From compliance
Gather comprehensive vulnerability information from multiple authoritative sources with fallback strategies
How this skill is triggered — by the user, by Claude, or both
Slash command
/compliance:cve-intelligence-gatheringThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Systematically collects CVE vulnerability details from multiple authoritative sources, handles search failures, and compiles a comprehensive vulnerability profile for analysis.
Systematically collects CVE vulnerability details from multiple authoritative sources, handles search failures, and compiles a comprehensive vulnerability profile for analysis.
Use this skill when:
web_search tool access# Regex pattern for CVE ID
CVE_PATTERN="^CVE-[0-9]{4}-[0-9]{4,}$"
# Validate format
if [[ "$CVE_ID" =~ $CVE_PATTERN ]]; then
echo "Valid CVE format"
else
echo "ERROR: Invalid CVE format. Expected: CVE-YYYY-NNNNN"
exit 1
fi
Extract components:
YYYY from CVE-YYYY-NNNNNNNNNN from CVE-YYYY-NNNNNDecision Point:
National Vulnerability Database (NVD)
Search query: "CVE-{ID} site:nvd.nist.gov"
Example: "CVE-YYYY-NNNNN site:nvd.nist.gov"
Extract from results:
MITRE CVE Database
Search query: "CVE-{ID} site:cve.mitre.org"
Example: "CVE-YYYY-NNNNN site:cve.mitre.org"
Extract from results:
Error Handling:
Go Vulnerability Database
Search queries:
1. "CVE-{ID} golang vulnerability"
2. "CVE-{ID} site:github.com/golang/vulndb"
3. "CVE-{ID} site:go.dev/security"
Extract from results:
<package-path>)< <version>)<version>)GitHub Security Advisories (GHSA)
Search queries:
1. "CVE-{ID} golang GHSA"
2. "CVE-{ID} site:github.com/advisories"
Look for:
GHSA-xxxx-xxxx-xxxx)Decision Point:
Security Advisories
Search queries:
1. "CVE-{ID} security advisory"
2. "CVE-{ID} golang fix"
3. "CVE-{ID} patch"
Look for:
Community Discussions
Search queries:
1. "CVE-{ID} golang github issue"
2. "CVE-{ID} golang discussion"
Check for:
Proof of Concept / Exploits (for context only)
Search query: "CVE-{ID} exploit poc"
Note: Only use for understanding attack vectors, not for testing
If CVE is Very New (e.g., published recently)
Search alternative queries:
1. "CVE-{ID} disclosure"
2. "CVE-{ID} advisory {YEAR}"
3. "{PACKAGE_NAME} vulnerability {YEAR}"
If Web Searches Return No Results
Try alternative strategies:
Search by package name (if known from context):
Search: "{package-name} vulnerability {year}"
Example: "<package-name> vulnerability <year>"
Search for GHSA aliases:
Search: "GHSA-{pattern} golang"
Check package repository directly:
Search: "site:github.com/{org}/{repo} security"
Decision Point:
If automated searches fail, prompt user:
❌ Unable to fetch details for {CVE-ID} from online sources.
Attempted searches:
- NVD: No results
- MITRE: No results
- Go vulnerability database: No results
- GitHub Security Advisories: No results
Please provide any information you have about this CVE:
1. CVE Description:
[What vulnerability does this CVE describe?]
2. Affected Go Packages/Modules:
[e.g., <package-path>, github.com/<org>/<repo>]
3. Vulnerable Version Range:
[e.g., all versions before <version>, or versions <version-range>]
4. Fixed Version (if known):
[e.g., <version> or later]
5. Severity (if known):
[CRITICAL/HIGH/MEDIUM/LOW or CVSS score]
6. References (if any):
[Links to security advisories, GitHub issues, etc.]
You can provide partial information. Analysis will proceed with whatever details are available.
Would you like to provide CVE details? (yes/no)
User Response Handling:
Create structured summary with all gathered information:
{
"cve_id": "CVE-YYYY-NNNNN",
"aliases": ["GHSA-xxxx-xxxx-xxxx"],
"severity": {
"rating": "<CRITICAL|HIGH|MEDIUM|LOW>",
"cvss_score": "<score>",
"cvss_vector": "<CVSS vector string>"
},
"affected_packages": [
{
"name": "<package-name>",
"vulnerable_versions": "<version-range>",
"fixed_version": "<fixed-version>",
"vulnerable_functions": ["<function1>", "<function2>"]
}
],
"vulnerability_type": "<vulnerability-type>",
"cwe_id": "CWE-<number>",
"attack_vector": "<attack-vector>",
"description": "<vulnerability description>",
"impact": {
"confidentiality": "<NONE|LOW|HIGH>",
"integrity": "<NONE|LOW|HIGH>",
"availability": "<NONE|LOW|HIGH>"
},
"remediation": {
"fix_available": true,
"recommended_action": "<remediation guidance>",
"workarounds": []
},
"information_sources": [
{
"type": "NVD",
"verified": true,
"url": "https://nvd.nist.gov/vuln/detail/CVE-YYYY-NNNNN"
},
{
"type": "GitHub Security Advisory",
"verified": true,
"url": "https://github.com/advisories/GHSA-xxxx-xxxx-xxxx"
}
],
"information_completeness": "COMPLETE",
"data_quality": "HIGH",
"gaps": []
}
Mark Information Sources:
Assess Information Completeness:
Identify Gaps:
"gaps": [
"CVSS score not available",
"Fixed version not confirmed",
"Vulnerable functions not identified"
]
Assess if CVE is Go-related:
Strong Indicators (HIGH confidence):
Weak Indicators (MEDIUM confidence):
Not Go-related (Exit early):
Decision Point:
Return structured data to parent command:
{
"skill": "cve-intelligence-gathering",
"status": "success",
"cve_profile": {
"cve_id": "CVE-YYYY-NNNNN",
"severity": "<CRITICAL|HIGH|MEDIUM|LOW>",
"cvss_score": "<score>",
"affected_packages": [...],
"fixed_versions": [...],
"description": "...",
"references": [...]
},
"information_quality": {
"completeness": "<COMPLETE|MOSTLY_COMPLETE|PARTIAL|MINIMAL>",
"sources": ["<source1>", "<source2>", ...],
"user_provided": "<true|false>",
"gaps": []
},
"go_relevance": {
"is_go_related": "<true|false>",
"confidence": "<HIGH|MEDIUM|LOW>",
"reasoning": "<explanation>"
}
}
Error: Invalid CVE identifier format
Expected: CVE-YYYY-NNNNN
Received: {user-input}
Action: Return error, do not proceed
Warning: CVE-{ID} not found in any database
Possible reasons:
- CVE is very new (not yet published)
- CVE ID is incorrect
- CVE was disputed/rejected
- Private disclosure not yet public
Action: Request user input or exit
Info: CVE-{ID} does not appear to affect Go
Affected platforms: {list}
Action: Return NOT_APPLICABLE verdict early
Step 1: Validate
✓ CVE-YYYY-NNNNN - Valid format
Step 2: Primary Sources
✓ NVD: Found - CVSS <score>, Severity: <severity>
✓ MITRE: Found - CWE-<number>, References available
Step 3: Go-Specific Sources
✓ Go vulndb: Found - <package-name>
✓ GHSA: Found - GHSA-xxxx-xxxx-xxxx
- Affected: <package-name> <version-range>
- Fixed: <fixed-version>
- Vulnerable functions: <function1>, <function2>
Step 4: Remediation Intelligence
✓ GitHub Advisory: Update to <fixed-version>
✓ Release notes: <release-notes-url>
✓ Fix commit: <commit-url>
Step 5: Not needed - sufficient data
Step 6: Not needed - sufficient data
Step 7: Compile Profile
✓ All fields populated
✓ Information completeness: COMPLETE
✓ Data quality: HIGH
✓ No gaps identified
Step 8: Go Relevance
✓ Is Go-related: YES
✓ Confidence: HIGH
✓ Package: <package-name>
Result: Complete vulnerability profile ready for Phase 2 analysis
This skill is called from Phase 1 of the /compliance:analyze-cve command.
Input from parent:
Output to parent:
Decision Flow:
IF status = "error" → Exit command
IF go_relevance.is_go_related = false → Generate "Not Applicable" report, exit
IF information_quality.completeness = "MINIMAL" AND user_declined → Exit command
OTHERWISE → Proceed to Phase 2 with profile
npx claudepluginhub bradmwilliams/ai-helpers --plugin compliance10plugins reuse this skill
First indexed Jul 11, 2026
Showing the 6 earliest of 10 plugins
Creates structured, bite-sized implementation plans from specs or requirements before writing code. Useful for breaking down multi-step tasks into testable steps with file structure and task boundaries.