
预防：哪些屏障降低了被利用的可能性？
响应：已准备哪些事件响应流程？
监控：哪些持续监控确保控制措施仍然有效？

参考资料

NIST SP 800-53 Rev 5 - CA-7 持续监控
PCI DSS v4.0 补偿控制
CIS Controls v8 - 控制 7.7

killvxk/building-vulnerability-exception-tracking-system

skills/building-vulnerability-exception-tracking-system/SKILL.md

构建具有审批工作流、补偿控制文档和到期管理功能的漏洞例外与风险接受跟踪系统。

10 stars

development

Updated Apr 29, 2026

$ install --global

skillsauth

npx skillsauth add killvxk/cybersecurity-skills-zh building-vulnerability-exception-tracking-system

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 29, 2026, 8:06 AM318.2s7 files scanned

SKILL.md

name:: building-vulnerability-exception-tracking-system
description:: 构建具有审批工作流、补偿控制文档和到期管理功能的漏洞例外与风险接受跟踪系统。
domain:: cybersecurity
subdomain:: vulnerability-management
tags:: [vulnerability-exception, risk-acceptance, compensating-controls, exception-tracking, vulnerability-management, governance]
version:: 1.0
author:: mahipal
license:: Apache-2.0

构建漏洞例外跟踪系统

概述

前置条件

Python 3.9+，包含 flask、sqlalchemy、requests、jinja2
PostgreSQL 或 SQLite 数据库
用于审批通知的邮件/Slack 集成
漏洞管理平台 API（DefectDojo、Qualys、Tenable）

例外申请工作流

例外类别

例外申请必填字段

exception_schema = {
    "cve_id": "CVE-2024-XXXX",
    "finding_id": "unique-finding-reference",
    "asset_hostname": "prod-db-01.corp.local",
    "severity": "high",
    "cvss_score": 8.1,
    "category": "remediation_delay",
    "justification": "数据库升级完成前无法应用补丁",
    "compensating_controls": [
        "已部署封锁利用模式的 WAF 规则",
        "网络分段仅允许受信任 VLAN 访问",
        "通过 Splunk 告警对利用指标进行增强监控"
    ],
    "requested_expiration": "2024-06-15",
    "requestor_email": "[email protected]",
    "approver_emails": ["[email protected]", "[email protected]"],
    "risk_rating": "medium",
}

数据库模式

CREATE TABLE vulnerability_exceptions (
    id SERIAL PRIMARY KEY,
    cve_id VARCHAR(20) NOT NULL,
    finding_id VARCHAR(100) NOT NULL,
    asset_hostname VARCHAR(255),
    severity VARCHAR(20),
    cvss_score DECIMAL(3,1),
    category VARCHAR(50) NOT NULL,
    justification TEXT NOT NULL,
    compensating_controls TEXT,
    status VARCHAR(20) DEFAULT 'pending',
    requested_by VARCHAR(255) NOT NULL,
    approved_by VARCHAR(255),
    requested_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
    approved_at TIMESTAMP,
    expires_at TIMESTAMP NOT NULL,
    expired BOOLEAN DEFAULT FALSE,
    risk_rating VARCHAR(20),
    review_notes TEXT,
    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
    updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);

CREATE TABLE exception_audit_log (
    id SERIAL PRIMARY KEY,
    exception_id INTEGER REFERENCES vulnerability_exceptions(id),
    action VARCHAR(50) NOT NULL,
    actor VARCHAR(255) NOT NULL,
    details TEXT,
    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);

CREATE INDEX idx_exception_status ON vulnerability_exceptions(status);
CREATE INDEX idx_exception_expires ON vulnerability_exceptions(expires_at);
CREATE INDEX idx_exception_cve ON vulnerability_exceptions(cve_id);

实施

例外申请 API

from flask import Flask, request, jsonify
from datetime import datetime, timezone
import json

app = Flask(__name__)

@app.route("/api/exceptions", methods=["POST"])
def create_exception():
    data = request.json
    required = ["cve_id", "finding_id", "category", "justification", "expires_at", "requestor_email"]
    for field in required:
        if field not in data:
            return jsonify({"error": f"缺少必填字段：{field}"}), 400

    # 验证到期时间未超过类别最长有效期
    max_days = {"remediation_delay": 30, "no_fix": 90, "business_critical": 60,
                "false_positive": 365, "compensating_control": 180}
    # 插入数据库并通知审批人
    return jsonify({"status": "pending", "id": "exc-12345"})

@app.route("/api/exceptions/<exc_id>/approve", methods=["POST"])
def approve_exception(exc_id):
    approver = request.json.get("approver_email")
    notes = request.json.get("notes", "")
    # 更新状态为已批准，记录审批人和时间戳
    return jsonify({"status": "approved"})

@app.route("/api/exceptions/<exc_id>/reject", methods=["POST"])
def reject_exception(exc_id):
    reviewer = request.json.get("reviewer_email")
    reason = request.json.get("reason")
    # 更新状态为已拒绝，记录审核人和拒绝原因
    return jsonify({"status": "rejected"})

到期检查器（每日定时任务）

# 每日检查已过期的例外
python3 scripts/process.py --check-expirations

# 生成每月例外报告
python3 scripts/process.py --report --output exception_report.json

补偿控制文档

每项例外的补偿控制必须覆盖以下方面：

检测：如何检测利用尝试？
预防：哪些屏障降低了被利用的可能性？
响应：已准备哪些事件响应流程？
监控：哪些持续监控确保控制措施仍然有效？

参考资料

NIST SP 800-53 Rev 5 - CA-7 持续监控
PCI DSS v4.0 补偿控制
CIS Controls v8 - 控制 7.7

Related Skills

killvxk/conducting-social-engineering-penetration-test

testing

VerifiedTrustedCommunity

设计并执行社会工程学渗透测试，包括钓鱼、语音钓鱼、短信钓鱼和物理借口活动，以衡量人员安全韧性并识别培训差距。

10SKILL.mdUpdated Apr 29, 2026

killvxk/conducting-social-engineering-penetration-test

killvxk/conducting-post-incident-lessons-learned

testing

VerifiedTrustedCommunity

主持结构化的事件后审查，以识别根本原因、记录有效和无效的措施，并提出可操作的改进建议以提升未来的事件响应能力。

10SKILL.mdUpdated Apr 29, 2026

killvxk/conducting-post-incident-lessons-learned

killvxk/conducting-phishing-incident-response

testing

VerifiedTrustedCommunity

通过分析举报的邮件、提取指标、评估凭据受攻陷情况、在全组织范围隔离恶意邮件并修复受影响账号来响应网络钓鱼事件。涵盖邮件头分析、URL/附件沙箱检测和邮箱范围清除操作。适用于网络钓鱼响应、邮件事件、凭据钓鱼、鱼叉式网络钓鱼调查或钓鱼修复相关请求。

10SKILL.mdUpdated Apr 29, 2026

killvxk/conducting-phishing-incident-response

killvxk/conducting-pass-the-ticket-attack

tools

VerifiedTrustedCommunity

票据传递（Pass-the-Ticket，PtT）是一种横向移动技术，使用窃取的 Kerberos 票据（TGT 或 TGS）在不知道用户密码的情况下向服务进行认证。通过从已控制的主机内存中提取 Kerberos 票据，攻击者可以将这些票据注入自己的会话以模拟票据所有者。

10SKILL.mdUpdated Apr 29, 2026

killvxk/conducting-pass-the-ticket-attack

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/killvxk/cybersecurity-skills-zh.git

# Copy into Claude Code skills folder (global)
cp -r cybersecurity-skills-zh/skills/building-vulnerability-exception-tracking-system ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

killvxk/cybersecurity-skills-zh

10 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT